Skip to main content

Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

Soulash

Soulash is a fantasy roguelike where you play as a forgotten god set on destroying the world. · By Artur Smiarowski

Looks great, but apparently the demo contains a virus/trojan

A topic by clockworkservant created Jun 24, 2019 Views: 11,842 Replies: 13
Viewing posts 1 to 9
(+1)

So, first I'd like to say I'm very excited by the game!  Looks great.

Unfortunately, I just downloaded the demo, and Windows Defender identified a Trojan in the executable.  Not cool.

The trojan is called "Wacatac.B!ml"

(+1)

Hey clockworkservant,

It's probably a false positive, I've just downloaded and scanned the demo with latest Windows Defender on Win10 and had no issues, also verified with Avira.

Could you check it with a different antivirus software?

(1 edit) (+1)

Well, I tried running it through virustotal.com for a second (multi) opinion.  That site picked it up as well, though again through Microsoft.  It's hard to say one way or another if it's a false positive.  Unfortunately, any sort of positive is enough of a deterrent in demo software. I definitely won' t be giving it a try until it's resolved, sadly.

(+1)

Could you link to a virustotal report?

(+1)

https://www.virustotal.com/gui/file/9faf39e3cc45a4021ef7e7d033e42c73d0686aecf4cd...

(+1)

I understand. I will try to reproduce this on virustotal.com and try to find what might be causing this issue. Thanks for letting me know.

(+2)

I'm not sure why this gives false positive, the alpha version doesn't seem to have that issue and the difference between the demo and alpha is a couple of exception throws to limit data files. Just to be on the safe side, I've submitted this to Microsoft and we'll see when they have time to check it.


I'll write an update when I get an answer.

(+1)

In case someone is worried I received this from Microsoft:


(+1)

I ve had the malware warning with the demo as well and not with the alpha neither. However, today the windows defender just deleted the soulash.exe by its own (I didnt even know that win 10 does that). It took me a while to figure out what the problem was. I "fixed" this by adding soulash.exe to the exclusions in the windows defender security center. Another thing to mention about this is that I usually keep my computer running for extended periods of time only going to sleep mode every once in a while. The sudden removal of the exe happened after a proper restart and while I was actually playing the game. It just kicked me out and the exe was nowhere to be found.

I hope that was helpful xD

Do you have the latest threat definition version for windows defender? Could you maybe try what the Microsoft employee described and send me the files to support@wizardsofthecode.pro so I could pass them along?

I've went into paranoid mode yesterday and wasted 3 hours to scan my whole PC with the windows defender and even though I had 3 different builds of Soulash I couldn't trigger the malware warning :(

(+2)

Windows defender is also quarantining that file on my machine. I'm pretty sure I'm up to date. I generated the Windows Defender debug dump as per the screenshotted email above and emailed it to support@wizardsofthecode.pro . Hope that helps!

(+1)

I'm not sure if this will be of any help/relation at all or send you down deeper rabbit holes, but I'm on Windows 8.1 and the first time I run a new version of Soulash's .exe, Windows defender stops the program from running and pops up a warning that it is from an unknown publisher, from which I can resume operation normally. All this is honestly kinda standard on this windows version for me with any smaller early access titles, betas etc. Haven't gotten any of the weirdness that has been posted up above.

(+1)

It could be related, I heard that unsigned exes could result in more false positives. I'll have to do some research about this on weekend and get this sorted.

(+1)

Ok I finally managed to hit that warning yesterday and sent everything again to Microsoft. It seems the warning has been fixed on their part in newest threat definitions:


Please let me know if the issue persists in the newest version with cache cleared. Thank you all for your help!