Fallout 2 utility ProtoManager virus?

QuantumApprentice

Look, Ma! Two Heads!
https://www.nma-fallout.com/resources/fallout-2-proto-manager.73/
https://github.com/FakelsHub/F2_ProtoManager/

I've been getting a couple of reports from viewers that the Fallout 2 Proto Manager is setting off their antivirus software. Because it's not setting off mine (Avira) I've just been asking them to report it to the github with details about the detection.
One viewer suggested VirusTotal as a way to tell if it's really a virus. Apparently VirusTotal is a website that will scan executables and compare the results to some 60 different antivirus softwares.
I'm unsure how to read this though, and I'd like some feedback from anybody willing to look.
https://www.virustotal.com/gui/file...22a4b45b668d525471abda54b303dd34088/detection

I've also contributed a new issue to the github with this information just in case they don't hang out in this forum :) .
Original discussion here:
Code:
https://youtu.be/vCPc1gxPtKk
 
Last edited:
Thanks for the link, navigating github is still new to me.
Also I added a link to the VirusTotal report, sorry I missed it when creating this post earlier.

I've read that it's possible to offer files to antivirus software companies to be scanned to verify they don't contain viruses and possibly remove the false positive flags:
"To be fair most AV vendors have Web sites to submit false positives"
(https://weblog.west-wind.com/posts/2016/oct/05/dealing-with-antivirus-false-positives).
Do you, or anybody reading this, have any experience with this? If so, could you explain how to do this?
 
NOD has fixed its virus database, now ProtoManager.exe it is not detected as a threat.

For other antivirus products:
You should personally contact the manufacturer of your antivirus and ask them to fix the virus database.
 
Last edited:
Hey I’m a viewer of your channel and I can’t find the Proto manager please help
 
It was removed because evil westerners aren't allowed to use it.

Anyways, find the latest version here.
 
It started here. Not going to comment on it anymore, it's just a waste of time.
 
It doesn't have a virus ....
I was under that impression too, given that it was open source (until recently).
Would you happen to know what was setting off the anti-virus software?
I have limited experience making programs, but I've had one C# gui interface set off my antivirus when I added an open file dialogue.
 
I've had the same issue with win10 defender, it kept deleting the app on a regular basis after the win loads. I restored it/add exception but after a day or so it went back to the quarantine. It's mutating and got detected as another variant, sounds familiar alright :) Now i just use the app inside the virtual matrix where the agents can't reach :) This is my experience with the trilogy only i recognize.
 
I compiled the binary from the source and it was still reporting as a virus. Have no idea what's going on, didn't dig further into it. It's possible that it has some CVE/insecurely written code triggering AVs.
 
I believe you when you say there's no virus, but I don't know enough to make counter arguments for what virus total shows. This one definitely sets off the anti-virus programs, so there probably is some insecure code or something, just wish I knew what.
 

Attachments

  • protomanager1.3.03.png
    protomanager1.3.03.png
    195.1 KB · Views: 226
It could be the case of a false positive. A lot of antivirus software these days tag certain files and software as a danger because they try to "detect threats before they exist", more and more files and software that is safe keeps being falsely tagged as dangerous these days.

I started to call antivirus that do this "paranoid software". Some antivirus even break the installation of TTW (a massive FNV modding project) because it tags some files and behaviour of the installer as a threat. And I can personally guarantee that there's nothing malicious in our installer.
 
Yeah, it probably is a false positive, but when 39 out of 69 anti-virus softwares ping it on virus total, it looks less and less likely.

If you've had experience where antivirus software has false flagged a program you've worked on, did you determine which section of code was causing the false positive?
What steps did you take to figure that out?
And why hasn't something similar been done for protomanager?

Either way, I've had people asking me why there's a virus, and prior to this I've simply said it's open source and I don't believe the modders would put one in. I no longer feel comfortable saying that, and would rather have a better understanding of why it's tripping that many anti-virus programs alarms.
 
The source is available, someone can just look it up ... The software is reported as false positive already since a long time. Don't know why it's suddenly such a big deal.
 
Back
Top