Fallout 2 utility ProtoManager virus?

Discussion in 'Fallout General Modding' started by QuantumApprentice, Jun 21, 2021.

  1. kokeeby

    kokeeby First time out of the vault

    49
    Jul 4, 2019
    https://github.com/rotators/fallout-tools
     
  2. Tygernoot

    Tygernoot First time out of the vault

    42
    Jan 8, 2004
    I just compiled the latest source from the above repository and no longer get any virus / trojan warning on it from MS Defender. I attached the binary in case anyone wants to try it.

    Sort of a shame, I wanted to figure out which bit of code was causing the issue.
     

    Attached Files:

  3. NovaRain

    NovaRain Casual Modder Modder Moderator

    Mar 10, 2007
    The binary has much less warnings from VirusTotal. What version of Visual Studio do you use?
    Only the text in the "info" textbox is messed up.
     
  4. Tygernoot

    Tygernoot First time out of the vault

    42
    Jan 8, 2004
    I'm on VS Community 2019.
     
  5. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    32 out of 67 antivirus vendors flagging it doesn't seem very good though.
    I've also noticed that when I drop a different version of ProtoManager on virustotal, it seems to take about a week before some of the anti-virus software will flag it.
    So I definitely recommend checking it a couple of times throughout the week before assuming it's better than the last compile.
     
  6. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    The code is right there, everyone can check it. And if someone is able to fix the false-positive, please, go ahead. Otherwise this is just pointless chatter that keeps getting repeated over and over again.
     
    • [Rad] [Rad] x 1
  7. QuantumApprentice

    QuantumApprentice Look, Ma! Two Heads!

    365
    Feb 9, 2018
    fair enough, I sure do wish I had enough experience to figure out what's causing the false positive myself
     
  8. Tygernoot

    Tygernoot First time out of the vault

    42
    Jan 8, 2004
    My guess is that it is because of the amount of file I/O the application is doing.

    E.g. the virustotal report is reporting on the modification of file and directory permissions.

    I removed a ton of File and Directory API calls that delete directories and change permissions, and it reduced the number of positive reports down to 11/70.

    I didn't go through the full code obviously, but I also didn't spot anything in particular on the application calling home or other dodgy stuff. Anyone who is feeling adventurous enough (and who doesn't dislike VB too much :p) can likely eliminate all the culprits in the code.
     
  9. Lexx

    Lexx Testament to the ghoul lifespan
    Moderator Modder

    Apr 24, 2005
    Will this not render the tool useless? After all, it's whole point is to edit (proto) files in that way.
     
  10. Tygernoot

    Tygernoot First time out of the vault

    42
    Jan 8, 2004
    I meant to test getting rid of the (potentially) false positives in an attempt to figure out where they are coming from, not to release a version with that functionality removed :)
     
  11. pacol

    pacol First time out of the vault

    2
    Jan 2, 2023
    Thanks for the Github link! I was checking the code, but unfortunately I hadn't have enough time to dive deeply. I like to perform researches like that so if I find something I will let you know here. As I don't feel like it is a good idea to use this software (taking into account situation with the developer and the fact that the code seemed to be legit before) I will just stick with suggested Cubik2k's critter editor.