don't click here

Possible AV scan result on "SHC2020 The Real Sonic 2" - false positive?

Discussion in 'Engineering & Reverse Engineering' started by Alex Field, Dec 3, 2020.

Tags:
  1. Alex Field

    Alex Field

    シュート! カオス・エメラルド・ザが消えようとしている! Member
    Okay so I have no idea why this happened, but I'm posting it here to warn all of you; this is EVEN WORSE than the Sonic Gather Battle debacle, so hear me out.

    So recently we had the 2020 Sonic Hacking Contest which, if you recall, was filled to the brim with Sonic 2 entries; among those entries is "SHC2020 The Real Sonic 2" by lavagaming1, which, despite being buggy, showed some promise. HOWEVER, while I was downloading the ROM to make a walkthrough of, this popped-up.
    Windows Security 3_12_2020 9_04_25 PM.png
    Yes, you read that right.

    According to my Windows Security antivirus, the archive containing the ROM image has the Conteban Trojan which is used for criminals and thiefs to get a backdoor to your computer. If it wasn't for Windows Security automatically detecting it, I would've lost both my PC, and my personal information. And I thought we already had enough with the FR incident that happened recently.

    To all those who have downloaded this, delete it and do a full scan of your PC. This includes all people who played and/or judged it; I do not tolerate this behaviour at all.
     
    Last edited by a moderator: Dec 3, 2020
  2. Overlord

    Overlord

    Now playable in Smash Bros Ultimate Moderator
    18,876
    731
    93
    Long-term happiness
    Are we sure this isn't a false positive? I just scanned it myself and nothing. Apparently Conteban and Wacatac false positives are a relatively common thing with certain Windows security definitions and zip (and some document type) files.

    Have edited topic title to something less dramatic and put it in the correct subforum.
     
    Last edited: Dec 3, 2020
  3. GerbilSoft

    GerbilSoft

    RickRotate'd. Administrator
    2,906
    40
    28
    USA
    rom-properties
    This is definitely a false positive. It's a Mega Drive ROM image, not a Windows executable. The only way it could run malicious code is if you renamed it to .exe *and* added a PE header (and malicious x86 code).
     
    • Like Like x 12
    • Agree Agree x 2
    • List
  4. Scarred Sun

    Scarred Sun

    Be who you needed when you were younger Administrator
    7,744
    125
    101
    Tower 8 ️
    Welp, this.
    I've actually had this happen in the past for other items--basically, virus heuristics sometimes make broad judgments based on code that can look malicious, even if it's not being used in that way (or in this case, could even BE used that way).

    To fix the issue, open Windows Security and go to Virus & threat protection. Under Virus & threat protection settings > Exclusion, select Add or remove exclusion and then add the path to the 7z file.