Steam'i Yükleyin
giriş
|
dil
简体中文 (Basitleştirilmiş Çince)
繁體中文 (Geleneksel Çince)
日本語 (Japonca)
한국어 (Korece)
ไทย (Tayca)
Български (Bulgarca)
Čeština (Çekçe)
Dansk (Danca)
Deutsch (Almanca)
English (İngilizce)
Español - España (İspanyolca - İspanya)
Español - Latinoamérica (İspanyolca - Latin Amerika)
Ελληνικά (Yunanca)
Français (Fransızca)
Italiano (İtalyanca)
Bahasa Indonesia (Endonezce)
Magyar (Macarca)
Nederlands (Hollandaca)
Norsk (Norveççe)
Polski (Lehçe)
Português (Portekizce - Portekiz)
Português - Brasil (Portekizce - Brezilya)
Română (Rumence)
Русский (Rusça)
Suomi (Fince)
Svenska (İsveççe)
Tiếng Việt (Vietnamca)
Українська (Ukraynaca)
Bir çeviri sorunu bildirin
Bu başlığın sahibi kendi sorularının cevabı olarak bir gönderiyi seçti.
Tartışma Kuralları ve Yönergeleri
Bu iletiyi bildir
It's more likely to get virus/malware from a cracked game than from Steam.
But go ahead and upload that file to Virustotal.
Why would you ever use a unknown utility program from Steam without doing research.
Zero reviews, unknown developer but yet you did go ahead with it anyway. While telling us how malware is a danger?
The very thing it does is false positive Valhalla. Automated file manipulation that overwrites regular file explorer actions? Yeah definitely something anti-malware suites do not like.
What malware scanner did you use that it triggered.
I am going to guess it is a false positive as in not malware but definitely valid with detecting suspicious scripts and judging by the look of things probably also not written with secure by design philosophy.
Scan the thing with VirusTotal and get a refund.
Make a quick access folder in your file explorer and simply use copy and paste. Or use a power tool like TotalCommander for sync directory function which is known in the industry as reliable and actively audited by people who use it.
Not to mention... if you want a better experience then why not focus on already established names? If you search for MeCopy you'll come right back here on Steam, they don't seem to have their own website, support section, etc. "convenient".
But if you check an article about quality copy software[www.techpout.com] you'll not only notice that several of these tools are freely avaialble, they're also provided on multople places.
While I definitely agree with the others that a false positive is the most obvious scenario here, I also can't help wonder why you'd want to trust such a niche program in the first place?
But again in my honest opinion I would forgo the program.
Was there any other reports beside the file ? Have you seen any access attempts to external sources?
Here are the VT results
https://www.virustotal.com/gui/file/99625735606f53cdc59ea15ef1b9b00f6ae8756092f59d2b0859cdb21b26e57f?nocache=1
It has imports python310.dll
https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/version_id-658801/Python-Python-3.10.0.html
It is thus build with unsafe outdated libraries.
Also huronbyte dot com does not support https
Infact I can't even for most time let alone reach it to surface test
https://www.ssllabs.com/ssltest/analyze.html?d=huronbyte.com
Professional advice refund get another program while the obscurity of the program reduced the risk any real bad actor would simply look for vulnerable access points and your giving one that has direct access to your files.
First of all, I would like to mention that English is not my native language so I apologize in advance for any grammatical errors.
As mentioned in other comments, it is a false positive that you can ignore. As mentioned on my website in the FAQ section:
https://mecopy.net/help.html
I have read everyone's comments and I realized that I made the mistake of not creating a website and not showing myself as the main developer, I know that gives a lot of distrust. I got down to work and recently finished the official MeCopy website and added threads in the application community.
https://steamcommunity.com/app/2095280/discussions/
https://mecopy.net/
As I mentioned above, unfortunately some antivirus will give you false positives because of the compilation method (Nuitka) and because of the nature of the program itself but you can use MeCopy with total peace of mind.
I am still waiting for answers from several antivirus companies including Bitdefender Total Security but have not heard back. I am also in the process of signing up for the software but it requires some money which I don't have right now and I am hoping that with sales of the program I can pay for it to be more reliable.
I didn't create MeCopy with the intention of making a lot of money or as a substitute for other tools but as an alternative. Obviously there are more powerful utilities but searching the internet none of them did exactly what MeCopy does or matched what I really wanted and so I created the software to suit my needs. Using it I saw that it was really very useful and that people who have no experience in commands or just don't want to break their heads learning them could simply search and transfer files respecting the folder hierarchies filtering them by extensions while being able to do other operations at the same time.
Obviously if someone is an advanced user they can do what MeCopy does with commands, but I repeat, they are not the kind of people I made MeCopy for.
You probably scanned an old .exe, previous versions of MeCopy were compiled with PyInstaller and gave many false positives, which is why I switched to Nuitka. A scan to the most recent MeCopy version only yields 2 false positives:
https://www.virustotal.com/gui/file/c15d941c333ce38432616641d219a99eb6dcff5584e060e37e0091efb6623dc7/detection
I am already in contact with the companies Bkav Pro and Ikarus so that these false positives are no longer displayed. Unfortunately most of the time I do not receive a response as I have already mentioned.
About the name HuronByte:
------------------------------------
I have decided to stop using the name HuronByte and announce that the MeCopy Team and the software MeCopy has nothing to do with that name (HuronByte). The official website is https://mecopy.net/ and the Developer and Publisher information has been changed to MeCopy Team.
The only emails we have are:
contact@mecopy.net
support@mecopy.net
About importing python310.dll:
------------------------------------
I use Python 3.10.8 to create MeCopy, it is not an obsolete version and there will always be security bugs in any version of a language that is still under active development. Those security bugs you mention do not affect the software code in any way. It is not worth it for me to upgrade to the latest version of Python. You would be surprised to know how many companies that sell their software created with Python still use even older versions, in reality it is done for compatibility issues on libraries and upgrading means in many cases unnecessary headaches unless the software being made has security issues specific to that version.
I apologize for my ignorance, it is the first time I put a software for sale, I will try to improve to be able to offer a better and better quality product as time goes by.
There has only ever been a handful, less than 5, games on Steam that have ever had anything bad.
And that was basically a Bitcoin miner.
And that was shut down FAST.
Even trying to claim a comparison between Steam and Google Play's App Store is beyond bonkers.
Apart from that time a Cities Skylines mod on the Steam workshop had a trojan dropper in it; or that time Slay The Spire - Downfall was compromised by a malicious party and distributed a malware laden update; or any of the other times that particular thing happened, which at one point swelled to such heights that it was the direct lead-up and cause for Valve to make use of two-factor authentication mandatory for all developers on the platform.
And no - that 2FA protection doesn't help.
Developers found the manual 2FA confirmation such a big impediment to their build automation flow, that some proudly announced they decided to creatively work around the issue by instrumenting a phone dedicated to perform the 2FA confirmation, to automate said confirmation without human intervention. Only some announced it, which means you can count on plenty more to actually be doing it silently without telling anyone.
Which effectively removes the 2FA factor again and means if their primary credentials are stolen or leaked; or someone gets into their systems via a supply-chain attack, once again malware can easily be published.
The bottom line is:
Never off-hand dismiss it as a false positive.
Verify it by submitting the sample to your AV-vendor for further analysis, or at the very least upload it to VirusTotal and see what other prominent anti-virus products make of it.
The number of intrusions and account compromise that allowed uploading and distributing malware actually got bad enough that Valve had to get off its laurels and mandate 2FA use for developers and publishers to be able to publish new builds.
In other words: these weren't 4 or 5 isolated incidents over the span of many years. Those were just the few ones that managed to successfully reach the public's eye because no-one (neither a developer, publisher or Valve itself) tried or succeeded to thwart their publication.
I didn't know about the Downfall mod at all.
Wild.
What happened there?!