Jump to content
OpenRCT2
Sign in to follow this  
FreihEitner

Malware alert in OpenRTC2.com

Recommended Posts

Getting a warning today after launching / downloaded latest OpenRCT2 for Windows. This comes up immediately after the update completes.  Windows Defender gives me a Severe Alert about a trojan called Wacatac.B!ml

I'm on Windows 10 version 1903, fully patched as of 2019-11-18.

Share this post


Link to post

Search a bit on this forum and you’ll find out that this happens quite often. It should be a false positive, but if you’re not sure, you can download the source code, inspect it and build the game yourself.

  • Like 1

Share this post


Link to post

It can be a false positive as has been stated or down to a compromised hosting website (corrupted file), there's probably some clever way to avoid the latter but I'm not expert enough to know.

 

Some things I've had on older computers reported as false positives on newer ones have been fine when I've transferred them without the installer- which is of course not an option for ORCT- antivirus software is sometimes too cautious but you want it to block anything that is a risk.

 

You can submit false positives to AV companies for them to look into, but I imagine this isn't a quick process!

 

Update: as of 24 11 19 Norton AV is happy, nothing about Wacatac came up :) Windows sometimes just warns you something wants to install- it's just checking you trust the source of a file, if it asks about making changes to your PC or an unknown file without any virus/malware alert it's just checking it's something you've chosen to install and that you want to proceed.

 

The other cause of virus warnings could of course be a problem with something else on the pc or just out of date AV data if something's been checked as OK which an AV update would register, sometimes it pays to wait a bit as new files may not have been added to AV safe lists yet.

Edited by RollerBoaster
Update

Share this post


Link to post

There is the SHA-256 checksum information on the website.

Check that this matches your downloaded file before running it if you encounter such an error.
Windows provides a nice list of checksums on files in the properties menu last I checked.  (Some newer Linux desktop environments are implementing this feature as well.  There are GUI utilities for listing the checksums of a file on all Operating Systems too.)

Share this post


Link to post

Validating the SHA-256 checksums shown on a download page doesn't confirm that a download is not malicious - anyone that could tamper with the download page could just change the checksum to match. That's why digital signatures exist.

That said, this is almost certainly a false positive. It's a common issue. If you got the binary from the official site (openrct2.io) or this site, and the browser didn't warn you about an insecure connection then I wouldn't be concerned.

Share this post


Link to post

I just want to point out that most anti-virus programs are absolutely useless. Norton is one of those, I wouldn't trust anything the program tells me. The best way to get rid of viruses on windows is to have a dual boot of a linux distro, boot into that, and manually remove the virus/malware. The best way to prevent viruses is to open any file you're unsure of in a virtual machine. All Anti-virus programs like Norton are actually far worse for your PC than most viruses. I've never ever had any problems that I couldn't fix myself since i was a 16 year old kid.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...