Full Games List
Featured Games
New Games
Reviews
Media
Images
Blogs
Game Updates
Images Feedback Summary
Game Design Highlights
Tutorials
Articles
Scripts
Utilities / Plugins
Resources
Engines
Engine Bulletins
What is Makerscore?
Past Events
Achievements
Misaos
Forums
Post History
Chat
New to RMN?
Full Store List
RMN Music Pack (free)
MALWARE REPORT
Posts
Pages:
1
tenchimuyo69
View playlists
CloseRe-locating my forum post according the advice of another user:
http://rpgmaker.net/forums/topics/13411/
I recently downloaded a zip file (from a site linked to here)
edit:
This a navigation string that got me there.
http://rpgmaker.net/games/2205/
http://udivision.blogspot.com/2010/06/download-page-super-mario-rpg-starlite.html
http://www.sendspace.com/file/gh3ezr
and instead of getting a game, there was no playable file, tons of fake virus scanners and a flood of installation programs unrelated to any game. And all personal anti-virus programs went insane on me.
edit: the viruses were not very covert and instantly started invading my screen.
The following programs detected them:
Mcafee : In real time (I kept allowing it because I just figured mcafee was misidentifying the game as a virus)
After the scanners started invading, I ran a scan with mcafee,and Spybot and they both found several dangerous items. A Malwarebytes scan is currently underway. (I hope it finds something so I can get a log... my mcafee will only log the number of threats... but not what they are.
I cleaned most of what spybot found except for this... because spybot can't get rid of it. I'm kind of screwed unless malwarebytes can get it.
Barowwsoe2save
I don't think the uploader intended to spread malware, so much as the file sharing program he was using (Sendspace) replaced the legitimate file with a virus. Or is using the name of his game to spread viruses to people who are not paying attention. (me)
I think the file was an executable file pretending to be a zip. named "Super Mario RPG The Starlite Worlds.zip" but with a possible .exe file extension that I failed to notice.
High priority problem. Obviously I am stuck with a virus that can't be cleaned by 2 up to date malware cleaners. (I will post again when Malewarebytes is done scanning.)
http://rpgmaker.net/forums/topics/13411/
I recently downloaded a zip file (from a site linked to here)
edit:
This a navigation string that got me there.
http://rpgmaker.net/games/2205/
http://udivision.blogspot.com/2010/06/download-page-super-mario-rpg-starlite.html
http://www.sendspace.com/file/gh3ezr
and instead of getting a game, there was no playable file, tons of fake virus scanners and a flood of installation programs unrelated to any game. And all personal anti-virus programs went insane on me.
edit: the viruses were not very covert and instantly started invading my screen.
The following programs detected them:
Mcafee : In real time (I kept allowing it because I just figured mcafee was misidentifying the game as a virus)
After the scanners started invading, I ran a scan with mcafee,and Spybot and they both found several dangerous items. A Malwarebytes scan is currently underway. (I hope it finds something so I can get a log... my mcafee will only log the number of threats... but not what they are.
I cleaned most of what spybot found except for this... because spybot can't get rid of it. I'm kind of screwed unless malwarebytes can get it.
Barowwsoe2save
I don't think the uploader intended to spread malware, so much as the file sharing program he was using (Sendspace) replaced the legitimate file with a virus. Or is using the name of his game to spread viruses to people who are not paying attention. (me)
I think the file was an executable file pretending to be a zip. named "Super Mario RPG The Starlite Worlds.zip" but with a possible .exe file extension that I failed to notice.
High priority problem. Obviously I am stuck with a virus that can't be cleaned by 2 up to date malware cleaners. (I will post again when Malewarebytes is done scanning.)
TheNecromancer
3160
you didn't need to create a new topic. a mod would have just moved your first topic. now there's 2 topics for the same thing :p
but your question from the other topic is that you should inform every party involved as well as the public. in this case it would be the owner of the game and both sites that are hosting link/files.
you've informed RMN admins and users, so contact Sendspce. also send a PM to udivision and tell him his site - udivision.blogspot - led you to a nasty file.
i went to download one of his games before and it led me to one of those download sites with tons of blinking ads and false download buttons. i generally don't trust those sites at all and avoid downloading. his game can be hosted safely on RMN or other places.
but your question from the other topic is that you should inform every party involved as well as the public. in this case it would be the owner of the game and both sites that are hosting link/files.
you've informed RMN admins and users, so contact Sendspce. also send a PM to udivision and tell him his site - udivision.blogspot - led you to a nasty file.
i went to download one of his games before and it led me to one of those download sites with tons of blinking ads and false download buttons. i generally don't trust those sites at all and avoid downloading. his game can be hosted safely on RMN or other places.
Generated 2 forum posts here
Generated post on the game's page here.
Sent a PM to the game's developer here.
Generated a post on the game developer's website.
Created a TOS abuse report to Sendspace reporting either the uploader is using their site to spread viruses to downloaders or sendspace is exploiting the uploader and downloaders to spread its own viruses
I was not quite keen on giving them my email address but its too late now.
The game page has a youtube link as well... I'll be posting on that later.
I will make myself heard.
Over 17 entries of Win32downloader.gen popped up on spybot. Just an additional warning.
Malwarebytes is still scanning.
Generated post on the game's page here.
Sent a PM to the game's developer here.
Generated a post on the game developer's website.
Created a TOS abuse report to Sendspace reporting either the uploader is using their site to spread viruses to downloaders or sendspace is exploiting the uploader and downloaders to spread its own viruses
I was not quite keen on giving them my email address but its too late now.
The game page has a youtube link as well... I'll be posting on that later.
I will make myself heard.
Over 17 entries of Win32downloader.gen popped up on spybot. Just an additional warning.
Malwarebytes is still scanning.
I downloaded the file. Scanned it with AVG.
No threats found.
It's not the file. It's not Sendspace. It's not udivision's blog. It's not RMN.
It's you and your PC with the virus.
No threats found.
It's not the file. It's not Sendspace. It's not udivision's blog. It's not RMN.
It's you and your PC with the virus.
TheNecromancer
3160
oh, i suppose all that reporting assumes that it's proven to be a threat. it seems like maybe you were infected with something before you downloaded the file.
I checked the sendspace download page. Didn't get the blinking ads because luckily I'm using Firefox with an AdBlock Plus add-on that prevents them. Pressed the
"Click here to start download from sendspace" buttom and got the 208 Mb prompt to down the file. That leads me to conclude that should be the correct file as kentona can confirm. Usually, unless the website tells you get a downloader (download.cnet.com is an example) and when you get a relatively small file (less than 1Mb) smaller in size than the file you want to download, you should be suspicious and desist!
Conclusion: I suspect that tm69 must have pressed one of these blinking ads (or another fake link visible on the page) downloading a file that caused the detections by the different programs. The problem got compounded if the file was executed.
"Click here to start download from sendspace" buttom and got the 208 Mb prompt to down the file. That leads me to conclude that should be the correct file as kentona can confirm. Usually, unless the website tells you get a downloader (download.cnet.com is an example) and when you get a relatively small file (less than 1Mb) smaller in size than the file you want to download, you should be suspicious and desist!
Conclusion: I suspect that tm69 must have pressed one of these blinking ads (or another fake link visible on the page) downloading a file that caused the detections by the different programs. The problem got compounded if the file was executed.
Allow me to include the part where the file I downloaded did not actually have a game.
But it had the same name as the game?
Link and edchuy nailed it on the head with the fake download button theory.
There are NO blinking ads that I can see... but there are over 6 buttons that say "DOWNLOAD" and most of them generate malware files with the EXACT same name as the game. This is the problem. The fact that they had the same name.
I still find this worth reporting. But it is certainly avoidable. My PC is getting close to clean by now and it won't be a problem for me much longer.
I am 100% certain that the viruses I got were not present before I unzipped that file. 100%
In any case, I am glad you all responded with advice and information. Almost all helpful in some way.
Thank you all.
But it had the same name as the game?
Link and edchuy nailed it on the head with the fake download button theory.
There are NO blinking ads that I can see... but there are over 6 buttons that say "DOWNLOAD" and most of them generate malware files with the EXACT same name as the game. This is the problem. The fact that they had the same name.
I still find this worth reporting. But it is certainly avoidable. My PC is getting close to clean by now and it won't be a problem for me much longer.
I am 100% certain that the viruses I got were not present before I unzipped that file. 100%
In any case, I am glad you all responded with advice and information. Almost all helpful in some way.
Thank you all.
The strange thing, I admit, is that RMN shows 1686 downloads and I don't think anybody reported such a problem before. You'd think somebody would've had an issue by now, assuming that the download has been the same one for almost 3 years.
TheNecromancer
3160
author=edchuy
RMN shows 1686 downloads
that's how many times that button was clicked on in rmn. it links to an external page that takes several more clicks to reach the file. like my case, i clicked the rmn download button but cancelled the transaction when i realized how flaky the rest of it was xD so that number is inaccurate. plus if it did happen to other people they might not even realize it or bother reporting.
Most of them might be used to Sendspace.
I've had to play the "guess which download button is the real one" game with more than one file share service. I just ignore them if I can't guess.
But since I've downloaded a game from this dev before, I was not expecting a problem.
Also, I am not sure the big download button is reliable anyway. It kept giving me "download limit reached" errors even though it doesn't actually link to a downloadable file or installation.
Yet the smaller "download" button below it still worked in spite of the limit. A lot of those 1686 could just be people clicking the link.
I've had to play the "guess which download button is the real one" game with more than one file share service. I just ignore them if I can't guess.
But since I've downloaded a game from this dev before, I was not expecting a problem.
Also, I am not sure the big download button is reliable anyway. It kept giving me "download limit reached" errors even though it doesn't actually link to a downloadable file or installation.
Yet the smaller "download" button below it still worked in spite of the limit. A lot of those 1686 could just be people clicking the link.
TheNecromancer
3160
author=tenchimuyo69
It kept giving me "download limit reached" errors even though it doesn't actually link to a downloadable file or installation.
Yet the smaller "download" button below it still worked in spite of the limit. A lot of those 1686 could just be people clicking the link.
the limit was put in place to prevent games from being spam downloaded to increase the count. ppl actually did that. the download button can only be clicked once per hour.
weird that a different download button worked, unless it was something the creator added to his page description or something.
Pages:
1
