私はカスペルスキーからTrojan.DarkHotelが検出してました…

私もトレンドマイクロのウイルスバスターで、
th11.exe　から「TROJ_GEN.R011C0WF320」を検出して自動削除されてます。

"TR/DarkHotel.twnbe" from Avira on th11.exe.
Also "TR/DarkHotel.mxsap" from Avira on th12.exe.

VirusTotalのチェッキングも好に見えません / Checking on Virustotal doesn't look good too
https://www.virustotal.com/gui/file/e42c8df5ba2d704fb6bd5c50d9fb35c49ebf3122dab75b19b7ed17b6bc84166d/detection

Looks like some kind of trojan, bitdefender detects it as Trojan.GenericKD.339142. WTF, why is this on steam?

After looking around a bit, I found that a site called moriyashrine.org uploaded a file for Touhou 12 with the same darkhotel trojan on April 20th, 2018. Other users have also stated that ZUN will be unlikely to sell other touhou games in the series due to losing the source code for many of them. This is merely conjecture, but I believe that ZUN had lost the original source codes for touhou 11 and 12, and instead has uploaded pirated, infected game files to steam.

I contacted steam support 12 hours ago asking if it was a false positive, but I have received no reply. Will update when I receive one.

My antivirus software has given me the same warning. Steam should fix this!

Originally posted by "Mad Jack":

My antivirus software has given me the same warning. Steam should fix this!

Try contacting steam support about it, hopefully the influx of support requests will finally get them to do SOMETHING about this. I mean jesus christ, this game has been up for two days now and neither steam nor Mediascape have addressed this.

Just got the reply from steam support,

"
I do want to mention that products shipped on Steam are scanned for viruses before we make them available to download. The issue you are experiencing is most likely due to a false positive with the anti-virus software on your computer.

Anti-virus software commonly uses heuristic or fuzzy matches for virus or malware-like behavior and a side effect of this is that false positives can be common with some anti-virus vendors.

Our recommendation is to contact your anti-virus vendor if you are concerned and want additional clarification on the issue they are detecting. You may need to exclude the folder containing the falsely detected executable from your anti-virus scanning in order to proceed using Steam or installing/playing the impacted product."

Not sure how accurate it is though since the virustotal scan had 39/68 engines detecting it as a trojan.

The virustotal page lists Microsoft, is that Win10's built-in security program? Because when I installed and ran all three games a day ago, that antivirus did not detect anything malicious. Currently running some other programs to see what they report.

Originally posted by Remi:

The virustotal page lists Microsoft, is that Win10's built-in security program? Because when I installed and ran all three games a day ago, that antivirus did not detect anything malicious. Currently running some other programs to see what they report.

On the contributors page of virustotal, it's listed as Microsoft (Malware Protection), which is the same engine used in Windows Defender. Do you have any windows updates you haven't installed yet?

Originally posted by danny1145:

Originally posted by Remi:

The virustotal page lists Microsoft, is that Win10's built-in security program? Because when I installed and ran all three games a day ago, that antivirus did not detect anything malicious. Currently running some other programs to see what they report.

On the contributors page of virustotal, it's listed as Microsoft (Malware Protection), which is the same engine used in Windows Defender. Do you have any windows updates you haven't installed yet?

Both Windows and the Defender are up to date.

Originally posted by Remi:

Originally posted by danny1145:

On the contributors page of virustotal, it's listed as Microsoft (Malware Protection), which is the same engine used in Windows Defender. Do you have any windows updates you haven't installed yet?

Both Windows and the Defender are up to date.

Not sure then, but there is a possibility it is a false positive from other AVs. I would say to treat it cautiously and run a few scans on it with other malware scanners like malwarebytes, but I have yet to see the game actually commit any malicious actions. Still, if you feel like you don't want to take the risk, just delete the games and do a boot scan to make sure they don't leave any remnants.

Originally posted by danny1145:

Originally posted by Remi:

Both Windows and the Defender are up to date.

Not sure then, but there is a possibility it is a false positive from other AVs. I would say to treat it cautiously and run a few scans on it with other malware scanners like malwarebytes, but I have yet to see the game actually commit any malicious actions. Still, if you feel like you don't want to take the risk, just delete the games and do a boot scan to make sure they don't leave any remnants.

I have deinstalled them for now. I am also going to run Kasperskyto see whether it detects something as indicated on virustotal. Thanks for your information and help!

Originally posted by Remi:

Originally posted by danny1145:

Not sure then, but there is a possibility it is a false positive from other AVs. I would say to treat it cautiously and run a few scans on it with other malware scanners like malwarebytes, but I have yet to see the game actually commit any malicious actions. Still, if you feel like you don't want to take the risk, just delete the games and do a boot scan to make sure they don't leave any remnants.

I have deinstalled them for now. I am also going to run Kasperskyto see whether it detects something as indicated on virustotal. Thanks for your information and help!

No problem, man.