Virus scanners are right back to detecting Fusion-made EXEs as viruses already

Welcome to our brand new Clickteam Community Hub! We hope you will enjoy using the new features, which we will be further expanding in the coming months.

A few features including Passport are unavailable initially whilst we monitor stability of the new platform, we hope to bring these online very soon. Small issues will crop up following the import from our old system, including some message formatting, translation accuracy and other things.

Thank you for your patience whilst we've worked on this and we look forward to more exciting community developments soon!

Clickteam.
  • I made a blank EXE a few days ago and uploaded it, and everything seemed fine. Forgot to save the MFA since it was, y'know, a blank EXE.

    Then I rescanned it again and this was the results: Please login to see this link.

    Please login to see this link.

    Please login to see this link.So then, out of curiosity, I made a new one, this time being sure to save the EXE. This was the results: Please login to see this link.

    I bet if I rescan again in a few days, it'll be closer to the first results I got. Here's the MFA and the EXE in a ZIP. Using build 292.27 of CF2.5+ Dev, other settings can be seen in the MFA.

    Files

    My Please login to see this link. (which I actually use), my Please login to see this link. (which I mostly don't use), and my Please login to see this link. (which I don't use anymore pretty much at all really). If there are awards for "'highest number of long forum posts", then I'd have probably won at least 1 by now. XD

  • (update: 19 scanners now detect the new EXE too, so it's pretty close to the original results I got at this point)

    My Please login to see this link. (which I actually use), my Please login to see this link. (which I mostly don't use), and my Please login to see this link. (which I don't use anymore pretty much at all really). If there are awards for "'highest number of long forum posts", then I'd have probably won at least 1 by now. XD

  • Yes - Norton as well - I just made an .exe of a .mfa I was helping someone with - the only extension in it was the ini file - and then made a blank .mfa with only 1 active object in it and both were removed by Norton:


    Threat name: Heur.AdvML.BFull

    On computers as of
    12 Oct 2020 at 08:03:51

    Last Used
    12 Oct 2020 at 08:05:54

    Startup Item
    No

    Launched
    No

    Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

    (Edit: I've unquarantined the two files to indicate that I trust them - and they've been submitted to Norton.)

    Casual games: Please login to see this link.

    Edited once, last by Janette5 (October 12, 2020 at 8:03 AM).

  • Looks like my day is going to be busy... :(

    Curiously the Fusion runtime file does not trigger a false detection, except for Bitdefender, so I've submited them the file (as well as an empty app, which triggers a different false detection). We'll submit generated apps to the ones we see.

    Please guys submit them as many applications as you can on your side too.

  • If it helps at all:

    I download a lot of small .mfa from these forums - they are all virus scanned automatically. There's no problem in any of them.

    If I build .scr (screensaver) or an android .apk there is also no threats found.

    Only if I build .exe

    Edit: Html is fine also (limited to free version).

    Casual games: Please login to see this link.

  • Bonjour j avais pas de problème jusqu'ici voila que mon antivirus ce met a jour et la c est la catastrophe tout les compilation en EXE et les trois fichier du répertoire unicode de fusion ( Inchrt.exe,stdrtdex.exe,stdrtd.exe) sont mis en quarantaine.
    pour le fichier le Inchrt.exe c est pas trop grave vus que il sert que quand on utilise la compression Runtime.
    je suis bien en version Beta b292.27.
    en attendant j ai désactiver mon antivirus.
    Bon courage Yves

    mais jeux en flash fait avec mmf :Please login to see this link.

    les video du projet controleur des jeux flash,htlm5,EXE,sourie avec le telephone comme manette :)
    VIDEO Please login to see this link.

    VIDEO Please login to see this link.

  • Bonjour j avais pas de problème jusqu'ici voila que mon antivirus ce met a jour et la c est la catastrophe tout les compilation en EXE et les trois fichier du répertoire unicode de fusion ( Inchrt.exe,stdrtdex.exe,stdrtd.exe) sont mis en quarantaine.
    pour le fichier le Inchrt.exe c est pas trop grave vus que il sert que quand on utilise la compression Runtime.
    je suis bien en version Beta b292.27.
    en attendant j ai désactiver mon antivirus.
    Bon courage Yves

    Par curiosité quel est l'anti-virus?

  • Best of luck, I can't imagine this is a fun situation for anybody
    This itch.io prototype has a lot of false positives too Please login to see this link.
    I can send the source code too if it helps, though I'd rather not send it unless absolutely necessary and would rather only send it somewhere that only Clickteam can access it. There may not be much code yet, and I'm probably okay with sharing the controls code, but I'd rather people not have the assets I made for it so easily.

    My Please login to see this link. (which I actually use), my Please login to see this link. (which I mostly don't use), and my Please login to see this link. (which I don't use anymore pretty much at all really). If there are awards for "'highest number of long forum posts", then I'd have probably won at least 1 by now. XD

  • Oup j avais pense que je l'avais met dans le spot c est AVIRA.

    mais jeux en flash fait avec mmf :Please login to see this link.

    les video du projet controleur des jeux flash,htlm5,EXE,sourie avec le telephone comme manette :)
    VIDEO Please login to see this link.

    VIDEO Please login to see this link.

  • Bizarre Avira n'apparaît pas dans la liste des détections sur Vitustotal, ça serait possible de leur soumettre ces 3 fichiers via l'interface d'Avira? (en général pour les fichiers en quarantaine il y a une option pour les envoyer à la maison mère de l'anti-virus) Au moins stdrtdex.exe (je crois qu'on va supprimer l'option "Compress the runtime" dans le prochain build, cette option ne sert plus à grand-chose.

  • Oui je les fait mais avec la nouvelle version on ne peu plus l envoie par l'interface on toi allé sur le site.

    mais jeux en flash fait avec mmf :Please login to see this link.

    les video du projet controleur des jeux flash,htlm5,EXE,sourie avec le telephone comme manette :)
    VIDEO Please login to see this link.

    VIDEO Please login to see this link.

  • Same problem here, trying to update to 292.27 I always get the message "cannot create the following file"... stdrtd.$$A in data\runtime\unicode. Installation terminated every time...

    Please login to see this link.

  • It's probably a typo - Boba Fonts mentioned 292.27 one place and 292.29 another place.

    That particular file though was historically flagged by Norton, but 292.29 put it back and I ran a scan on it, it's fine, no threats found. It's possible that Norton whitelisted it at some stage and Bitdefender probably has never whitelisted it.

    Casual games: Please login to see this link.

  • Hello,

    steam just updated my fusion to 292.29 and my antivirus raised a warning (windows defender) :

    Trojan:Win32/Woreflint.A!cl
    file: D:\steamapps\steamapps\common\Clickteam Fusion 2.5\Data\Runtime\Unicode\stdrtd.exe

    Please login to see this link.

  • My windows 10 updated last night, then immediately identified a PUP in an exe (my MMF game file) that has been sitting untouched on my computer for a month. It also quarantined an adaware file in my coupons directory, unrelated to MMF work, but I have not updated that file in a long time either. The PUP is Program:Win32/Uwasson.A!ml
    Flagged as PUP by Microsoft Defender. Looking it up; it seems like a very sneaky thing that attaches itself to free software downloads. Then later, it will install the malware and attach itself to other emails and softwares to be further distributed (unknowingly by users).

    OH, I never upgraded my Fusion programs because I hoped I would be free of the reported virus problems. They found me! I'm using 2.5+ version 292.22 I don't need a reply. I'm posting this detail in case it can help the situation. I think I'm going to download a PUP scanner block this. I'm done with that old exe anyway, and working on a later version of my program.

  • I don't now if this was the same problem that's been reported or I really had an infection. It took 3 attempts and 2 restarts to get a clean scan. Other removals were something like "side-stepper" from the registry (sorry, I forget the name).
    I remember about two days ago browsing into one of those scary internet pages and tried to back out; but maybe not quick enough.
    Reading about this PUP, it seems it actively seeks programs and download links to attach to, and the insidious part is that if a portion of it's files are missing, it will go to the internet and download them in the background. I don't think I've ever dealt with such an active virus before; most are kind of passive, you quarantine them and they're gone. My research states that this one keeps little hidden files and will rebuild itself. The odd thing is that my MMF file was not a new exe. It was compiled a month ago and hadn't been used in weeks, yet this is the first time it flagged. I'll be scanning my computer diligently for a few days. Thanks for all you do.

  • Haven't used Fusion in a while, but I tried building an EXE today and got a virus warning error from Windows Defender:
    Trojan:Win32/Fuery.C!cl

    I didn't see this particular virus warning mentioned before so I thought I'd bring it up in case it helps at all.

  • The reason may be that many users not only create games but pseudoviruses as well. After my contact with the antivirus company, I got this information and nothing can be done about it. If they will unblock the games they will unlock viruses created in Fusion. This is the true reason for false positives in antiviruses. Such companies mainly scan similar code but have no idea how the Clickteam runtime works and how to evaluate it against the threat from the CNC file.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!