Originally posted by 七夜Shichiya:

Originally posted by Slasher:

Sorry so is it just Windows giving false positives? I used the manual download button and slow 2mb download files were all the exact same, I still have a screenshot of what the trojan was from the mod, is there some way I can post maybe?

Sometimes Windows doesn't exactly know what the files do, so it just list it as "potential threat". However only the person who execute the files know what's up.

In most cases it's false positive. If you're still unsure about the files you could always check the properties online. Or if you're unsure about the virus, maybe a few google clicks would give you results if it's a real threat or not.

Usually you don't really need antivirus program other than the windows defender, if you know what you're doing. Most antivirus software doesn't do much anyway apart from hoarding your computer resources. So far if you don't download files from malicious sites or click on the wrong download button (usually redirects you to download a certain program), you're safe to go with your mods.

If you're still unsure, post the so called "Trojan code" and someone might give you some insight about it.

Yeah thanks for the info I should do some digging around, the files I got from this mod which Windows detected were:
Trojan:Script/Oneeva.A!ml (1 file quarantined the other failed)
HackTool:Win32/Keygen!MSR(1 file quarantined 1 removed and the other blank

Transmog... Well it is an ".exe" based mod that do "search" on MHW data then "modify" it according to your need. Of course antivirus would flag it as suspicious activity since applications usually won't alter data owned by other application. But really, if it had virus, the mod would be have taken down already. But the fact that it is been around for almost a month since last update means it is safe, no?

You can add the transmog app to exception OR you can do transmog manually instead which means using notepad alike and possibility be prepared for reading those "Matrix's green curtain" alike.

I had enough with anti-virus. For me, the Windows Defender which pre-installed and configured to my taste is enough already. Adding another anti-virus apps would just hogging down my PC ram and cpu.

Some anti-virus programs flag mods as Trojans due to the files being scripts. I got that one time with a mod that completely re-did the graphics for ff7 many years ago. That mod was such a ♥♥♥♥♥ to get working. I successfully manually installed it once (a process that took hours cause you had to manually replace dozens of files), and a short time after I got a new PC, and by then the creator made a script to automate the process, and my anti-virus went ballistic over it. Gave me a weird message like the one you posted thinking it was a trojan. It wasn't, so the script worked fine.

Just do your homework, and if you feel uneasy about it, then don't do it. Transmog is coming in an upcoming patch anyway. You can already layer weapons, and r12 layered weapons are coming soon.

your OS is already the biggest virus, don't worry big brother already have all your data, while you spend your time on facebook or love to buy on amazon. simply check out their logos and you quickly realise it is always satanic or freemason symbolism.

Yeah google said don't be evil, right same as good old Walter Ulbrich in the past as he said nobody has the intension to build a wall in east germany.

you haven't written any used software on your own so how do you know it isn't spyware?

The good old business with fear. What is so precious that you are worried to lose it?
can't you simply create a backup of important data to protect against ramsonware?
Use different devices for different Tasks.

The Antivirus softwares also only work against already existing viruses.
It is pretty similiar to covid, everyone is dying at the virus right now to give us a nice little vaccine.

Originally posted by cruste:

your OS is already the biggest virus, don't worry big brother already have all your data, while you spend your time on facebook or love to buy on amazon. simply check out their logos and you quickly realise it is always satanic or freemason symbolism.

Yeah google said don't be evil, right same as good old Walter Ulbrich in the past as he said nobody has the intension to build a wall in east germany.

you haven't written any used software on your own so how do you know it isn't spyware?

The good old business with fear. What is so precious that you are worried to lose it?
can't you simply create a backup of important data to protect against ramsonware?
Use different devices for different Tasks.

The Antivirus softwares also only work against already existing viruses.
It is pretty similiar to covid, everyone is dying at the virus right now to give us a nice little vaccine.

Tinfoil hat time

Lmao nexusmods doesnt have viruses tho

Originally posted by Remi:

Tinfoil hat time

Promis became Prism
cryptoleaks
shall i go on

Software developers are forced to implement backdoors for agencies, same goes for hardware developers.
some smart criminals will find these exploits and use it for their own interest.

Originally posted by Slasher:

Yeah thanks for the info I should do some digging around, the files I got from this mod which Windows detected were:
Trojan:Script/Oneeva.A!ml (1 file quarantined the other failed)
HackTool:Win32/Keygen!MSR(1 file quarantined 1 removed and the other blank

Script/Oneeva/A!ml is found to be false positive, there's no problem about this particular file (as far as I could search on Google)

but the HackTool:Win32/Keygen!MSR though, won't comment much about it. It's something related to piracy.

You're all good. Feel free to use your mod, or not. Have a great day

Originally posted by 七夜Shichiya:

Originally posted by Slasher:

Yeah thanks for the info I should do some digging around, the files I got from this mod which Windows detected were:
Trojan:Script/Oneeva.A!ml (1 file quarantined the other failed)
HackTool:Win32/Keygen!MSR(1 file quarantined 1 removed and the other blank

Script/Oneeva/A!ml is found to be false positive, there's no problem about this particular file (as far as I could search on Google)

but the HackTool:Win32/Keygen!MSR though, won't comment much about it. It's something related to piracy.

You're all good. Feel free to use your mod, or not. Have a great day

Yip thanks i got similar results from microsoft forum, just been sceptical thats all, gave it a try and is pretty fun:)

You could also go into the files manually - copy and edit the files in a way that it replaces the set you're wearing currently and then put it into the nativePC folder.
The only programm you'll need at this point, is a programm to extract the files from the chunk files.

That's at least how I do it.
Also my real armor I'm wearing does look fairly decent, because people in my lobby will see the original armor I'm wearing. Which then leads to less suspicion than wearing a clown set. Since people who do not mod the game in any way are sometimes really hardcore on their stance and will report you even for little things like transmog, Ui or VFX mods lol.

That tool, as an executable, directly searches and modifies the memory of another program (the game), so it is identified as a virus.

The tool itself is safe tho. Been using it since its release and no problem.

If you really do not like that, then you can use Cheat Engine to modify the memory yourself. It is comparatively much more tedious than using the tool, but they accomplish the same purpose.

If you do not like Cheat Engine either, then I would suggest using nativePC/pl/ to switch out some armors, preferably the layered ones, and replace them with ones you liked. This is, however, a client side solution where only you can see the type of armor you are wearing while others see the original ones.

Some games aren't written to be modifiable but you can stil modify the game using wrappers that will inject code into the running game engine or replace library files (DLL's as in this case) that will alter functionality, the problem with this though is that they can contain malicious code, so to be safe, even if it's on Nexus, you're best off avoiding this sort of mod because it's unlikely Nexus staff are going to extract and audit every bit of that code for you. If you're willing to take the risk and you simply want to reduce exposure then sticking to things hosted by Nexus is your best bet and after that perhaps installing Visual Studio or some other .NET compatible IDE (i prefer Rider) then you can inspect the code directly and even compile it yourself, also if the author has a github/bitbucket repository and exposes their code then that's a really good sign, if there's engagement on the github issues page and you can see knowledgeable people talking about features and bugs rather than "hacks" or "exploits" then that pushes you further into safety. This one does have a github and a lot of engagement on Nexus so to me i'd be less worried about it being a legit intruder. I would, however, find the offending file and the corresponding source code and compare it with what is extracted by a DLL extractor. The sort of thing you're looking for is anything that will want to write/read from files outside where you'd expect them to read/write, like /appdata/ThisGame or /steamLibrary/ThisGame .

Just be conscious of confirmation bias, if you see 10,000 people say it's clean, don't trust a single one if they haven't done an audit of the code themselves and exposed their work log. Take an image of your o/s and save it to a NAS or external hard drive then airgap it prior to using DLL mods just in case. I don't go this hardcore myself usually because I'm fairly confident i can spot a scam and i snapshot nightly anyway, but it's good to go into any foreign code hosting considering the impact of a complete system wipe. If you're not that fussed then the 1% possibility is probably fine :) Also if there IS an actual virus remember it doesn't have to be the Authors own virus, it could be that his or her machine was infected and they didn't even know, then their build files were infected at compile time. Same goes for Nexus themselves, however unlikely it might seem, the motivation for somebody to infect Nexus DLL hosting would be a huge incentive (think how much bitcoin mining you could do with 100,000 GPU's infected by a miner). Also the fact that A/V gives a false positive, how do you think that might impact a situation where there is an actual Trojan? The good/bad news is that if somebody wanted to hack via this method it likely wouldn't be detected anyway because it would be custom / targetted code, not generic, as they know where the file is going and what systems will be scanning it (Virus Total)

Also I would generally trust Nexus + Github source code above pretty much any other sourcee, but it's a continuum and it's best to prepare regardless of how confident others might be. Install Macrium Reflect, it's free and it'll image your drive for you very quickly and get itno regular snapshots then you don't have to learn much else, just restore when you make a mistake. :)

:) modding is usually more fun than this so don't let it put you off :)

i know you want use cheat because you are bad

alors maurice on dit pas la verité

Originally posted by Globox:

i know you want use cheat because you are bad

Average tds viewer right here, this writes itself.