Hello, I have a problem with my game, when I try to download a zip file it points to a virus, to be more precise to Trojan:Script/Wacatac.B!ml, one user also reported a problem, the files are guaranteed not to contain any viruses, and VirusTotal also does not find anything, can I somehow fix this situation? The file is marked as a virus by both Chrome and Windows.
I uploaded a project about 3 hours ago with the same problem. I just got a comment that said they downloaded the zip file and windows flagged it as containing a virus. But like you, Windows defender doesn't detect anything after a scan and it's clean on virus total, too.
However, nothing happens when I download it. I tried downloading your game too and I don't get a warning. I saw another comment section (forget which game it was, but it was a recent one from today) that suspected it might be a windows 11 false positive? I'm still running win10, so if that's true that it explains the discrepancy, but not why it's happening. Are you running win11? It would be nice to know where the error is coming from, even if we don't know why.
Yes, Windows 11, it looks like the problem is on Microsoft's side, I sent a request here > https://www.microsoft.com/en-us/wdsi/filesubmission/, maybe it will help.
Thanks for the reply. I had a look at my history and Project Nightcall is the game I saw earlier with the same reports. I had a look at their comments (sorry for stalking you, game dev) and it looks like the problem started about 4 days ago. I downloaded that too and found no issues. Like you said, seems to be a win11 issue, but in case it isn't hopefully this info will be useful for fixing it. It's very frustrating to upload a new game and your first comment is a virus report...
The same was happening to me for a couple of hours earlier in the day, and only exclusively with the downloadable version of my game, the zip file before uploading it was fine and windows defender wouldn't flag it, but if it was downloaded from itch, it would get flagged as the exact same trojan you described.
It no longer does that, I changed my password, 2fa and all that jazz just in case the download was getting hijacked somehow, no idea how something like that can happen, but its solved now. If is still happening to you, take down the download, and change your password and stuff.
As mentioned, software usually needs to get signed to get a "stamp of approval". In short, this means you pay money and the signature certifies that the software is not malware of any sort. This signature may no longer work if the software (.exe) is changed or replaced, and of course it is also not a 100% guarantee that the developer of the software has not implemented anything at all that could be seen as malicious by a user. But that's how it usually goes, software signed, okay, software not signed, not trustworthy.
The situation you describe is the following: If you start something from your own pc that you have had on there and created, your system by default knows that it is your stuff and treats it differently. As soon as you download something from the web however, even if it is the same unchanged thing that already was on your pc before, it is seen as unknown by your system. So either windows itself or even your antivirus (depending on different things and how it flags it), will react to it. Sometimes it will only warn you if you really want to execute it, sometimes the smart filter of windows defender will run. and sometimes your additional antivirus will even warn you from running it in some degree (depending on how much of a threat it things it is). And to avoid this, you would need to sign it.
There are workarounds for this: If you use some editors to make your games, they can already have a signed executable. So as long as that executable is not changed in the process of creating your game, you may not get any excessive warnings (except for the usual admin control confirmation) because the executable is already known to antivirus software (if it is known enough). This makes sense, because the executable is known as save, and you have not changed it. If you change it in some way, you are back to untrusted however. And it also may not be a 100% case anyway, because potentially your game could contain other files that could be non-trustworthy anyway. It's all a question of how much your antivirus reacts to things, and executables are usually reason for a reasonably heavy reaction.
As others have said, this is therefore kind of common. At least if you look for games on platforms like itch, where everyone can upload what they created, the chance for your system being cautious about your downloads is to be expected. That means you have to decide on your own risk if you think the game/software is trustworthy or not. There is of course plenty of actual malware on the web, and as has mentioned in other topics also on itch.io, so you always have to be careful and use your common sense to check what is offered, if it is the real deal and if it makes sense to try to download and run it.
Also, yes your software *could* get manipulated while getting transferred to the platform or back, but it is usually not that easy. Because usually, either your system, your network, or the platform (itch.io) need to be vulnarable for hackers to get onto the data. You can check your system with your antivirus to make sure that it shouldn't be affected by any malware, your network should usually be secure unless you either gave away your security info or live next to a pro hacker, and itch.io from what I know is seen as secure in that regard. So malware downloads do exist, but only if you already uploaded them like that or the download on itch.io you want to access has been compromised before upload already as well. The last option is that your account has been hacked, then a hacker can of course download and upload from your projects whatever they like. But again, you either have to give away your security info for that or have to be affected by some sort of virus / hack / malicious website or download beforehand, otherwise it shouldn't be likely for your account to be compromised.
Thank you for such a large and detailed answer! Microsoft support reported that the file is clean, but I noticed something strange: the antivirus does not trigger on the .exe file itself or the game files, but on the .zip (which was compressed by the built-in functions of Windows 11). Judging by the fact that the problem is observed on Windows 11, this may be a bug in the antivirus.
The file is marked as a virus by both Chrome and Windows
That sounds strange. That one time Chrome warned me about a virus, it was a virus.
That being said, the usual warning users get is that the file was downloaded from the internet. And was not "signed".
The funny part is, that having a signed exe is actually a bad sign for a game downloaded on Itch (one does not sign a ever changing exe for a hobby project or even as a small time developer). That one time I found such a thing, it was a virus with a faked signage. Yes, it was faked, that system is compromised. As I understand they hacked or faked a company in that signage-system.
Godot is infamous for triggering false positives. But that the threat was named specifically is concerning. Although it seems kinda a generic name for a downloader and data stealer family of malware that might get false positives because of that.
Thanks for the reply, it looks like Chrome doesn't detect the file as a virus, it downloads the file completely and only then after the Windows Defender trigger it is marked as a virus. I looked into the problem more deeply and it looks like the problem is in the .zip files, for some reason they are sometimes marked as a virus, maybe should try changing the file compression type.
That one time it happened to me, Chrome screamed at my at the time of downloading. I knew it was a virus, I just wanted to see what it looks like on virustotal. Was an obvious one and uploaded to Itch. So I was curious, why Itch's scanners did not detect it. It turned out to be even more ridiculous since even Chrome screamed at me. Or maybe it was the Defender. It was not distinguishable for me at that time.
If it is actual zip files, that is strange. Maybe compressing Godot files makes them look suspicous. Godot packed exe often trigger. They do clever things inside that. Zipping it again might be seen as a circumvention method.
