MelonLoader

MelonLoader

Mods
242 Downloads

[Bug]: VirusTotal Reports Installer as Malicious

syberphunk opened this issue ยท 3 comments

commented

All of the following criteria must be met

  • All Requirements must be installed.
  • Full Latest.log file included. If no file exists then leave this unchecked and state so.

All of the following are optional to answer

  • Tried reinstalling the Game.
  • Tried reinstalling MelonLoader.
  • Tried restarting PC.
  • Was able to see the Start Screen.

Describe the issue.

Downloaded MelonLoader.Installer.exe and uploaded it to VirusTotal.com

The scan reported by 4 separate security vendors identifies it as malicious.

Cynet: Malicious Score 100
TrendMicro-HouseCall TROJ_GEN.R002V01JC23
SecureAge Malicious
Webroot W32.Malware.gen

https://www.virustotal.com/gui/file/ad3015fcf72af7fa32386e2d584ddc00ba10fef82e84b4f57adafb6183177542

image

Hybrid analysis also shows it as suspicious and it's labelled as malware

https://www.hybrid-analysis.com/sample/ad3015fcf72af7fa32386e2d584ddc00ba10fef82e84b4f57adafb6183177542

image

image

image

There's no log file to attach, I have not attempted to install this on my computer due to these identifications.

Did you attach your log file?

  • Yes, I attached my log file to the text box above.
  • No, I could not find a log file at {Game_Directory}\MelonLoader\Latest.log
commented

Yes the installer is also open source and can be found here https://github.com/LavaGang/MelonLoader.Installer
I think the installer gets flagged because it downloads files from the internet (GitHub) and auto unzips it which can maybe be seen as sus
edit: I just looked at the av results, Webroot is the only one that flagged and they hate us for some reason. Not sure why hybrid-analysis will give a score of 3% when only one triggers.

commented

MelonLoader proxies windows dlls to start with the game, and injects code into games. Obviously some antiviruses will false flag MelonLoader for this. It's entirely open source so you can see that we don't do anything Malicious. We have no interest in changing anything to make these Antiviruses not flag us, because ultimately, we can't. We use some techniques to inject that some Malware might use i guess.

commented

@RinLovesYou
This issue is with the installer, not MelonLoader itself.
Is the installer open source? Or do you only have the code for MelonLoader itself on the github?

It's a concern that the installer is flagged as a virus and this appears to be something which could be overcome, but is important because it's going to be the lowest barrier that people will gravitate towards.