Castle Paradox

Moogle1 · Posted: Sat Nov 01, 2008 12:30 pm Post subject: ATTN: Virus in Blob's Tale

See Calehay's posts in http://www.slimesalad.com/forum/viewtopic.php?p=7988, or just know that you should not download this game. Admins, please remove it ASAP. If you've already downloaded the game, you should run a thorough virus check.
_________________

Slime Salad :: Independent Game Design

Newbie_Power · Joined: 04 Sep 2006 Posts: 1762

Gosh dangit.

Better check my computer...
_________________

TheGiz> Am I the only one who likes to imagine that Elijah Wood's character in Back to the Future 2, the kid at the Wild Gunman machine in the Cafe 80's, is some future descendant of the AVGN?

Calehay · Posted: Sat Nov 01, 2008 12:37 pm Post subject:

To clarify, blobtale.exe (The namesake of the game) is the virus. The .msi also installs Blob Story.exe and Blob Story.rpg, which is the game.exe and an actual .rpg file. Those two are safe to use, but as the name of the game is supposed to be "Blob Tale," and the name sake of the virus file is such, one can only assume what KnightAdmin's intentions were.
_________________
Calehay

Inferior Minion · Posted: Sat Nov 01, 2008 1:37 pm Post subject:

Calehay · Posted: Sat Nov 01, 2008 1:44 pm Post subject:

Inferior Minion · Posted: Sat Nov 01, 2008 1:48 pm Post subject:

Gizmog1 · Posted: Sat Nov 01, 2008 9:31 pm Post subject:

I mentioned in my thread that he was in IRC. He appears as Anonymous at the end of this log, and I don't know if there's any information that can be gleaned from that. http://castleparadox.com/logs/castleparadox/2008-09-08.log

(Warning: Typical IRC antics involved. It's the Wild West in there. Look at your own risk)

In hindsight, it seems like a pretty obvious trap. Do I need to install an antivirus program, or do you think Spybot Search and Destroy would take care of it?

Bob the Hamster · Posted: Sat Nov 01, 2008 9:49 pm Post subject:

I have removed it from the monthly mirror. I'm also adding automated scanning to the mirror script.

I do notice that ClamAV identifies "The Crystal Globe" as containing Trojan.Agent-55637 ... but that zip file contains only a text file and an rpg, no executable at all, so I kinda suspect a false positive.

Shadowiii · **It's been real.** Joined: 14 Feb 2003 Posts: 2460

If it does, I have no knowledge of it.
Maybe that virus program is interpreting .rpg files as a virus of some sort? That would be something worth checking out.
_________________
But enough talk, have at you!

Gizmog1 · Posted: Sun Nov 02, 2008 11:23 pm Post subject:

Wasn't there an issue a few years ago with Sword of Jade rpg files registering a false positive?

Moogle1 · Posted: Sun Nov 02, 2008 11:43 pm Post subject:

No, there was an issue with Sword of Jade registering a correct positive. Sad...

_________________

Slime Salad :: Independent Game Design

Bob the Hamster · Posted: Mon Nov 03, 2008 8:46 am Post subject:

I re-scanned the Crystal Globe again today on the same machine, and it came up clean. I am pretty sure that it was a false positive caused by a bad over-general signature, which was removed since then.

FyreWulff · Posted: Mon Nov 03, 2008 10:46 am Post subject:

LeRoy_Leo · Posted: Tue Nov 04, 2008 7:07 pm Post subject:

What a clever child. Unfortunate that everyone here is so computer savvy.
_________________
Planning Project Blood Summons, an MMORPG which will incinerate all of the others with it's sheer brilliance...

---msw188 ---
"Seriously James, you keep rolling out the awesome like gingerbread men on a horror-movie assembly line. "

Bob the Hamster · Posted: Tue Dec 16, 2008 3:00 pm Post subject:

My antivirus scanner is claiming that the zip file for Crescent Dream (which contains an exe installer) is infected by Trojan.Banker-151

I have a feeling this is a false positive, but I would appreciate it if somebody else could check with another virus scanner.