Reported virus in CSBwin

Discuss Chaos Strikes Back for Windows and Linux, an unofficial port of Chaos Strikes Back to PC by Paul Stevens, as well as CSBuild, an associated dungeon editor.

Moderator: Zyx

Forum rules
Please read the Forum rules and policies before posting.
Post Reply
User avatar
Paul Stevens
CSBwin Guru
Posts: 4099
Joined: 8-Apr-01 16:00
Location: Madison, Wisconsin, USA

Reported virus in CSBwin

Post by Paul Stevens » 2-Jun-16 00:02

I have a report of a virus (Maltule) in:

http://dianneandpaul.net/CSBwin/Games/D ... 151213.zip

I cannot duplicate this observation.
I scanned the zip file, its contents, and my entire computer.
Could some kind soul see if they can detect a virus in this file?

User avatar
Zyx
DSA Master
Posts: 2564
Joined: 5-Jun-00 11:53
Location: in the mind
Contact:

Re: Reported virus in CSBwin

Post by Zyx » 2-Jun-16 01:35

Nothing found with AVAST.

User avatar
Paul Stevens
CSBwin Guru
Posts: 4099
Joined: 8-Apr-01 16:00
Location: Madison, Wisconsin, USA

Re: Reported virus in CSBwin

Post by Paul Stevens » 2-Jun-16 01:57

Thanks, zyx. I am using AVG. Anyone else using a third anti-virus program?

User avatar
Gambit37
Should eat more pies
Posts: 13203
Joined: 31-May-00 11:57
Location: Location, Location
Contact:

Re: Reported virus in CSBwin

Post by Gambit37 » 2-Jun-16 16:46

I can check with Eset NOD32 when I'm back from holiday next week.

User avatar
ChristopheF
Encyclopedist
Posts: 1259
Joined: 24-Oct-99 12:36
Location: France
Contact:

Re: Reported virus in CSBwin

Post by ChristopheF » 3-Jun-16 20:30

I just scanned with Windows Defender on Windows 10, and indeed it detects "Trojan:Win32/Maltule.C!cl" in this archive.
The same is true for CSB_Windows_x86-32_20151213.zip and Conflux_Windows_x86-32_20151214.zip
As the other antivirus do not detect anything, this is probably a false positive with the latest virus definitions. Still annoying, though...

User avatar
Paul Stevens
CSBwin Guru
Posts: 4099
Joined: 8-Apr-01 16:00
Location: Madison, Wisconsin, USA

Re: Reported virus in CSBwin

Post by Paul Stevens » 3-Jun-16 23:17

Thanks much, Christophe.

Is it possible to determine if the reported virus is confined to
the .exe file? If so, I could re-compile with different
options (optimizations, perhaps?) that might make
Windows Defender happier. Perhaps I can find someone
else who can compile the program and see if they get
the same result. Or did the virus get added during
the process of creating the zip file.

Any idea how to determine if this is indeed a false
positive? I have no idea how these things work. Is there
anywhere to go to verify such things? To report them?
This is a pretty ugly situation, whether it be true or false.

User avatar
Paul Stevens
CSBwin Guru
Posts: 4099
Joined: 8-Apr-01 16:00
Location: Madison, Wisconsin, USA

Re: Reported virus in CSBwin

Post by Paul Stevens » 3-Jun-16 23:44

I just asked 'VirusTotal' to check the .zip file.
It ran 56 different virus checkers and they all reported
the file to be clean. Windows Defender was not one of them.

Hmmmmm....

I reported this as a false positive to:
https://www.microsoft.com/en-us/securit ... ubmit.aspx
with a few comments.

User avatar
ChristopheF
Encyclopedist
Posts: 1259
Joined: 24-Oct-99 12:36
Location: France
Contact:

Re: Reported virus in CSBwin

Post by ChristopheF » 4-Jun-16 08:16

Yes the "virus" is confined to csbwin.exe.

Post Reply