User Tag List

Page 2 of 2 FirstFirst 1 2
Results 11 to 17 of 17

Thread: Trojan- Spy.Win32.KeyLogger.gen on Steam?

  1. #11
    Clickteam Clickteam

    Join Date
    Jun 2006
    Location
    France
    Posts
    13,776
    Mentioned
    257 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by seep View Post
    Thanks guys for the answers,
    So our only option is waiting and hope that will fix by the antivirus?
    You have several options:

    - if you can rebuild your app, wait for the Steam version of the build 292.27, with the changes we did in this build applications are not longer detected as false positive by the few anti-virus programs that recently reported it (except for MS Defender but hopefully they will fix it quickly).
    - if you can't rebuild your app, submit it to the concerned anti-virus program via their false positive submission web page so that they fix it for your app.
    - if your app is a commercial app you should purchase a code signing certificate and sign it, this often reduces the possibility to get flagged (not always enough though).

  2. #12
    Clicker Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)Universal Windows Platform Export Module (Steam)
    seep's Avatar
    Join Date
    Mar 2015
    Posts
    23
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Yves View Post
    You have several options:

    - if you can rebuild your app, wait for the Steam version of the build 292.27, with the changes we did in this build applications are not longer detected as false positive by the few anti-virus programs that recently reported it (except for MS Defender but hopefully they will fix it quickly).
    - if you can't rebuild your app, submit it to the concerned anti-virus program via their false positive submission web page so that they fix it for your app.
    - if your app is a commercial app you should purchase a code signing certificate and sign it, this often reduces the possibility to get flagged (not always enough though).
    Thanks!
    When Is the release about build 292.27 on Steam?

  3. #13
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleiOS Export Module

    Join Date
    Sep 2015
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi, I am suffering with a similar issue found by my users for my game submitted in a GameJam; except the anti-virus alert for my game is: Trojan: Win32/Wacatac.B!ml. I'm reporting as false positives to the many different anti-virus companies my users are highlighting, including Windows Defender. Seems a bit excessive but it will likely mean no users will pick up my game in the Jam. It also feels unprofessional to tell my users to ignore and treat as a false positive.

  4. #14
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export Module
    CruddyBuddy's Avatar
    Join Date
    May 2010
    Posts
    158
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Yves View Post
    A fix from Clickteam?? A fix would mean the problem is in Fusion. No, the problem is in the anti-virus programs that have incorrect virus definitions that randomly flag other programs. This issue happens all the time, not only with Fusion. Files have been submitted to them for them to fix it, but it can take time before they do it.

    Instead of blaming us, when one of your users report a problem with an anti-virus program, just submit your application as false positive to the concerned anti-virus company, they all have public pages for this, this will speed up the process.

    In this specific case I spent days trying to understand why they could report false positive for such a different files as the really harmless Layer object or the File object and luckily I've found a specific build setting inherited from old VS projects conversions that I could remove, this fixed it. This setting was probably also used by some malware and some anti-virus programs (that are not as clever as people think) just detected it in Fusion apps. But this could happen again, so next time submit your application to the anti-virus reported by the user please. Thanks.

    EDIT: on a personal note, I recommend people to use ESET NOD32, I never get any false positive with this anti-virus program.
    I really appreciate you working so hard on this. I know that normally it's an issue with AV programs, but when I didn't change anything significant in my code and I'm suddenly getting a lot of false positives, I knew there must be something else going on. Anyway, I really appreciate the beta update. Thanks, Yves!

  5. #15
    Clicker Fusion 2.5
    Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)Universal Windows Platform Export Module (Steam)
    JimJam's Avatar
    Join Date
    Jun 2006
    Location
    USA
    Posts
    349
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I just ran a test. I opened Fusion build 292.26 (steam version), and created a new application. It's got one frame, totally blank, nothing changed. I built the program "test.exe" and saved to my desktop.

    It is immediately flagged and quarantined by Windows Defender. When I run it through VirusTotal, it gets 22 positive results, including 3 accounts of "Key Logger". The rest of the virus engines report "undetected."

    While any program being detected as "malware" is annoying, being detected as "Key Logger" is a little more serious, and naturally would scare the **** out of anyone using one of our programs. Especially since its also flagging as "Zusy" - which a quick google search tells me is a type of Trojan that steals banking information. If I download any random software that flags as "keylogger" my natural instinct is "this thing is trying to steal my passwords and possibly access my bank accounts."

    Now obviously, these Fusion programs aren't actually malware, and its a false positive. But the severity of a KeyLogger and identity theft trojan (even if false-positive) is very serious.

    What is happening inside of a blank fusion app that triggers a "Key Logger" alert in all of these virus engines? It can't possibly be any sort of Fusion Extension, or any events, because this is a blank default new MFA file (built into an exe).

    I wish these anti-virus programs would tell us a little more info about how or what exactly they are "detecting".

  6. #16
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export Module

    Join Date
    Dec 2013
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Fusion is a powerful tool - you could probably build keyloggers and trojan malware with it. Please don't forget that there is no real coding needed and its quick and easy to learn.

    People are not always good. If you have a good game out on the market and I would be your main competitor, I would pull all the dirty tricks I could get - including submitting your game as potential threat. There are tons of sites on the net that offer shareware wrapped with malware installers. I could upload your game and report the file. Repeat that a few times and have fun with the reports you get from your loyal customers.

    Not that I would do that personally. Just a thought.

    Okay so leaving all the bad stuff aside, here is a good read about the general problem: https://weblog.west-wind.com/posts/2...alse-positives

  7. #17
    Clicker Fusion 2.5
    Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)Universal Windows Platform Export Module (Steam)
    JimJam's Avatar
    Join Date
    Jun 2006
    Location
    USA
    Posts
    349
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vaxx View Post
    Fusion is a powerful tool - you could probably build keyloggers and trojan malware with it. Please don't forget that there is no real coding needed and its quick and easy to learn.

    People are not always good. If you have a good game out on the market and I would be your main competitor, I would pull all the dirty tricks I could get - including submitting your game as potential threat. There are tons of sites on the net that offer shareware wrapped with malware installers. I could upload your game and report the file. Repeat that a few times and have fun with the reports you get from your loyal customers.

    Not that I would do that personally. Just a thought.

    Okay so leaving all the bad stuff aside, here is a good read about the general problem: https://weblog.west-wind.com/posts/2...alse-positives
    Wow, that's an interesting read. Yeah, I'm aware that false positives have been a problem with AV since forever. But that situation described in the link is one of the most frustrating things I've read. All his files come up clean, but then he builds his program into the installer, and BAM: false positive. Makes no sense!

    And of course all these AV engines are basically a black-box to us -- we as software makers have no insight into what criteria they use to trigger these virus alerts.

    I just downloaded the new Fusion 292.27 build, and created a new EXE of a blank frame. Microsoft Defender no longer flags blank Fusion apps as malware, but I'm still getting 18 false positives.
    https://www.virustotal.com/gui/file/...2435/detection

    Most of the major AV programs read it as clean, but a few of the bigger ones (Avast, BitDefender, Kaperskey,AVG) reads it as malware. And a few are still picking up "Zusy / Key Logger".
    What's frustrating though as a Fusion user is that unlike the blog you linked, I can't strip down my EXE's code to figure out what is triggering this stuff - because its already a blank MFA. I guess that's just he cost of ease-of-access, and not building one's program totally from scratch in C++ or something.

    Regardless, having to convince people who download my EXE that there isn't a keylogger in it, is probably not very re-assuring to them.

    These Anti-virus companies basically get to write the rules on who is a "legitimate" developer or not. The AV software we have available kinda sucks, but the alternative of using no AV isn't better. So we just have to deal with it. :/

Page 2 of 2 FirstFirst 1 2

Similar Threads

  1. [C++] Problem with EventPump in Win32 App
    By Greg in forum Lacewing
    Replies: 2
    Last Post: 20th November 2011, 12:17 PM
  2. crafty-23.0-win32 / crafty-23.2-win32
    By badijoe in forum Extension Development
    Replies: 4
    Last Post: 11th April 2010, 03:57 AM
  3. All .exe's are Trojan horses?
    By Dynamite in forum Multimedia Fusion 2 - Technical Support
    Replies: 22
    Last Post: 16th February 2009, 04:38 PM
  4. [Request] Win32 API Controls
    By Amec in forum Extension Development
    Replies: 6
    Last Post: 25th May 2008, 08:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •