Originally posted by <3 Papi best girl <3:

Any updates about the trojan issue? I've requested a refund 2 days ago and haven't had a reply so far. It would be nice if we got a little update that they're looking into it or something like that.

No updates, all steam support has said is that the files were scanned prior to the game's release and that it's likely a false positive.

Originally posted by Exp HP:

Originally posted by Sable:

I just bought a physical copy of the original release on Amazon to cross-reference with the Steam version's VirusTotal report. If it is identical, it's a false positive because the game predates the DarkHotel malware by six years. Will keep y'all posted.

Unfortunately, the VirusTotal report will almost certainly not match between the two games. The steam copy is encrypted with steamstub DRM, so basically every byte in the executable code section is different. Rather, they're either detecting the suspicious actions of steamstub (DRM does have to do some shady business to make it difficult to reverse engineer), or perhaps, as Skelerin suggested above, some sequence of the encrypted bytes happens to resemble a virus.

What you can do is check that, once the game is running, that the bytes in memory of the executable's .text section (the part that contains executable code) are identical to the non-steam version. I have done this with TH16; and a prominent member of the modding community in the english Touhou Project Discord says they checked with TH11.

The thing is, the version of the game hosted on Moriya Shrine since 2018 also has this anomaly. The VirusTotal report also suggests that it phones home to an external IP address (209.85.234.102) if you check the other tabs.

Regardless, fair point as to why it wouldn't match - and it didn't. Three no-name antivirus suites recognize it as being DarkHotel, but this is likely because of surface-level filename comparisons with the Steam and Moriya Shrine versions.

https://www.virustotal.com/gui/file/2978b17f6184d100d249d4311348dd30c5c32ec75c014b667a525b797d3d8813/detection

Given the different behaviours between the Steam release of TH11 and whatever my decade old one on my HDD is, I'm more than willing for either Steam to do something or for AV heuristics to get a little less restrictive as it doesn't sit right with me for them to act differently. Flagged it to Avast for them to check it anyway as that's the AV that keeps blocking TH11 and 12's Steam downloads for me.

TH12 though might be fine given even though they have different detection pages on Virus Total (figure for enabling the Steam release), from what I can tell the files and registry they access are the same between Steam's release and whatever my old one is (Steam: https://www.virustotal.com/gui/file/91919e9bc48babdcb6c6eab2906d670a25634d9f8e6e4884f35dc4a61fb8bde3/behavior, whatever mine is gets detected as: https://www.virustotal.com/gui/file/d8d644d2e64957a3031b1a1399d0502e1ddaa5252d2c4e492770ad6717827628/behavior ).

Originally posted by Sable:

The thing is, the version of the game hosted on Moriya Shrine since 2018 also has this anomaly. The VirusTotal report also suggests that it phones home to an external IP address (209.85.234.102) if you check the other tabs.

This is interesting, because this sounds like objective information that somebody with better cybersec chops could maybe test and verify on an isolated machine?

That said, do I understand correctly that the link you posted is for the CD version? I ask because the MD5 and SHA-1 of the file match the one on Moriya Shrine:

MD5: 6AF1E3B37F28293F4FC127EE01D2632C
SHA-1: 2B1CE5FBFD2D4480B709FCFC5E75C280F518A951

meaning it is identical to the Moriya Shrine version.

Originally posted by Primate:

As of today Windows Defender identifies Trojan:Win32/Vigorf.A within the Touhou 11 executable prompting an automatic quarantine. This has not been the case in the days prior. Malwarebytes does not detect any threat within the executable.

got same issue now

it was playable before tho

My windows defender detected "Trojan:Win32/Vigorf.A"
sTeAm, pLeAseE fiX iT

I bough Moutain of Faith and I didn't got any problem like SA

Originally posted by Guik0:

I bough Moutain of Faith and I didn't got any problem like SA

As far as anyone can tell, there are no problems with MoF. Only SA and UFO seem to have this issue at present.

I tried to push steam's standard response for more information, but I guess it's not surprising that they don't know any more than we do. I asked them to verify that the results are a false positive, but the only statement they can offer is that they scan all products before making them available.

So... uh.... someone want to contact Microsoft? or at least Mediascape?

Communications with Steam Support for reference:

Originally posted by Me:

Currently 44 out of 73 different scanners are identifying this as a virus. Furthermore, Windows Defender is quarantining this file. ->That is Windows 10's built in virus protection blocking the use of the executable.<-

There is currently much concern about this. There are discussions on various forums and many people are awaiting further confirmation before playing/purchasing this game. It would be helpful if we could get a ->firm<- statement of "The flagging of this game by Windows Defender, as well as other virus scanners, is a false positive".

Originally posted by Steam Support:

The information that we've provided in our previous message is all the information that we have to offer at this time. Before being made available for download, all products on Steam are scanned for viruses.

If you still have concerns, we recommend that you contact the manufacturer of your anti-virus software.

Since there's not much more that I can say or do to be of help with this particular issue, I am going to close this help request.

If you have questions on an unrelated issue, please create a new help request and we will be happy to help you.

Steam Support

It could also be entirely possible that the IP it's pinging is one of Steam's servers

I have received a notice from my antivirus as well saying "Trojan:Win32/Vigorf.A"
When I tried playing the game earlier this week, it shut down on its own.

I got a Trojan:Win32/Ymacco.AB91 on windows defender, people are getting possitive for different virus it seems which I guess makes it clear its a false positive, but it is still really annoying that we cant play this cause of that.

Any update on weather the copy on steam is identical to the original release?

Huh...just happened to me. I know McAfee isn't perfect but it suddenly removed the .exe for SA just now and this is the only one it happened with. No idea.

I'm using McAfee too, It worked with McAfee for a bit but I ended up deleting it but keeping the key for it. If you can I would suggest turning off 'Real Time Scan" as thats what seems to keep hitting my Game.