After taking a closer look at the VirusTotal page, it creates a file "c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe" that has the Publisher set to "microsoft corporation", which there is literally no legitimate reason to do for any non-malicious program, so I can confirm that this is a virus with 100% confidence.
Hello, I've taken a closer look at everything. There are two files (Zsync.exe and zsyncmake.exe) that are flagged as problematic. Zsync is originally a Linux program that allows users to store their valuable internet data. It downloads only new or updated parts of a file from a remote web server if an older version already exists on the Zsync user's PC. I took the effort to check other games, and these files can also be found there. Ren'Py uses these files to make updates. Whether they are truly necessary is another question. Antivirus programs sometimes flag these files as suspicious, but labeling them as viruses would be incorrect. Many players have already tested the demo, and there have been no reports of virus issues. I personally have no interest in spreading malicious software. If desired, these mentioned files can also be deleted.
After verifying some games made with renpy, I found the same flag on virustotal. Not sure if all developers are getting some crappy library, or if the security vendor is not reliable, or if the library is so new that it has not been updated to their databases and the security vendor rather plays safe.
At least I can tell that this developer is not ill intended, as far as I can see, since this is a common ocurrance with renpy games. Whether if renpy's engine developers are reliable, I cannot state for sure.
Plus, if this developer was ill intended, he could have disabled the comments, which he didn't. So for now, all looks good.
Thanks to the dev to bring some light into the matter
Remember to always play with your antivirues enabled, and protect your data above anything else
it is concerning that several renpy versions and exe files made with it raise alarms on anti virus scanners. especially since games made with that engine are often used to distribute malware. i checked some of the games in my library, from trusted developers with hundreds of followers and years of being published. i got worse postives on virustotal on those. actually i did not find a single game with no false positives. always a different "threat".
but the thing you cite is not very concerning. think about it. this is what happened in the sandbox. a file was created in a protected folder. apps cannot just write in a windows sub folder. it stands to reason that the dot net framework itself created the file. you only see that the file was created. not which process created it. also, that was a registry key, not a file.
compare a known non malware used with many games (i played at least two of those exe file names, downloaded from trusted source):
← Return to game
Comments
Log in with itch.io to leave a comment.
Why would I waste time downloading this when I don't even know what the story is about?
At least tell us something about this game!
I can do it, there is no virus!
Whatever it shows it is not a virus. have a nice day
yep I'd also advise against it too
After taking a closer look at the VirusTotal page, it creates a file "c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe" that has the Publisher set to "microsoft corporation", which there is literally no legitimate reason to do for any non-malicious program, so I can confirm that this is a virus with 100% confidence.
All the proof of what I'm saying can be found at https://www.virustotal.com/gui/file/0f15e776ac9ef8cd97bf3031dd5dd99325209e144754...
Hello, I've taken a closer look at everything. There are two files (Zsync.exe and zsyncmake.exe) that are flagged as problematic. Zsync is originally a Linux program that allows users to store their valuable internet data. It downloads only new or updated parts of a file from a remote web server if an older version already exists on the Zsync user's PC. I took the effort to check other games, and these files can also be found there. Ren'Py uses these files to make updates. Whether they are truly necessary is another question. Antivirus programs sometimes flag these files as suspicious, but labeling them as viruses would be incorrect. Many players have already tested the demo, and there have been no reports of virus issues. I personally have no interest in spreading malicious software. If desired, these mentioned files can also be deleted.
After verifying some games made with renpy, I found the same flag on virustotal. Not sure if all developers are getting some crappy library, or if the security vendor is not reliable, or if the library is so new that it has not been updated to their databases and the security vendor rather plays safe.
At least I can tell that this developer is not ill intended, as far as I can see, since this is a common ocurrance with renpy games. Whether if renpy's engine developers are reliable, I cannot state for sure.
Plus, if this developer was ill intended, he could have disabled the comments, which he didn't. So for now, all looks good.
Thanks to the dev to bring some light into the matter
Remember to always play with your antivirues enabled, and protect your data above anything else
they are demonstrably reliable in creating an engine again and again that flags as malicous.
but godot is not any better in that regard, it seems.
it is concerning that several renpy versions and exe files made with it raise alarms on anti virus scanners. especially since games made with that engine are often used to distribute malware. i checked some of the games in my library, from trusted developers with hundreds of followers and years of being published. i got worse postives on virustotal on those. actually i did not find a single game with no false positives. always a different "threat".
but the thing you cite is not very concerning. think about it. this is what happened in the sandbox. a file was created in a protected folder. apps cannot just write in a windows sub folder. it stands to reason that the dot net framework itself created the file. you only see that the file was created. not which process created it. also, that was a registry key, not a file.
compare a known non malware used with many games (i played at least two of those exe file names, downloaded from trusted source):
https://www.virustotal.com/gui/file/986e56c244da18a08b3f05d721ca73c481ecaf4d2db3...
it might still be malware, but the reason for your 100% confidence is 100% unsound.