Malware?

[ivelieu]

I tried to download the millenium.exe release at https://github.com/ShadowMonster99/millennium-steam-patcher/releases/tag/1.0.0 and my Windows Defender immediately flagged me it was a Trojan: What's going on?

[MillenniumAlpha]

False positive

[Holt31]

I think the following one is also a false positive? It's "User32.dll" which gets extracted directly into the Steam directory.

I reported this as an issue in the binaries branch. I think it's more suited there. https://github.com/ShadowMonster99/millennium-steam-binaries/issues/1

[ivelieu]

My point is, even if it is a false positive (which I do not necessarily trust as this is not the typical Windows security warning for self-compiled applications)-- this is still really suspicious and should be fixed immediately. Considering it happens on download of both the installer exe and the dll files, I would not say for certain that it is just the dll files.

Plus it is highly unusual to separate binaries into a separate repository with no version control and the files are just submitted through a release with no code versioning. Meaning I have to download and decompress the zip code -- which I have no reason to trust is not infected too. I do not trust this situation enough to really examine it more closely as I do not have experience with safely handling malware.

I will also point out the contradictory licensing. This repository is MIT: https://github.com/ShadowMonster99/millennium-steam-patcher/blob/main/LICENSE

But the binary repository is listed here: https://github.com/ShadowMonster99/millennium-steam-binaries/compare/1.0.0...main by installing millennium here, you agree to the terms and service here: https://github.com/ShadowMonster99/millennium-steam-patcher/blob/main/.terms-of-service

And those terms of service say, among other things: You agree not to modify, alter, decompile, reverse engineer, disassemble, or create derivative works of the program or any part thereof.

I could not find any explanation of this decision on the Discord.

So there are several red flags going on here.

[Legitti]

Yeah too fishy, no download

[shdwmtr]

Hey sorry for the late response. compile it yourself its not malicious, I have no control over that as far as that's concerned, the properties of a "patcher" are malicious even if they may not be. as for the TOS, that's there to stop people from changing an official release of millennium and distributing malware under my name. I see what you mean with the repo mess, correct its weird, it was just something I put together to let my installer work for the time, if you have any suggestions I'm open to them. (I did that so you don't need to reinstall the installer on every update and it will pull from a different repo, however I'm decently new to the works of GitHub and don't know everything about it so I'm definitely open to suggestions lol)

Thanks for the feedback ill work to fix these problems, however is being detected as a false positive is a problem of its own and I cant perfectly fix that. as of the latest release I believe its score on virus total is relatively good. sorry for the late, however thanks for bringing this stuff to my attention. I was not aware of the installer being detected as something you mentioned? but ill take extra measures to assure the user safety, thanks for considering Millennium.