Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


OMG VIRUS!!!
Goto page Previous  1, 2, 3 ... 30, 31, 32, 33, 34, 35  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Black Jin
How do I cheat?
Reputation: 0

Joined: 29 Jun 2017
Posts: 1

PostPosted: Thu Jun 29, 2017 8:15 am    Post subject: Installer tries to run adware, even after disabling offers Reply with quote

Okay so, I understand that Cheat Engine itself isn't infected or compromised but the installer from cheatengine . org is being quite suspicious. When installing Cheat Engine, it appears that different executable files are dropped into AppData/Local/Temp, which then they are executed and start trying to edit the Windows registry. These files are created at the end of the CE installation, regardless of whether you opt out from the offers or not. I ran the installation twice to see, and two separate, different programs were executed after creation.

So I decided to check these two programs on Virus Total, and it appears both are detected as adware and other such things.

If I opt out of these offers, why is it that adware is still dropped and then executed?



File 2.PNG
 Description:
Virus Total Scan for Program #2
 Filesize:  45.81 KB
 Viewed:  102484 Time(s)

File 2.PNG



File 1.PNG
 Description:
Virus Total Scan for Program #1
 Filesize:  45.16 KB
 Viewed:  102484 Time(s)

File 1.PNG


Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu Jun 29, 2017 9:12 pm    Post subject: Reply with quote

This is very common for anti-virus' to flag legit software as potential problems due to them being used for malicious purposes more than not. Cheat Engine uses an ad based installer to help generate some income for Dark Byte for the free work he puts into Cheat Engine.

Because of it, the installer is being flagged as a more or less 'false-positive' as you can see by the listings of what it's named. "DealFly" is a generic name given to the installer engine because it shows ads. The installer is not infected and ads are screened by the developers of the installer. Do some issues slip through the cracks every now and then? Sure, nothing is perfect. But you have nothing to worry about as long as you take your time while installing and opt. out of everything.

If you still don't want to run the installer or don't trust it, the Downloads paage of CE offers a packaged version without the installer.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
pimpmyname
Newbie cheater
Reputation: 0

Joined: 16 May 2012
Posts: 20

PostPosted: Mon Oct 09, 2017 2:35 pm    Post subject: Reply with quote

Its because of the opt out install stuff... But its the way you guys make money so its fair enough.

But a lot of AVs will pick it up as unwanted software.

_________________
I only seduce widows sons... so dont worry :3
Back to top
View user's profile Send private message
StrikerFX
How do I cheat?
Reputation: 0

Joined: 01 Jul 2016
Posts: 3

PostPosted: Sat Dec 16, 2017 5:17 am    Post subject: Reply with quote

I was downloading the program on the site, but had the following warning: November 13 2017: Can not run Cheat Engine. From what I understand, the cheat engine has a virus, is that it? Has it already been resolved or not? I intend to use the portable version until it is infected too?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Dec 16, 2017 5:36 am    Post subject: Reply with quote

check your anti virus. ce is a 'hacktool / cheat engine" which is exactly what you want, but your AV might not know that

also, what is the exact error you get ?
if it's the error that cheatengine-x86_64.exe is missing after doubleclicking it then use the windows repair tool posted on the website

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sch7777
Newbie cheater
Reputation: 0

Joined: 04 Mar 2011
Posts: 21

PostPosted: Mon Apr 02, 2018 8:29 pm    Post subject: WTF Reply with quote

I'm no genius
Malwarebytes is saying this
(PUP.Optional.GameHack)
potentially unwanted programs
is some kind of a threat.
WTF Dark Byte is
STANDALONEPHASE1.DAT
really necessary to
the operation of
cheat engine and
what is STANDALONEPHASE1.DAT
real purpose to the
cheat engine?

I've never upgraded Cheat Engine from 6.3
Well I started watching some YouTube videos on cheat engine and seen CE v6.7 Thought I would try it out. So downloaded it and scanned it with Malwarebytes. Bam got Malwarebytes all in an up roar over it. Yea, yea i've read all about how Malwarebytes is picking up false virus's. How all this is a bunch of BS. So I would like to know is (STANDALONEPHASE1.DAT) really necessary to be in the cheat engine folder? Will cheat engine function without them? WTH is Tiny.dat file as well????
Thanks for any help or info
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Mon Apr 02, 2018 8:38 pm    Post subject: Re: WTF Reply with quote

sch7777 wrote:
I'm no genius
Malwarebytes is saying this
(PUP.Optional.GameHack)
potentially unwanted programs
is some kind of a threat.
WTF Dark Byte is
STANDALONEPHASE1.DAT
really necessary to
the operation of
cheat engine and
what is STANDALONEPHASE1.DAT
real purpose to the
cheat engine?

I've never upgraded Cheat Engine from 6.3
Well I started watching some YouTube videos on cheat engine and seen CE v6.7 Thought I would try it out. So downloaded it and scanned it with Malwarebytes. Bam got Malwarebytes all in an up roar over it. Yea, yea i've read all about how Malwarebytes is picking up false virus's. How all this is a bunch of BS. So I would like to know is (STANDALONEPHASE1.DAT) really necessary to be in the cheat engine folder? Will cheat engine function without them? WTH is Tiny.dat file as well????
Thanks for any help or info


This might help explain what they do.
http://www.cheatengine.org/forum/viewtopic.php?t=571857

And "PUP.Optional.GameHack" sound about right for a hack tool, so if you didn't want a "GameHack" tool then it's correct about the unwanted part else it's just making false assumptions. And the day AVs like memory editors will be the day pigs fly with rainbows as their propulsion.

EDIT:
Logically look at it like this, CE is open source and has a community of people who reverse software for fun; so it seems to me like this would be the worst place to try and hide a virus.

_________________
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Tue Apr 03, 2018 12:08 am    Post subject: Reply with quote

a PUP is not a virus or malware, it's a "Potentially unwanted program"
malwarebytes assumes most people want to play games as they are designed, and therefore don't want to use mods.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sch7777
Newbie cheater
Reputation: 0

Joined: 04 Mar 2011
Posts: 21

PostPosted: Tue Apr 03, 2018 1:20 am    Post subject: Reply with quote

Thanks Dark Byte

I'll Set malwarebytes to ignore the files

Also thanks TheyCallMeTim13

I did read the post yesterday.
Back to top
View user's profile Send private message
Arsh
Newbie cheater
Reputation: 1

Joined: 02 Aug 2018
Posts: 22
Location: India

PostPosted: Thu Aug 02, 2018 9:14 am    Post subject: Reply with quote

some Anti virus delete all the exe file to provide security,why they do that for safety then i suggest we have to save our personal in keep or any verified app and no need to waste money on Anti virus like this
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 50

Joined: 24 Feb 2017
Posts: 976
Location: Pluto

PostPosted: Thu Aug 02, 2018 9:33 am    Post subject: Reply with quote

Arsh wrote:
some Anti virus delete all the exe file...

Viruses also do this.

_________________
Back to top
View user's profile Send private message Visit poster's website
Arsh
Newbie cheater
Reputation: 1

Joined: 02 Aug 2018
Posts: 22
Location: India

PostPosted: Thu Aug 02, 2018 9:35 am    Post subject: Reply with quote

thanks for info and quick response
Back to top
View user's profile Send private message
Unicorngoulash
Newbie cheater
Reputation: 0

Joined: 19 Apr 2018
Posts: 19
Location: Netherlands

PostPosted: Tue Oct 30, 2018 9:29 am    Post subject: Reply with quote

Maybe not a virus, but as soon as I install cheat engine officially downloaded from the cheat engine site, it instantly creates files in the temp folder that want to connect to a website. Malwarebyes has no problems with cheat engine. It only flags it as potentially unwanted. But it dislikes the sites the temp files are trying to connect with.

-Log Details-
Protection Event Date: 10/30/18
Protection Event Time: 3:33 PM
Log File: c4ab8744-dc93-11e8-a249-4ccc6add70a5.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7611
License: Trial

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: os2.ginihehen
IP Address: 18.203.176.191
Port: [51101]
Type: Outbound
File: C:\Users\Giovanni\AppData\Local\Temp\is-8L77I.tmp\CheatEngine681.tmp



(end)
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue Oct 30, 2018 3:11 pm    Post subject: Reply with quote

Make sure that you properly unchecked/removed any offers while using the installer. You may have missed one that is trying to do it's thing after the installer completed.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Unicorngoulash
Newbie cheater
Reputation: 0

Joined: 19 Apr 2018
Posts: 19
Location: Netherlands

PostPosted: Tue Oct 30, 2018 5:58 pm    Post subject: Reply with quote

It actually didn't ask me for any offers. With previous version of cheat engine it would ask during install. Or that there wouls be a popup in the browser. But no such thing. It downloaded directly from cheatengine org. I think sometimes other sites or servers intercept and make you download a modified cheat engine or something. It'd be nice to have a clean version. Even if that would mean donating some $ to support the work. I'm on a clean, bloatware free version, fresh install of windows. I'd like to keep it that way. Luckily Malwarebytes caught it in time but it's something to keep an eye on..


report 2.png
 Description:
 Filesize:  160.81 KB
 Viewed:  84551 Time(s)

report 2.png


Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page Previous  1, 2, 3 ... 30, 31, 32, 33, 34, 35  Next
Page 31 of 35

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites