Fallout 2 utility ProtoManager virus?

False positive, either you put the proto manager in the exclusion list of your antivirus or don't trust/use it. Use Cubik2k's critter editor instead, and a hex editor if you want to edit some flags or other fields that are not available in the critter editor.
 
False positive, either you put the proto manager in the exclusion list of your antivirus or don't trust/use it. Use Cubik2k's critter editor instead, and a hex editor if you want to edit some flags or other fields that are not available in the critter editor.
ah yes i got that tool but i cant add my critter into,thats why i was looking for the proto manager
 
I took the source code and made a few changes to try to fix the false positive from antivirus, here's my test build. The test build (1.3.0.4) has NO functional difference from the original 1.3.0.3, it's merely for trying to solve the false positive.

At least now the up-to-date Microsoft Defender in my Win10 VM (in 21H2) doesn't report Trojan:MSIL/Remcos.ED!MTB threat on the exe, but I'm curious about the results from other antivirus programs as my NOD32 has been fine with it for some time.
 
Last edited:
well No Script security browser plugin script blocker, block potential cross site scripting attack it detects before proceeding to download, and later bitdefender, blocks the site warning me there's maliious stuff on that website, and if i ignore that, then bitdefender automatically erases the download, after it's been prefetched.. :((
 
same no-script warning for me, but Avira doesn't block the site, but it does flag and quarantine the exe when I try to extract it from the zip.
www.virustotal.com still has 34 flags on 1.3.0.4_test as of this afternoon (up from 31 this morning):
https://www.virustotal.com/gui/file/7d3d8569b1d44f2e5d15c631799f252b039f61e6e17d131e520433f219524cbc

virustotal's heuristics seem to get flags from more anti-virus programs the longer the file has been in their system, so it could still end up like 1.3.0.3's 45 flags:
https://www.virustotal.com/gui/file/300a75ae9e043d1a52ec4e71db6fd0ad0066c51fd1ceafd850d0d0c8e9491ac0

At this point I'm not sure if you found part of the problem or if the change just made the anti-virus heuristics slightly less able to catch whatever they're flagging.
I'm still new to programming, and I wasn't able to get a copy of this source code before he pulled it, but what method would you use to sort through source code to find bugs like this?
 
if the change just made the anti-virus heuristics slightly less able to catch whatever they're flagging.
I just tried to remove a few things related to networking and see if the Defender would still flag the exe because it's one of the most common anitvirus on more modern machines.
 
tried to remove a few things related to networking
That makes sense to look at.
If you click on the "Relations" page, virustotal shows a bunch of 20.190.160.xxx addresses being contacted. Is that what you're referring to?
-edit-
there's also a "Details" tab and a "Behaviors" tab that have some interesting information, though I'm unsure of their usefulness.
 
Wouldn't it be the best to cut all internet acces for this from the code?
I mean it's not like Mr.Stalin suddenly changes His mind and starts to provide updats to auto-download.. on the contrary from now on, the downloads could be maliscious, as Russia went berzerk on Ukraine, God only knows what sneaky forgery Russians are capapble of in order to succed in their attempt for world domination. Mr.Stalin guy seemes likely minded with Russian authorities mainstream, so chances are He'd cooperate with them..
just my two cents..
 
I think people should give Mr.Stalin a break, I don't think he would do anything malicious towards the Fallout community. He's caught up in the maelstrom like the rest of us.
 
I think people should give Mr.Stalin a break, I don't think he would do anything malicious towards the Fallout community. He's caught up in the maelstrom like the rest of us.
I do agree he wouldn't do such things. It's been flagged for quite some time, long before the recent political events.
TBH it's just some people don't want to take "false positive" and make a fuss about it.

On the other hand, I updated the test build with unnecessary prerequisite bootstrapper disabled, should have less flags on VirusTotal, and that's about it. I'd rather work on some text/info improvements than try to make antivirus proggies happy.

EDIT: OK, now I made a couple of fixes to 1.3.0.4:
1. The calculation of AI weapon priority score is corrected to match the current sfall fix.
2. Opening/closing the configuration settings doesn't reset the "Don't select on hovor" setting anymore.
 
Last edited:
I think people should give Mr.Stalin a break, I don't think he would do anything malicious towards the Fallout community. He's caught up in the maelstrom like the rest of us.

Like NovaRain said, the ProtoManager is like that for a long time and it's clearly a false positive. However, Mr.Stalin is openly a ruzzian, anti-western, and wants "all the american soldiers and ukrainian nazis to die." - that's 1:1 his words. I wouldn't touch any of his future software releases without an extra pair of gloves.

lol2.png
 
Like NovaRain said, the ProtoManager is like that for a long time and it's clearly a false positive. However, Mr.Stalin is openly a ruzzian, anti-western, and wants "all the american soldiers and ukrainian nazis to die." - that's 1:1 his words. I wouldn't touch any of his future software releases without an extra pair of gloves.
I'm glad there are ppl on this forum that have their eyes open like You Lexx, and don't keep their heads in their asses.. perhaps it's the close proximity to Russia, history lessons, and the fact that history likes to repeat itself is the thing that keepes us cautious. anyways I'm glad I'm not alone in this opinion :)
 
hey guys, am new here, would any of yall give me a google drive link of the manager so i can download it
 
Hi, all!
And what about early versions of ProtoManager before 1.2 ? Maybe somebody has v1.1.6 ?
Or they also had been detected as a virus?
 
Good question, I don't know where to get older versions though, so this may not be answered until Mr. Stalin bothers to return here.
Although, I doubt he would bother responding, since he hasn't bothered to clean up the code enough to remove the false positive yet.
 
Can someone share the source code of the lastest version to be investigated? This case is stinky as the github project is no longer public.
BTW: The version of 1.2.1 shared by Nirran is marked as malicious as well.
 
Back
Top