itch.io Community » itch.io » Questions & Support

This game contains a trojan and a virus - Almost ruined my PC

A topic by obscured created Nov 03, 2020 Views: 11,787 Replies: 7

Viewing posts 1 to 8

obscured3 years ago(+4)

Hello, i ve been downloading games from itch.io for quite some time.

However, this is the very first time I had a trojan + virus downloaded and it is from the main executable of this game:

https://pattystudio.itch.io/the-hollows

Virus: Win32.Neshta.a

Trojan: Trojan.Win32.Bazon.a + Trojan.MSIL.Injects.gen

All discovered by Kasperksy.

Avoid this game at all costs and I hope it gets deleted and the author banned.

Like Reply

leafoPinned ReplyAdmin3 years ago (5 edits) (+4)

Hey, an update to my previous post: I’ve suspended this account. Thanks for bringing it to our attention.

On closer inspection I see that they are using a password protected RAR file.

My recommendation: Do not download anything that comes as a password protected archive (typically RAR). We’ve seen a new malicious uploader who is using this approach to try to prevent our automated virus scanner from identifying their projects.

If you come across a page that has a download for a game as a password protected RAR file, and includes the archive password on the page’s description, do not download it and report it.

In the future we will outright ban all password protected archive files. There is no reason to provide something like that as itch.io has access control built in.

Thanks

Like Reply

No Time To PlayModerator3 years ago(+3)

Please report the game in question, using the report link at the bottom of the page, so that our support team can look into it. They're probably too busy to watch the community forum. Thank you.

Like Reply

Evolutionary Games3 years ago(+2)

Right now there's a problem with anti-virus software flagging games - and I've had games flagged from reputable companies that wouldn't have a virus in their games in a million years - it's just that the anti-virus software seems to be fighting against game developers so you have this:

Because I allow you to save your name - I have to record your typing in the name - now it's flagged as a key logger.
Because I allow you volume control - now it's flagged as something that is going to interfere with your system.

The list goes on...

The better response would be to ask the person to submit their game to Kaspersky so that they can whitelist it, so that users won't have that problem again.

(Not saying there is or isn't a virus there - just giving them the benefit of the doubt here because there's a lot of false positives out there right now.)

Like Reply

obscured3 years ago(+1)

I have to agree with you and I have encountered several false positives in the past.

However in this case, the viruses and trojans were very specific and not generic ones.

Also, once running the executable, it tried creating several .exes and .dlls in system folders.

I have the full antivirus report in case anybody needs it

Like Reply

leafoAdmin3 years ago(+2)

I suggest running the game through VirusTotal to get a better picture. There often are a lot of virus scanners that produce false positives. VirusTotal will use a large number of scanners against the same file and can give you a more conclusive result than one program saying “this may have a virus”

Like Reply

obscured3 years ago(+1)

For some reason VirusTotal upload of the main executable keeps failing. On other upload websites as well.

Could someone else try it?

For the record this is my antivirus report:

Like Reply

leafoAdmin moved this topic to Questions & Support 3 years ago

Wechenbetelly3 years ago(+1)

Thank you, for not only bringing this to the community’s attention but also providing a plethora of information, obscured. You are the best! :)

Also thanks to leafo, for reacting in such a timely fashion, even with so many other things going on.

Like Reply

This topic has been auto-archived and can no longer be posted in because there haven't been any posts in a while.