what if i want to test a game which is apparently infected (malware/virus) ?
Community Forums/General Help/what if i want to test a game which is apparently infected (malware/virus) ?
| ||
Hello, What if i want to test a game which is apparently infected (by a malware/virus) ? The obvious safe approach is to run it on a computer which is dedicated to test infected/potentiallydangerous programs, and not connected to the internet... Any other idea ? Here is the (Blitz3d) game in question : https://archive.org/details/Driller https://www.youtube.com/watch?v=kyWbgW21lWo I am just curious to test it, seems rather good. Thanks, |
| ||
You might open it in IDA Pro (or the disassembler of your choice) and stub the problematic functions. There even was a time with anti virus tools being able to just kill the virus out of the file (instead of deleting the whole one). But yeah: setup a VM and disconnect it from the internet. Think the malware is not that advanced to break out of the VM. bye Ron |
| ||
Run it under vmware and see how it behaves. Avira does not report any virus here. And the game works under vmware XP. |
| ||
no idea what vmware is... Another idea, not suggested here : use a live boot cd with windows xp, (all is stored in ram and cleared when the computer is shut off, maybe it will run since it is an old program which does not require others things installed (maybe directx ?)) |
| ||
no idea what vmware is... It's a virtual machine, like Microsoft Hyper-V / VirtualPC / VirtualBox. It's essentially a sandbox container running a second copy of the OS, which can be 100% self-contained, and if you create snapshots you can completely roll back to that point in time, undoing whatever damage malicious software did inside the sandbox. The downside is that most of the hardware is virtualized as well, meaning you have limited 3D acceleration and most modern games don't perform very well that way. (It's also a great way to try out new/free software. Need an app that does -x-? Download two dozen of them, try them all out inside a virtual machine, and when you figure out which one you like, roll back the virtual machine to remove all trace of all of them and install the one you want in your real OS environment. Makes windows run nice and smooth for much longer than when you continuously install and uninstall all kinds of random crap. Of course, you will need an additional windows license to run the virtual environment) |
| ||
There are also sandboxing software like https://www.sandboxie.com/index.php?DownloadSandboxie. Sandboxie is not free, but there might be a trial period. List of other sandboxing software's at http://listoffreeware.com/list-of-best-free-sandbox-software-for-windows/ -Henri |
| ||
Take it round ya mums. |
| ||
Don't do it. |
| ||
Curiosity killed the cat? |
| ||
im registered user of sandboxie and this game crashes under it. vmware player |
| ||
Couldn't you run it in Sandboxie and for good measure use something like Tinywall and set your firewall to BLOCK ALL? Also sandboxie is free. The paid version removes the nag screen which adds a 5 second delay when sandboxing once the trial expires. |
| ||
There's also software called AVAST. It's free. AVAST will scan the game for malware and other forms of viruses and ask you to quarantine the game. But if you want to save the game, not quarantining it, then use a disassembler as described above. |
| ||
Omg... That's the Domark game that came with Virtual Reality Studio 1.0! Looks like a awesome remake... I really loved those Freescape games. I actually have two boxed copies of VRS 2.0 sealed in the boxes. What makes you suspect this game is infected with malware? Could be a false positive. |
| ||
malware bytes reports that there is a trojan in the executable... |
| ||
Driller.exe is encrypted with Molebox. From what I can read, if you use the default key when using Molebox, many virus scanners will flag the exe as a virus. It seems many virus developers will hide their code with an encrypted container such as molebox, so companies like Avast and Malware Bytes will always flag them as malware. Unfortunately, the only way to tell if it is a virus or a false positive is to run it and see what happens. |
| ||
it is also reported as a trojan by others anti malwares : https://virustotal.com/en/file/cccc3549cc51ec159aa46ac1d1cbac10588cbe35870fddbf677966155f6ed918/analysis/1485290544/ |
| ||
This might sound odd but.... Do you think possibly its being flagged because of the name? Driller.exe does sound like some sort of hacking tool tool that would flood network traffic or mine your system. This page finds it generally okay except for warnings from a few reviewers. https://safeweb.norton.com/report/show?url=https%3A%2F%2Farchive.org%2Fdetails%2FDriller Google doesn't like it one bit! https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=archive.org This page says google like its! hah! http://onlinelinkscan.com/results/httpsarchive-orgdetailsdriller/ |
| ||
If the Game is written in Blitzbasic language, then you may surely wonder, where all the assets are gone, where are the models, the textures, the sounds/music, which are usually needed for a higher quality games, stored? This game is a single exe with arround 22mb of data, so it is evident, that all the assets are within this file. You can read about Molebox here If it is possibile to hide a trojaner/virus inside of this, which will cause troubles, i do not know. But if the AntiVirus companies cannot scan the contents of it, then there is a high chance that they will flag it as Potentially Unsafe. |
| ||
The thing is that another game by the same developer is considered as safe by my antivirus/antimalware... see : https://archive.org/details/Cholo_201506 And, since these are old games, it is well possible that these files have not been uploaded by the developer himself but by another person... (Driller was apparently published in 2007 but only uploaded on archive.org in 2015...) (maybe a smart way to spread trojans since some old games are not available anymore anywhere else on the web...) |
| ||
Well, the archive.org has a original site copy and the older versions: http://web.archive.org/web/20150304201850/http://driller.ovine.net/ Somewhere in august 2008 you can access the v1.1 version. the v1.3 version is the same as that from the 1st post. |
| ||
@Dan>>good find, thanks ! So, i tried the executable on an old laptop with windows XP (not connected to the internet) and it ran well the first time, i managed to play a little, then i got a MAV :P But the ambiance is well done imo |
| ||
VMWare Player used to be a good option for sandboxing. |