Register    Login    Forum    Search    FAQ Swords & Soldiers



Post new topic Reply to topic

Author Message
 Post subject: Infected copy?
 Post Posted: Thu Jun 21, 2018 2:15 am 
Offline

Joined: Thu Jun 21, 2018 1:50 am
Posts: 2
According to Steam Community forum users are getting reports of Malwarebytes quarantining Swords and Soldiers HD.

Given the current free promo it would be a powerful vector to spread malware; that is to infect a legitimate game during such a free period.

Given that Malwarebytes is flagging it using Machine Learning (MachineLearning/Anomalous.100%) it is entirely possibly that it is a false positive. But the several items flags by Falcon Sandbox Reports at Hybrid Analysis are odd enough (anti-reversing techniques, mismatched CRC values in headers, Entrypoint in PE header is within an uncommon section) I wouldn't recommend blindly assuming it is a false positive.

To be clear, I'm not certain if the executable has been tampered with, and I don't know if it is infected with malware.

I'm also not accusing Ronimo Games of being malicious, I suspect that if there is malware, that the software was most likely targeted by an outside party.


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Thu Jun 21, 2018 1:18 pm 
Offline

Joined: Thu Jun 21, 2018 1:12 pm
Posts: 2
mctylr wrote:
According to Steam Community forum users are getting reports of Malwarebytes quarantining Swords and Soldiers HD.

Given the current free promo it would be a powerful vector to spread malware; that is to infect a legitimate game during such a free period.

Given that Malwarebytes is flagging it using Machine Learning (MachineLearning/Anomalous.100%) it is entirely possibly that it is a false positive. But the several items flags by Falcon Sandbox Reports at Hybrid Analysis are odd enough (anti-reversing techniques, mismatched CRC values in headers, Entrypoint in PE header is within an uncommon section) I wouldn't recommend blindly assuming it is a false positive.

To be clear, I'm not certain if the executable has been tampered with, and I don't know if it is infected with malware.

I'm also not accusing Ronimo Games of being malicious, I suspect that if there is malware, that the software was most likely targeted by an outside party.



Hi i also got this malware warning and it has been quarantined. i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Fri Jun 22, 2018 1:50 pm 
Offline

Joined: Thu Jun 21, 2018 1:50 am
Posts: 2
Quote:
i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Yes, the game is safe, and recently I have been able to confirm that it is a false positive.

Unfortunately I didn't realise that this game uses Steam DRM, which is a fairly consumer friendly approach to combating casual piracy, but which exhibits behaviour I didn't expect in an indie game like Swords and Soldiers HD. That combined with the fact that at least some versions of Steam DRM are flagged as suspicious by some anti-virus / anti-malware including Malwarebytes caused me to be concerned.


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Sun Jun 24, 2018 4:58 pm 
Offline

Joined: Thu Jun 21, 2018 1:12 pm
Posts: 2
mctylr wrote:
Quote:
i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Yes, the game is safe, and recently I have been able to confirm that it is a false positive.

Unfortunately I didn't realise that this game uses Steam DRM, which is a fairly consumer friendly approach to combating casual piracy, but which exhibits behaviour I didn't expect in an indie game like Swords and Soldiers HD. That combined with the fact that at least some versions of Steam DRM are flagged as suspicious by some anti-virus / anti-malware including Malwarebytes caused me to be concerned.



Hello i just want to let you know that my game is working at last with out a virus detection. i think it has been sorted either by steam or my anti virus company.


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic