Register    Login    Forum    Search    FAQ Swords & Soldiers



Post new topic Reply to topic

Author Message
 Post subject: Infected copy?
 Post Posted: Thu Jun 21, 2018 2:15 am 
Offline

Joined: Thu Jun 21, 2018 1:50 am
Posts: 2
According to Steam Community forum users are getting reports of Malwarebytes quarantining Swords and Soldiers HD.

Given the current free promo it would be a powerful vector to spread malware; that is to infect a legitimate game during such a free period.

Given that Malwarebytes is flagging it using Machine Learning (MachineLearning/Anomalous.100%) it is entirely possibly that it is a false positive. But the several items flags by Falcon Sandbox Reports at Hybrid Analysis are odd enough (anti-reversing techniques, mismatched CRC values in headers, Entrypoint in PE header is within an uncommon section) I wouldn't recommend blindly assuming it is a false positive.

To be clear, I'm not certain if the executable has been tampered with, and I don't know if it is infected with malware.

I'm also not accusing Ronimo Games of being malicious, I suspect that if there is malware, that the software was most likely targeted by an outside party.


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Thu Jun 21, 2018 1:18 pm 
Offline

Joined: Thu Jun 21, 2018 1:12 pm
Posts: 2
mctylr wrote:
According to Steam Community forum users are getting reports of Malwarebytes quarantining Swords and Soldiers HD.

Given the current free promo it would be a powerful vector to spread malware; that is to infect a legitimate game during such a free period.

Given that Malwarebytes is flagging it using Machine Learning (MachineLearning/Anomalous.100%) it is entirely possibly that it is a false positive. But the several items flags by Falcon Sandbox Reports at Hybrid Analysis are odd enough (anti-reversing techniques, mismatched CRC values in headers, Entrypoint in PE header is within an uncommon section) I wouldn't recommend blindly assuming it is a false positive.

To be clear, I'm not certain if the executable has been tampered with, and I don't know if it is infected with malware.

I'm also not accusing Ronimo Games of being malicious, I suspect that if there is malware, that the software was most likely targeted by an outside party.



Hi i also got this malware warning and it has been quarantined. i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Fri Jun 22, 2018 1:50 pm 
Offline

Joined: Thu Jun 21, 2018 1:50 am
Posts: 2
Quote:
i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Yes, the game is safe, and recently I have been able to confirm that it is a false positive.

Unfortunately I didn't realise that this game uses Steam DRM, which is a fairly consumer friendly approach to combating casual piracy, but which exhibits behaviour I didn't expect in an indie game like Swords and Soldiers HD. That combined with the fact that at least some versions of Steam DRM are flagged as suspicious by some anti-virus / anti-malware including Malwarebytes caused me to be concerned.


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Sun Jun 24, 2018 4:58 pm 
Offline

Joined: Thu Jun 21, 2018 1:12 pm
Posts: 2
mctylr wrote:
Quote:
i would like to play this game and see if i like it so i can buy the sequel. but i don't want to buy malware. is it a false positive or is it a malware??


Yes, the game is safe, and recently I have been able to confirm that it is a false positive.

Unfortunately I didn't realise that this game uses Steam DRM, which is a fairly consumer friendly approach to combating casual piracy, but which exhibits behaviour I didn't expect in an indie game like Swords and Soldiers HD. That combined with the fact that at least some versions of Steam DRM are flagged as suspicious by some anti-virus / anti-malware including Malwarebytes caused me to be concerned.



Hello i just want to let you know that my game is working at last with out a virus detection. i think it has been sorted either by steam or my anti virus company.


Top 
 Profile  
 
 Post subject: Re: Infected copy?
 Post Posted: Mon Sep 23, 2019 11:55 am 
Offline

Joined: Mon Sep 23, 2019 11:47 am
Posts: 1
Location: United States
When people think their machine is infected, I typically tell people to backup that machine. Beside this Stuck on the login page of the AOL mail because you Reset AOL Mail Password and Get Instant Help


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic