Trojans in .exe
After two hours since it was downloaded from SourceForge
(https://sourceforge.net/projects/flare-game/files/Windows/flare_install_v1.09.01.exe/download),
Windows Defender found 2 Trojans at installer. Than I try to download
installer to Gmail but Google antiviruses also find some virus. Viruses are
also was founded at .exe after installation.
Data of corrupted files:
Name: flare_install_v1.09.01.exe
Size: 131143318 bytes (125 MiB)
CRC32: AC3DCFAD
CRC64: 894F43E3B65E1869
SHA256: 9DE609A9DC3399E783E7BD02FD520D
314C014BD6A224C6333F5EB3A3B462CFBB
SHA1: 664D10787F6EB5B218FD3D1CBADF285D1EFE2701
BLAKE2sp: 51FF42E0FAACB67180E03FA04E10952FD9162BBD5F72F06806E883676B00C409
Name: flare.exe
Size: 2753640 bytes (2689 KiB)
CRC32: 4BD1EFCB
CRC64: E2E7755C4B75B105
SHA256: 4C9890816FD5810804D6D08F8D739EB718B168A34DE627C9937748C23738592E
SHA1: B60BD1EFD1D20A3917B1EFC857F49ACE4C6DB96A
BLAKE2sp: 68CC9D51BDBF8533315D96DA4FEFB1751DD30E4221CD05146E1BE7A568B7D1E6
The problem maybe sourceforge itself; they went down the path of the jerk(TM) a few years ago and now install malware with most of it content, you should try another download source
I think this may be a false positive. The SHA1 sum matches the original files. If it *is* actually infected there's a chance that the flare-game zip is unaffected.
As an alternative, I've added the exe installer in addition to the zip file on the itch page.
FYI we use Nullsoft's installer, which AFAIK is entirely legit.
The flare.exe binary itself is compiled with mingw directly from the source code. The included libraries are the ones from the libsdl.org website.
I downloaded the file just now, ran a scan with three AV suites including Windows Defender... and nothing. I'm going to go with a false positive on this one. As far as I can tell this file is legitimate with no real threats.
As an aside, SF did go down the path of "mo money" but they've since resurrected themselves under new leadership. I still don't trust them (at all) but they've at least pulled the malware injection from the site.
- Leeor
Is there an alternative to sourceforge if sourceforge is crap now.
WinDefender alarmed suddently. It was about 2 trojans at installer. After forced scan it doesn't see anything. But Google still find virus at exe. As I see FLARE was updated at 2018-12-12. But previous files never were alarmed. 0 A. D. use Nullsoft's installer too but it never alarmed. My fault I didn't make screen.
google alerts on ALL .exe's that it doesn't see downloaded by tens of thousands of users. Did it say it was "definitely a virus"? or did it say "this could be a risk"?
--Medicine StormIt say "virus detected". I know about Google limitations but it say exactly "virus". Here screenshot:
I tried attaching the original flare.exe (i.e. not downloaded from anywhere) in Gmail and got the same message. I tried attaching other versions all the way down to 0.20, and still got the same message. I suspect what Medicine Storm said is correct in that Gmail just doesn't like obscure exe files.
Okay, so I hadn't updated my version of mingw since I originally set up my Windows VM. I updated it and rebuilt Flare to see if it made a difference. It sort of did, where I'm now getting a different message, "Blocked for security reasons", in Gmail. The "Help" link leads to a page that explicitly states that Gmail flags *any* exe file. So I guess this is better where it doesn't literally say "virus".
google is virus not the game lmao
open source