Malware alert in OpenRTC2.com

[FreihEitner]

Getting a warning today after launching / downloaded latest OpenRCT2 for Windows. This comes up immediately after the update completes.  Windows Defender gives me a Severe Alert about a trojan called Wacatac.B!ml

I'm on Windows 10 version 1903, fully patched as of 2019-11-18.

[jensj12]

Search a bit on this forum and you’ll find out that this happens quite often. It should be a false positive, but if you’re not sure, you can download the source code, inspect it and build the game yourself.

[RollerBoaster]

It can be a false positive as has been stated or down to a compromised hosting website (corrupted file), there's probably some clever way to avoid the latter but I'm not expert enough to know.

 

Some things I've had on older computers reported as false positives on newer ones have been fine when I've transferred them without the installer- which is of course not an option for ORCT- antivirus software is sometimes too cautious but you want it to block anything that is a risk.

 

You can submit false positives to AV companies for them to look into, but I imagine this isn't a quick process!

 

Update: as of 24 11 19 Norton AV is happy, nothing about Wacatac came up Windows sometimes just warns you something wants to install- it's just checking you trust the source of a file, if it asks about making changes to your PC or an unknown file without any virus/malware alert it's just checking it's something you've chosen to install and that you want to proceed.

 

The other cause of virus warnings could of course be a problem with something else on the pc or just out of date AV data if something's been checked as OK which an AV update would register, sometimes it pays to wait a bit as new files may not have been added to AV safe lists yet.

Edited November 24, 2019 by RollerBoaster
Update

[Ruedii]

There is the SHA-256 checksum information on the website.

Check that this matches your downloaded file before running it if you encounter such an error.
Windows provides a nice list of checksums on files in the properties menu last I checked.  (Some newer Linux desktop environments are implementing this feature as well.  There are GUI utilities for listing the checksums of a file on all Operating Systems too.)

[X7123M3-256]

Validating the SHA-256 checksums shown on a download page doesn't confirm that a download is not malicious - anyone that could tamper with the download page could just change the checksum to match. That's why digital signatures exist.

That said, this is almost certainly a false positive. It's a common issue. If you got the binary from the official site (openrct2.io) or this site, and the browser didn't warn you about an insecure connection then I wouldn't be concerned.

[Andrew]

I just want to point out that most anti-virus programs are absolutely useless. Norton is one of those, I wouldn't trust anything the program tells me. The best way to get rid of viruses on windows is to have a dual boot of a linux distro, boot into that, and manually remove the virus/malware. The best way to prevent viruses is to open any file you're unsure of in a virtual machine. All Anti-virus programs like Norton are actually far worse for your PC than most viruses. I've never ever had any problems that I couldn't fix myself since i was a 16 year old kid.