Trojan- Spy.Win32.KeyLogger.gen on Steam?

Welcome to our brand new Clickteam Community Hub! We hope you will enjoy using the new features, which we will be further expanding in the coming months.

A few features including Passport are unavailable initially whilst we monitor stability of the new platform, we hope to bring these online very soon. Small issues will crop up following the import from our old system, including some message formatting, translation accuracy and other things.

Thank you for your patience whilst we've worked on this and we look forward to more exciting community developments soon!

Clickteam.
  • Hi,
    Probabily Is a false positive, but one of my user on Steam has had this alert by anti-virus Kaspersky with two of my games.
    I uploaded on Steam only the .exe files (I using very basic plugin "xbox object" "Fullscreen object" ".INI" "Steam Object"). Maybe can be a problem about the creation of .INI files?

    Thanks in advance :)

  • You're not alone, we all have this issue since weeks, we're waiting a fix from Clickteam.

    A fix from Clickteam?? A fix would mean the problem is in Fusion. No, the problem is in the anti-virus programs that have incorrect virus definitions that randomly flag other programs. This issue happens all the time, not only with Fusion. Files have been submitted to them for them to fix it, but it can take time before they do it.

    Instead of blaming us, when one of your users report a problem with an anti-virus program, just submit your application as false positive to the concerned anti-virus company, they all have public pages for this, this will speed up the process.

    In this specific case I spent days trying to understand why they could report false positive for such a different files as the really harmless Layer object or the File object and luckily I've found a specific build setting inherited from old VS projects conversions that I could remove, this fixed it. This setting was probably also used by some malware and some anti-virus programs (that are not as clever as people think) just detected it in Fusion apps. But this could happen again, so next time submit your application to the anti-virus reported by the user please. Thanks.

    EDIT: on a personal note, I recommend people to use ESET NOD32, I never get any false positive with this anti-virus program.

  • A fix from Clickteam?? A fix would mean the problem is in Fusion. No, the problem is in the anti-virus programs that have incorrect virus definitions that randomly flag other programs. This issue happens all the time, not only with Fusion. Files have been submitted to them for them to fix it, but it can take time before they do it.

    Instead of blaming us, when one of your users report a problem with an anti-virus program, just submit your application as false positive to the concerned anti-virus company, they all have public pages for this, this will speed up the process.

    In this specific case I spent days trying to understand why they could report false positive for such a different files as the really harmless Layer object or the File object and luckily I've found a specific build setting inherited from old VS projects conversions that I could remove, this fixed it. This setting was probably also used by some malware and some anti-virus programs (that are not as clever as people think) just detected it in Fusion apps. But this could happen again, so next time submit your application to the anti-virus reported by the user please. Thanks.

    EDIT: on a personal note, I recommend people to use ESET NOD32, I never get any false positive with this anti-virus program.

    From the moment the problem appeared from the last build when it was working before, for me the problem came from Clickteam, but if it's not the case, great, glad you could find a way to fix it.

    Developer of Inexistence available on Steam :
    Please login to see this link.

  • From the moment the problem appeared from the last build when it was working before, for me the problem came from Clickteam, but if it's not the case, great, glad you could find a way to fix it.

    Of course it's not the case, you have to understand how anti-virus programs work: they use virus definition files that contain malware signatures. A malware signature is composed of chunks of bytes. If the anti-virus program finds those chunks in a program, it reports it as malware, or possible malware. They keep adding signatures everyday to their virus definition files, to counter attack the new viruses that appear every day. If a signature is weak and the anti-virus program is not protected against this (= for example if their test database is not large enough), this will trigger false positives to safe programs that are not malware at all, and may have been released for a long time.

  • Thanks guys for the answers,
    So our only option is waiting and hope that will fix by the antivirus? :O

    You have several options:

    - if you can rebuild your app, wait for the Steam version of the build 292.27, with the changes we did in this build applications are not longer detected as false positive by the few anti-virus programs that recently reported it (except for MS Defender but hopefully they will fix it quickly).
    - if you can't rebuild your app, submit it to the concerned anti-virus program via their false positive submission web page so that they fix it for your app.
    - if your app is a commercial app you should purchase a code signing certificate and sign it, this often reduces the possibility to get flagged (not always enough though).

  • You have several options:

    - if you can rebuild your app, wait for the Steam version of the build 292.27, with the changes we did in this build applications are not longer detected as false positive by the few anti-virus programs that recently reported it (except for MS Defender but hopefully they will fix it quickly).
    - if you can't rebuild your app, submit it to the concerned anti-virus program via their false positive submission web page so that they fix it for your app.
    - if your app is a commercial app you should purchase a code signing certificate and sign it, this often reduces the possibility to get flagged (not always enough though).

    Thanks!
    When Is the release about build 292.27 on Steam? :)

  • Hi, I am suffering with a similar issue found by my users for my game submitted in a GameJam; except the anti-virus alert for my game is: Trojan: Win32/Wacatac.B!ml. I'm reporting as false positives to the many different anti-virus companies my users are highlighting, including Windows Defender. Seems a bit excessive but it will likely mean no users will pick up my game in the Jam. It also feels unprofessional to tell my users to ignore and treat as a false positive.

  • A fix from Clickteam?? A fix would mean the problem is in Fusion. No, the problem is in the anti-virus programs that have incorrect virus definitions that randomly flag other programs. This issue happens all the time, not only with Fusion. Files have been submitted to them for them to fix it, but it can take time before they do it.

    Instead of blaming us, when one of your users report a problem with an anti-virus program, just submit your application as false positive to the concerned anti-virus company, they all have public pages for this, this will speed up the process.

    In this specific case I spent days trying to understand why they could report false positive for such a different files as the really harmless Layer object or the File object and luckily I've found a specific build setting inherited from old VS projects conversions that I could remove, this fixed it. This setting was probably also used by some malware and some anti-virus programs (that are not as clever as people think) just detected it in Fusion apps. But this could happen again, so next time submit your application to the anti-virus reported by the user please. Thanks.

    EDIT: on a personal note, I recommend people to use ESET NOD32, I never get any false positive with this anti-virus program.

    I really appreciate you working so hard on this. I know that normally it's an issue with AV programs, but when I didn't change anything significant in my code and I'm suddenly getting a lot of false positives, I knew there must be something else going on. Anyway, I really appreciate the beta update. Thanks, Yves!

  • I just ran a test. I opened Fusion build 292.26 (steam version), and created a new application. It's got one frame, totally blank, nothing changed. I built the program "test.exe" and saved to my desktop.

    It is immediately flagged and quarantined by Windows Defender. When I run it through VirusTotal, it gets 22 positive results, including 3 accounts of "Key Logger". The rest of the virus engines report "undetected."

    While any program being detected as "malware" is annoying, being detected as "Key Logger" is a little more serious, and naturally would scare the **** out of anyone using one of our programs. Especially since its also flagging as "Zusy" - which a quick google search tells me is Please login to see this link.. If I download any random software that flags as "keylogger" my natural instinct is "this thing is trying to steal my passwords and possibly access my bank accounts."

    Now obviously, these Fusion programs aren't actually malware, and its a false positive. But the severity of a KeyLogger and identity theft trojan (even if false-positive) is very serious.

    What is happening inside of a blank fusion app that triggers a "Key Logger" alert in all of these virus engines? It can't possibly be any sort of Fusion Extension, or any events, because this is a blank default new MFA file (built into an exe).

    I wish these anti-virus programs would tell us a little more info about how or what exactly they are "detecting".

    ~ James O.

    Edited once, last by JimJam (October 4, 2020 at 9:50 PM).

  • Fusion is a powerful tool - you could probably build keyloggers and trojan malware with it. Please don't forget that there is no real coding needed and its quick and easy to learn.

    People are not always good. If you have a good game out on the market and I would be your main competitor, I would pull all the dirty tricks I could get - including submitting your game as potential threat. There are tons of sites on the net that offer shareware wrapped with malware installers. I could upload your game and report the file. Repeat that a few times and have fun with the reports you get from your loyal customers.

    Not that I would do that personally. Just a thought.

    Okay so leaving all the bad stuff aside, here is a good read about the general problem: Please login to see this link.

  • Fusion is a powerful tool - you could probably build keyloggers and trojan malware with it. Please don't forget that there is no real coding needed and its quick and easy to learn.

    People are not always good. If you have a good game out on the market and I would be your main competitor, I would pull all the dirty tricks I could get - including submitting your game as potential threat. There are tons of sites on the net that offer shareware wrapped with malware installers. I could upload your game and report the file. Repeat that a few times and have fun with the reports you get from your loyal customers.

    Not that I would do that personally. Just a thought.

    Okay so leaving all the bad stuff aside, here is a good read about the general problem: Please login to see this link.

    Wow, that's an interesting read. Yeah, I'm aware that false positives have been a problem with AV since forever. But that situation described in the link is one of the most frustrating things I've read. All his files come up clean, but then he builds his program into the installer, and BAM: false positive. Makes no sense!

    And of course all these AV engines are basically a black-box to us -- we as software makers have no insight into what criteria they use to trigger these virus alerts.

    I just downloaded the new Fusion 292.27 build, and created a new EXE of a blank frame. Microsoft Defender no longer flags blank Fusion apps as malware, but I'm still getting 18 false positives.
    Please login to see this link.

    Most of the major AV programs read it as clean, but a few of the bigger ones (Avast, BitDefender, Kaperskey,AVG) reads it as malware. And a few are still picking up "Zusy / Key Logger".
    What's frustrating though as a Fusion user is that unlike the blog you linked, I can't strip down my EXE's code to figure out what is triggering this stuff - because its already a blank MFA. I guess that's just he cost of ease-of-access, and not building one's program totally from scratch in C++ or something.

    Regardless, having to convince people who download my EXE that there isn't a keylogger in it, is probably not very re-assuring to them.

    These Anti-virus companies basically get to write the rules on who is a "legitimate" developer or not. The AV software we have available kinda sucks, but the alternative of using no AV isn't better. So we just have to deal with it. :/

    ~ James O.

  • You can submit your EXE file as false positive to Microsoft so that they fix it in their next virus definition update: Please login to see this link.

    We've also submitted them some example files so that they fix it asap, this is a general issue with their anti-virus (and a few other ones, they must all use the same detection algorithms...).

  • You can submit your EXE file as false positive to Microsoft so that they fix it in their next virus definition update: Please login to see this link.

    We've also submitted them some example files so that they fix it asap, this is a general issue with their anti-virus (and a few other ones, they must all use the same detection algorithms...).

    Hi, today I uploaded all our games, now seems works fine! :D

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!