Page 1 of 1

[QVM41 malware] Indiedb

PostPosted: Thu Feb 25, 2016 9:23 am
by Danny
So Indiedb authorised my game, (YAY) but then a few hours later "Deleted it" and said my game contained Malware. Now their ignoring my emails and not explaining what the problem really is. [QVM41 malware] means nothing to me, why is it saying this? Whats it mean?

Why is GGMaker posing as a threat everywhere? Even Windows 10 is telling me its not safe. I personally know GGMaker/001 is NOT a virus, i also know its safe to use and the only event i have in my game that uses anything close to strange behaviour is the open browser event.

Re: [QVM41 malware] Indiedb

PostPosted: Thu Feb 25, 2016 10:21 am
by Lee
They're most likely seeing it as a false positive. As far as I'm aware, there isn't anything that can be done to GG Maker to fix this problem.

Re: [QVM41 malware] Indiedb

PostPosted: Thu Feb 25, 2016 5:47 pm
by Danny
Lee wrote:They're most likely seeing it as a false positive. As far as I'm aware, there isn't anything that can be done to GG Maker to fix this problem.


Is it possible that the current installer 001 uses to build the game is causing it to be flagged everywhere? Just asking its something someone from Indie DB mentioned in an email.

Code: Select all
Hi Daniel,

Apologies for the delayed response.

I downloaded your file to test it and chrome instantly detected it as a virus and removed it.

Are you using a third party installer for your game? I have a feeling that this is causing your file to be flagged as malicious. If you are using an installer for your game maybe potentially try another one and I can test that.

It's unfortunate that this is occurring but I'm sure we can work it out.

Kind Regards,
The Indie DB Team.

Re: [QVM41 malware] Indiedb

PostPosted: Thu Feb 25, 2016 11:25 pm
by kararty
First of all Chrome has a "security" feature where it would not allow anyone to download anonymous .exe files unless they disable the Safe Browsing feature. This person that is supposed to download anonymous .exe's to determine if they're malicious should be using a different browser: Firefox.

How to fix it? You either politely tell him to download the .exe file using another web browser (Firefox). If he wants more proof that it contains nothing malicious, upload your .exe to virustotal or a similar service and send him that link along with your .exe.

OR (best option) upload the file to Google Drive and send him that link, that should work since I've dealt with this issue before: Poop Clicker refused to be downloaded on Chrome when putting the .exe on my website so I had to mirror the file on Google Drive instead of hosting it myself. :D Good luck!

Question: How did they write about that QVM41 malware? Details? Or just plainly mentioning that it contained that malware? I'd understand if they mentioned it as PUP, but a trojan? Jeez, whatever they're using, it needs some updating.

Here's a link to some more solutions if none of the above helped you out.

Re: [QVM41 malware] Indiedb

PostPosted: Mon Feb 29, 2016 12:43 pm
by Danny
Hi Daniel,

Sorry that this has been a bit of a pain for you. I understand it is annoying but after consulting with other team members the file will have to remain offline as long as chrome is flagging it as malicious. Unaware users are going to attempt to download the file and even if it is not malicious downloaders will assume that it is. I understand that this seems to be a problem with the game making software/chrome and not yours but there is clearly some issues with the reading of the file as virustotal.com flags it as malicious as well.

Please let me know if you have any further questions.

Kind Regards,
The Indie DB Team.


Like its not hard for indie devs as it is... yet the odd thing its "Just" my game but every single other game located here http://www.indiedb.com/engines/001-game-creator that was made by GGMaker/001 seems to be fine...

Edit: Removed the "Open Browser Events" from the game and it still shows as a virus. There is no scripts that access the users browser now and theres no scripts that access the users computer in anyway (Wasnt any anyway except browser events)

Why my game? I even personally went out my way to download games from Indiedb that was created using GGMaker/001 and Chrome didnt say it may be a virus, it was fine with them? I even downloaded the latest game Malfunction and it was fine, though oddly that game was in a rar file and not a standalone exe like the others but still no problems with Chrome and no viruses, so why mine?

Also my laptop is virus free, i have ocd so i have an habot of running antivirus scans every single minute so i know my laptop doesnt have any that a virus could have jumped to, even if viruses can do that idk, but my games clean...

Re: [QVM41 malware] Indiedb

PostPosted: Mon Feb 29, 2016 1:29 pm
by kararty
http://blog.chromium.org/2012/01/all-about-safe-browsing.html
Google Chrome doesn't actually "scan", it just looks if the URL is not on their whitelist:
Malicious downloads are especially tricky to detect since they’re often posted on rapidly changing URLs and are even “re-packed” to fool anti-virus programs. Chrome helps counter this behavior by checking executable downloads against a list of known good files and publishers. If a file isn’t from a known source, Chrome sends the URL and IP of the host and other meta data, such as the file’s hash and binary size, to Google. The file is automatically classified using machine learning analysis and the reputation and trustworthiness of files previously seen from the same publisher and website. Google then sends the results back to Chrome, which warns you if you’re at risk.

So removing any scripts or events within your game won't help you, really... And it's not just (I'm pretty sure you've seen that website before, NOT.) you. x) :lol:

Re: [QVM41 malware] Indiedb

PostPosted: Mon Feb 29, 2016 1:34 pm
by Danny
kararty wrote:http://blog.chromium.org/2012/01/all-about-safe-browsing.html
Google Chrome doesn't actually "scan", it just looks if the URL is not on their whitelist:
Malicious downloads are especially tricky to detect since they’re often posted on rapidly changing URLs and are even “re-packed” to fool anti-virus programs. Chrome helps counter this behavior by checking executable downloads against a list of known good files and publishers. If a file isn’t from a known source, Chrome sends the URL and IP of the host and other meta data, such as the file’s hash and binary size, to Google. The file is automatically classified using machine learning analysis and the reputation and trustworthiness of files previously seen from the same publisher and website. Google then sends the results back to Chrome, which warns you if you’re at risk.

So removing any scripts or events within your game won't help you, really.


Well i havent "Repacked" the game and only uploaded it to 3 places, my website, 001 and Indiedb, indiedb being the people who say its a virus, as for links my website is regarded as safe and doesnt contain viruses or malware (Google itself says that) plus i have SSL though that doesnt mean anything and when i download from my website Chrome says its safe, which oddly the other day it said it was not a common download and could be dangerous but no longer says that, when uploaded to 001 and downloaded from 001 i get no virus alerts from Chrome... just seems to be Indiedb showing viruses.

Still this doesnt explain why it shows my game as a virus but not any other games made with GGMaker/001 that have been uploaded/downloaded from indiedb. Its almost like am being targetted...