Well, where is your "proof"?

You're showing that Malwarebytes suspects malware as a result of _heuristic_ analysis. Heuristic analysis is, by definition, guesswork. It's a tool that is meant to find yet unknown threats, by looking for similarities and then taking a guess.

If you're not visiting shady websites, then more than 99% of heuristic reports on your machine will be false positives. This is intended. The idea of forward-looking malware protection is to never let actual malware through. So in order to protect from malware that has never been seen before, all antivirus tools intentionally err on the side of caution - very much so. Lots of games produce heuristic alerts like this (because games do a couple of things that viruses also have a reason to do) until the antivirus programs whitelist them.

What you can do in such a case, is to send the file to your antivirus provider for analysis. Every provider worth its salt has a lab for this purpose. You can also upload the file to virustotal.com to see what other antivirus tools have to say about it, though this won't be 100% reliable.

Asking the developers is kind of pointless because if you even get an answer, it will _always_ be "It's a false positive". Seriously, if you're willing to entertain the thought that the Dead Cells devs would put malware into their game, do you really think they would openly admit it? In both cases, the answer will be "no", and you'll still see the same report from Malwarebytes until something else changes. And what then?

I see you edited your post after I pointed out that a heuristic analysis cannot constitute a "proof" of a virus.

Originally posted by The real GOW:

For those who do not understand, A heuristic virus is a nickname given to the malware Heur. Invader, a virus that can disable antivirus software, modify security settings, and install additional malicious software onto your computer.

Oh, come on. I don't mind that you're not understanding these things, it's not really day-to-day knowledge. But what you're doing here, is copy/pasting information from a Google search that you obviously have no idea about.

So, first: You have to understand that there's a difference between heuristic analysis, and this "nickname" for one particular virus that you've dug up on the net. The first describes a well-known analysis method, a type of _algorithm_ that every major antivirus tool is using. The second is an (ill-chosen) nickname for one particular virus, "Heur.Invader". Your Malwarebytes report clearly shows that this was _not_ a report of that virus - if that were the case, then the report would have been about "Heur.Invader", not about "Malware.Heuristic.1003".

You could have easily found this out yourself by just following the link that you googled and actually reading the information on that page instead of just blindly copy/pasting things you don't understand. Seriously.
https://us.norton.com/internetsecurity-malware-heuristic-virus.html

Originally posted by Psyringe:

I see you edited your post after I pointed out that a heuristic analysis cannot constitute a "proof" of a virus.

Originally posted by The real GOW:

For those who do not understand, A heuristic virus is a nickname given to the malware Heur. Invader, a virus that can disable antivirus software, modify security settings, and install additional malicious software onto your computer.

Oh, come on. I don't mind that you're not understanding these things, it's not really day-to-day knowledge. But what you're doing here, is copy/pasting information from a Google search that you obviously have no idea about.

So, first: You have to understand that there's a difference between heuristic analysis, and this "nickname" for one particular virus that you've dug up on the net. The first describes a well-known analysis method, a type of _algorithm_ that every major antivirus tool is using. The second is an (ill-chosen) nickname for one particular virus, "Heur.Invader". Your Malwarebytes report clearly shows that this was _not_ a report of that virus - if that were the case, then the report would have been about "Heur.Invader", not about "Malware.Heuristic.1003".

You could have easily found this out yourself by just following the link that you googled and actually reading the information on that page instead of just blindly copy/pasting things you don't understand. Seriously.
https://us.norton.com/internetsecurity-malware-heuristic-virus.html

I was editing the post about what the so called "virus" was about and it must've been as you were replying to it as there was no responses at the time of editing, i edited it 3 times in total

Originally posted by Psyringe:

I see you edited your post after I pointed out that a heuristic analysis cannot constitute a "proof" of a virus.

Originally posted by The real GOW:

For those who do not understand, A heuristic virus is a nickname given to the malware Heur. Invader, a virus that can disable antivirus software, modify security settings, and install additional malicious software onto your computer.

Oh, come on. I don't mind that you're not understanding these things, it's not really day-to-day knowledge. But what you're doing here, is copy/pasting information from a Google search that you obviously have no idea about.

So, first: You have to understand that there's a difference between heuristic analysis, and this "nickname" for one particular virus that you've dug up on the net. The first describes a well-known analysis method, a type of _algorithm_ that every major antivirus tool is using. The second is an (ill-chosen) nickname for one particular virus, "Heur.Invader". Your Malwarebytes report clearly shows that this was _not_ a report of that virus - if that were the case, then the report would have been about "Heur.Invader", not about "Malware.Heuristic.1003".

You could have easily found this out yourself by just following the link that you googled and actually reading the information on that page instead of just blindly copy/pasting things you don't understand. Seriously.
https://us.norton.com/internetsecurity-malware-heuristic-virus.html

Also i will openly admit that i'm not 100% certain of what i'm talking about though you mentioned it as if bringing it to light will change something, of course i copied and pasted what i found since it will help those who would possibly stumble upon this and have a wonder as too what it is

Originally posted by The real GOW:

Also i will openly admit that i'm not 100% certain of what i'm talking about though you mentioned it as if bringing it to light will change something, of course i copied and pasted what i found since it will help those who would possibly stumble upon this and have a wonder as too what it is

But in this case, you're not helping anyone - you're spreading misinformation. Or, at best, information that is about something different than what Malwarebytes found, so you contribute to the confusion by making it appear as if they were the same thing.

Really, just follow the link to the page where you found that quote. If you got it from the Norton site, you'll find an explanation about the difference between "the heuristic analysis method" (which is what Malwarebytes did) and "the virus nicknamed as Heuristic Virus" (which is the unrelated information that you copy/pasted) right below the paragraph you quoted.

Alternatively, you could just look up the meaning on the pages of the antivirus tool that you are using (though these will probably only be enlightening if you know what the term "signatureless" means):
https://blog.malwarebytes.com/detections/malware-heuristic/
https://blog.malwarebytes.com/glossary/heuristic-analysis/

If you have any questions, please feel free to ask.

Originally posted by Psyringe:

Originally posted by The real GOW:

Also i will openly admit that i'm not 100% certain of what i'm talking about though you mentioned it as if bringing it to light will change something, of course i copied and pasted what i found since it will help those who would possibly stumble upon this and have a wonder as too what it is

But in this case, you're not helping anyone - you're spreading misinformation. Or, at best, information that is about something different than what you found, so you contribute to the confusion by making it appear as if they were the same thing.

Really, just follow the link to the page where you found that quote. If you got it from the Norton site, you'll find an explanation about the difference between "the heuristic analysis method" (which is what Malwarebytes did) and "the virus nicknamed as Heuristic Virus" (which is the unrelated information that you copy/pasted) right below the paragraph you quoted.

Alternatively, you could just look up the meaning on the pages of the antivirus tool that you are using (though these will probably only be enlightening if you know what the term "signatureless" means):
https://blog.malwarebytes.com/detections/malware-heuristic/
https://blog.malwarebytes.com/glossary/heuristic-analysis/

If you have any questions, please feel free to ask.

I appreciate the responses I'll probably be too busy to read it but you've assured that me that it's just a false positive, guess i'll have to tell Malware bytes to ignore it, it never done it until the Dead cells update in which they added a secondary launching option, which is why i suddenly questioned it since the game used to work until the update, had me thinking they maybe attempted to sneak it in with bad intentions stealing data or something since a few people have been in trouble for farming bitcoin through their users, or something along those lines, i'll happily accept that i was wrong if you're certain about the details you've supplied this thread with

Originally posted by The real GOW:

I appreciate the responses I'll probably be too busy to read it but you've assured that me that it's just a false positive,

I haven't actually said that, but I _would_ say that this is _extremely unlikely_ to be actual malware in this case. (Also, see what I found below).

If you want to be _sure_, the best course of action is to upload the file and the Malwarebytes detection log to the respective section of the Malwarebytes support forum:
https://forums.malwarebytes.com/forum/42-file-detections/

That said, I just noticed a sticky thread in this forum specifically about "heuristics.100X" detections. You may want to have a look at it. The post states that this is a "particularly aggressive" detection method (meaning it will cause a lot of false positives), is "off by default", and "should only be enabled (...) if you suspect your computer has a malware infection which is not detected regularly by Malwarebytes, and want to run a more paranoid scan".

So unless you have other evidence of infection on your machine, Malwarebytes itself would not have recommended running this particular analysis in the first place. ;)

Originally posted by Psyringe:

Originally posted by The real GOW:

I appreciate the responses I'll probably be too busy to read it but you've assured that me that it's just a false positive,

I haven't actually said that, but I _would_ say that this is _extremely unlikely_ to be actual malware in this case. (Also, see what I found below).

If you want to be _sure_, the best course of action is to upload the file and the Malwarebytes detection log to the respective section of the Malwarebytes support forum:
https://forums.malwarebytes.com/forum/42-file-detections/

That said, I just noticed a sticky thread in this forum specifically about "heuristics.100X" detections. You may want to have a look at it. The post states that this is a "particularly aggressive" detection method (meaning it will cause a lot of false positives), is "off by default", and "should only be enabled (...) if you suspect your computer has a malware infection which is not detected regularly by Malwarebytes, and want to run a more paranoid scan".

So unless you have other evidence of infection on your machine, Malwarebytes itself would not have recommended running this particular analysis in the first place. ;)

Here's the Virus total scan of the file if you're interested, it's deemed "unsafe" by one of them https://www.virustotal.com/gui/file/cc71d195574181f5614f0ae574a83db46741af9df9ef185cf683144ffa8557e8?nocache=1

The moment it said "Heuristic" I knew it was a false positive.

Heuristic detection means the scanner checked the data and saw something that has some passing similarity to historical malware, so it's being marked as a virus. This similarity could simply be how the executable accesses or writes to memory, how it makes function calls, just its usage of certain APIs, or any number of completely benign similarities. It's literally the scanner guessing. https://en.wikipedia.org/wiki/Heuristic_(computer_science)#Antivirus_software

Whitelist the executable. There's no virus here, MB made a bad heuristic guess. Said guess will be submitted to MB, it will be assessed and found to be a false positive, and an update will go out later preventing this from happening again.

I had that detection too yesterday. As stated above its due to the scanoption mentioned above. If you turn it off it wont detect anything (duh). There are also several posts of deadcells.exe in the Malwarebytes forum in the past. Everytime the file has been whitelisted. Post it in their forum and this one will get whitelisted too. Posting there will get you the confirmation its a false postive. Other scanners will show the same behaviour towards unknown/new files. Hence the detection @ virustotal.

That beeing said you can never be 100% its a FP. Its most likely is. You can go on with your life and try to be happy or stay paranoid. But then you shouldnt download anything at all.

LOL this thread.

anti virus usually have two types of defenses one is a database of know virus, but if a new virus is made, the database willl not have it so the antivirius will not detect it, and the other part of the defense is heuristics, heuristics is not a data base, but it try to analyse what the software does, and if feels it does anything suspicious it will trigger a heuristic thing. heuristics can be false positive, i don't want affirm anything here, i would let the people with more knowledge than me judge check and do the stuff but in any case if this is true there will be a huge back llash as the people analyse the files and stuff, it happened somethings in the past that was not even a virus and it got huge backlash like the capcom anti cheat that did run in the background on street fighter v on a kernel level, not even a virus but huge backlash it got, since is easy to analyse code in computer i don't believe the developers would ruin their reputation with this tho.

Bush did 9/11

Originally posted by Psyringe:

Well, where is your "proof"?

You're showing that Malwarebytes suspects malware as a result of _heuristic_ analysis. Heuristic analysis is, by definition, guesswork. It's a tool that is meant to find yet unknown threats, by looking for similarities and then taking a guess.

If you're not visiting shady websites, then more than 99% of heuristic reports on your machine will be false positives. This is intended. The idea of forward-looking malware protection is to never let actual malware through. So in order to protect from malware that has never been seen before, all antivirus tools intentionally err on the side of caution - very much so. Lots of games produce heuristic alerts like this (because games do a couple of things that viruses also have a reason to do) until the antivirus programs whitelist them.

What you can do in such a case, is to send the file to your antivirus provider for analysis. Every provider worth its salt has a lab for this purpose. You can also upload the file to virustotal.com to see what other antivirus tools have to say about it, though this won't be 100% reliable.

Asking the developers is kind of pointless because if you even get an answer, it will _always_ be "It's a false positive". Seriously, if you're willing to entertain the thought that the Dead Cells devs would put malware into their game, do you really think they would openly admit it? In both cases, the answer will be "no", and you'll still see the same report from Malwarebytes until something else changes. And what then?

Helpful up and above the call friend. Increasing temparature of your tone from fountainwatercold to lukewarm would have made me notch one down as a day where humanity was good indeed. No matter what else happened. ;)

Originally posted by The real GOW:

Originally posted by Psyringe:

I haven't actually said that, but I _would_ say that this is _extremely unlikely_ to be actual malware in this case. (Also, see what I found below).

If you want to be _sure_, the best course of action is to upload the file and the Malwarebytes detection log to the respective section of the Malwarebytes support forum:
https://forums.malwarebytes.com/forum/42-file-detections/

That said, I just noticed a sticky thread in this forum specifically about "heuristics.100X" detections. You may want to have a look at it. The post states that this is a "particularly aggressive" detection method (meaning it will cause a lot of false positives), is "off by default", and "should only be enabled (...) if you suspect your computer has a malware infection which is not detected regularly by Malwarebytes, and want to run a more paranoid scan".

So unless you have other evidence of infection on your machine, Malwarebytes itself would not have recommended running this particular analysis in the first place. ;)

Here's the Virus total scan of the file if you're interested, it's deemed "unsafe" by one of them https://www.virustotal.com/gui/file/cc71d195574181f5614f0ae574a83db46741af9df9ef185cf683144ffa8557e8?nocache=1

Might have just thanked the lad for explaining everything so thoroughly to you but clearly your an entitled lad with some expectations of the world to satisfy you. White male i guess? Would have taken 3 sentences to thank the helpful fella kindly and apologizing for barging in here like the inquisition with a "care to explain" tone that your mom had when she found your sticky sears catalog under the bed.