Jump to content

Malware alert in OpenRTC2.com


Recommended Posts

Getting a warning today after launching / downloaded latest OpenRCT2 for Windows. This comes up immediately after the update completes.  Windows Defender gives me a Severe Alert about a trojan called Wacatac.B!ml

I'm on Windows 10 version 1903, fully patched as of 2019-11-18.

Link to post

It can be a false positive as has been stated or down to a compromised hosting website (corrupted file), there's probably some clever way to avoid the latter but I'm not expert enough to know.

 

Some things I've had on older computers reported as false positives on newer ones have been fine when I've transferred them without the installer- which is of course not an option for ORCT- antivirus software is sometimes too cautious but you want it to block anything that is a risk.

 

You can submit false positives to AV companies for them to look into, but I imagine this isn't a quick process!

 

Update: as of 24 11 19 Norton AV is happy, nothing about Wacatac came up :) Windows sometimes just warns you something wants to install- it's just checking you trust the source of a file, if it asks about making changes to your PC or an unknown file without any virus/malware alert it's just checking it's something you've chosen to install and that you want to proceed.

 

The other cause of virus warnings could of course be a problem with something else on the pc or just out of date AV data if something's been checked as OK which an AV update would register, sometimes it pays to wait a bit as new files may not have been added to AV safe lists yet.

Edited by RollerBoaster
Update
Link to post

There is the SHA-256 checksum information on the website.

Check that this matches your downloaded file before running it if you encounter such an error.
Windows provides a nice list of checksums on files in the properties menu last I checked.  (Some newer Linux desktop environments are implementing this feature as well.  There are GUI utilities for listing the checksums of a file on all Operating Systems too.)

Link to post

Validating the SHA-256 checksums shown on a download page doesn't confirm that a download is not malicious - anyone that could tamper with the download page could just change the checksum to match. That's why digital signatures exist.

That said, this is almost certainly a false positive. It's a common issue. If you got the binary from the official site (openrct2.io) or this site, and the browser didn't warn you about an insecure connection then I wouldn't be concerned.

Link to post
  • 2 months later...

I just want to point out that most anti-virus programs are absolutely useless. Norton is one of those, I wouldn't trust anything the program tells me. The best way to get rid of viruses on windows is to have a dual boot of a linux distro, boot into that, and manually remove the virus/malware. The best way to prevent viruses is to open any file you're unsure of in a virtual machine. All Anti-virus programs like Norton are actually far worse for your PC than most viruses. I've never ever had any problems that I couldn't fix myself since i was a 16 year old kid.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...