Skip to main content

On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

Fix

A topic by MichaelaEV created Mar 17, 2023 Views: 884 Replies: 6
Viewing posts 1 to 4
(1 edit)

i uploaded the game on virustotal.com 

Please look at this virus total graph 

https://www.virustotal.com/graph/embed/g21b8209996284a7388a67d99cd510e1c29d9f3b9...

vn should be offline game why it's contacting many different ip and domain,  some of it flag as malicious and dropping more malicious file

Disclaimer I'm not IT or virus expert, but you can't ignore that a offline game like vn contacting many ip and domain is suspicious.

Developer

Yes, I have taken note of your feedback and have replied to your question. If you think the answer is enough, please change the title of the post. Thank you

Developer (1 edit)

Thank you for your feedback. After seeing this message, i check the game and there's no virus. I‘m new to programming, just learn renpy  about seven months, and did not have any intention of creating a virus. I think maybe it just a misunderstand. Because i upload the tavern of spare and nekojishi to virustotal. They have same detect result.

1.https://www.virustotal.com/gui/file/7e2edced6287f8db644c347076cd1d1d24fb1474b13e...  2.https://www.virustotal.com/gui/file/bcee937419a34d3b1e77dee04c8d6f95c3a77c644083ca6748b38d925315debf/relations

They are both base on renpy enigne. Not to mention that i just download nekojishi from steam.

So, if you have any question, please contract me. Btw, i notice that you(or maybe not you) post this on tg channle too. Could you post this claim?

(1 edit)

alright thanks for hearing this,  i already change the title , im sorry if it's create to much chaos i just thought this game infected by virus since someone say their antivirus detected it as trojan backdoor, and yes after i look it up in virus total i feel weird, that vn that suppose to be offline game connect to difrent kind of ip and domain, and it's not helping that in the graphic many of the files dropped from the ip and domain is detected as malicious for some reason by virus total.

once again I'm sorry for the inconvenience and chaos i made. 

i just want to protect my community from virus the best i can.

Here's what actually happens 

Renpy have this file called zsync.exe that's work as an updater for renpy-based games. Most of the time it'd be harmless and beneficial. Yet it seems to have the ability to serve as a remote code execution (RCE) backdoor since its working mechanism is downloading patches from remote server and then execute however the devs want, if I get the source code & docs right.

So yeah it's mostly misunderstanding and false positive if i can said that because wow this is a huge vulnerability from renpy i hope it's get patch soon