Steam Why is My Game Being Flagged as Containing a Virus by Player AV Software?

otterZ

Member
I uploaded a new build to Steam and about a week later, 20 hours ago 3 players then reported that their anti-virus software flagged up: [SYS] Gen.variant.Ransom.Razy.122988

At least 2 players had different AV checkers: One used Avast and the other bit defender.

The file that flagged up as containing ransomware was the application file, named $(1163090) which they said showed up as a temp file.

I did a virus check on all build files and also my PC system as a whole and there were no virus's detected, so I am pretty sure I have not uploaded ransomware unwittingly. Also, I build on an almost closed system, as in I never download anything (except from Ninite) on that PC and never use an external flash drive from another computer.

Does anyone have any idea of why this could be happening? It is awful to suddenly have players of your game stressed out thinking that ransomware is in your game. Any help or even ideas would be much appreciated.
 
Last edited:

CKlidify

Member
I'm experiencing the identical issue with my game built on the latest release of the GMS2.3 Beta branch.

Seems to be a false-positive caused by the most recent version, hopefully someone from yoyo can comment on things :x
 

otterZ

Member
I'm experiencing the identical issue with my game built on the latest release of the GMS2.3 Beta branch.

Seems to be a false-positive caused by the most recent version, hopefully someone from yoyo can comment on things :x
Hi CKlidify, good news . . . one of the players of my game kindly forwarded the Steam support response to the problem which was:

Steam support said:

"We scan all games and software with anti-viruses before they are released to Steam. The problem you are reporting is most likely an error detecting the protection software you are using.

Anti-virus software very often uses heuristic scanning methods to detect viruses and other malware, and a side effect of this type of approach is that it can lead to erroneous detections."
So it looks like a false positive that has popped up for many games on Steam from AV checkers. That was scary though as all of a sudden there were 6 messages from concerned players about ransomware.

Imagine bigger games, who may get 100 or even 1,000 new messages along with multiple refund requests :0 Imagine waking up to that in the morning . . . gulp.

Jeez . . . I had to have a beer after that. Quite stressful having your game flagged up as ransomware.
 
Last edited:

otterZ

Member
Thank you muki, that link basically shows how to fix the issue as much as possible from the developer's end. I like the code signing option. Such a helpful link. Much appreciated.

If anyone else experiences this problem and is reading through this thread looking for an answer, just click on maki's link above to resolve the false positive problem :)
 
So I decided to share a little fun thing I made with my friend, so I compiled an EXE using the VM mode and Windows Defender picked the exe up as a virus. When I switched to compiled in YYC everything was fine. I tried even a blank project (new -> project -> create executable) and it got picked up as a virus. Switched to YYC and everything worked fine.

I am using IDE v2.3.4.583 and runtime v2.3.4.443
 

Yal

šŸ§ *penguin noises*
GMC Elder
I know nothing about this, time to speculate wildly with no backing information :D

This thing definitely looks the most "bad thing"-y, maybe the certificates for some random tool in the compilation toolchain (for VM/runner builds) expired?
1632525243239.png

(reads user input, you need for games... long sleeps, you can solve that by increasing Sleep Margin to 167 or higher to make your game never sleep... PCEXE, that can't be avoided.... probably not runtime modules either)
 

otterZ

Member
Looking at quality code signing certificate services but they are quite pricey. Not a problem if it is a top selling game, but pricey if code signing a game with just a handful of players purchasing the game.

Still replying to worried players. Kind of stressful seeing the comments from people panicking for the 3rd morning in a row. Nightmare . . . need more coffee.

Thought about contacting YoYo games about this but I don't know for sure if it has anything to do with the latest GM VM builds and I don't know if they have any in built certificates that have expired etc. This is a tricky one . . .

I appreciate you guys replying to this thread.

By the way, my game builds are VM builds and not YYC builds if this helps.

UPDATE (27 Sept 2021): Seems to have quietened down now. I have not had any more reports from players reporting the ransomware warning on AV checkers since. Perhaps the AV checkers have had their red flag watch list updated or something - hopefully.
 
Last edited:

Owly

Member
Looking at quality code signing certificate services but they are quite pricey. Not a problem if it is a top selling game, but pricey if code signing a game with just a handful of players purchasing the game.

Still replying to worried players. Kind of stressful seeing the comments from people panicking for the 3rd morning in a row. Nightmare . . . need more coffee.

Thought about contacting YoYo games about this but I don't know for sure if it has anything to do with the latest GM VM builds and I don't know if they have any in built certificates that have expired etc. This is a tricky one . . .

I appreciate you guys replying to this thread.

By the way, my game builds are VM builds and not YYC builds if this helps.

UPDATE (27 Sept 2021): Seems to have quietened down now. I have not had any more reports from players reporting the ransomware warning on AV checkers since. Perhaps the AV checkers have had their red flag watch list updated or something - hopefully.
I still get the game I'm currently creating flagged. Just tried it. :(
 

Owly

Member
So I decided to share a little fun thing I made with my friend, so I compiled an EXE using the VM mode and Windows Defender picked the exe up as a virus. When I switched to compiled in YYC everything was fine. I tried even a blank project (new -> project -> create executable) and it got picked up as a virus. Switched to YYC and everything worked fine.

I am using IDE v2.3.4.583 and runtime v2.3.4.443
How do you switch from VM to YYC?
 

Owly

Member
I have just used VM so far but I'm pretty sure you can choose between the two by clicking the target button in the top right, then switching between the two in 'Output'.
Thanks for replying! Just changed from VM to YYC but it failed to create a build (never failed in VM before).

I have no compiler errors and the only syntax errors I have are of the sort 'variable only referenced once'.

In the search results I get this message which may mean something but I don't know:
"System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary."

What....? :(
 

otterZ

Member
That is great Owly!

Thank you for posting up the website link to check for flags and also the link for the guide that you followed.

If I get anymore reports of ransomware bugs by players I will also do this. I do like VM as it is way faster, but if I have to I will use YYC. I figured that whilst I am doing many builds, as in adding content and patches etc, VM will be much quicker. Then if I ever get to a final stage where there is nothing much more to add (that would be few years down the line), then I will do a final YYC build, along with any patches needed after that.

11 flags reduced to 1 is a big improvement.
 

Owly

Member
Cheers! If anyone comes up with a way to get the flags back to zero, or can identify the problem--why this is happening in the first place--I sure would like to hear about this! :)
 
That is great Owly!

Thank you for posting up the website link to check for flags and also the link for the guide that you followed.

If I get anymore reports of ransomware bugs by players I will also do this. I do like VM as it is way faster, but if I have to I will use YYC. I figured that whilst I am doing many builds, as in adding content and patches etc, VM will be much quicker. Then if I ever get to a final stage where there is nothing much more to add (that would be few years down the line), then I will do a final YYC build, along with any patches needed after that.

11 flags reduced to 1 is a big improvement.
Just so you know, YYC builds run much faster for the user than VM builds. I think it's better to use VM for when you are testing, then when you have a build ready for public release, switch over to YYC, fix any bugs that happen (YYC is much more strict than VM in terms of what makes it fail, so sloppy code will often need to be tightened up) and then build in YYC for the public. The FPS gains can be significant allowing users with worse hardware to run the game.
 

otterZ

Member
Just so you know, YYC builds run much faster for the user than VM builds. I think it's better to use VM for when you are testing, then when you have a build ready for public release, switch over to YYC, fix any bugs that happen (YYC is much more strict than VM in terms of what makes it fail, so sloppy code will often need to be tightened up) and then build in YYC for the public. The FPS gains can be significant allowing users with worse hardware to run the game.
That is a very good point about YYC builds running much faster than VM builds RefresherTowel. This would make the waiting time to compile well worth it. Plus less red flags as Owly pointed out.

Okay, you've both just sold me on creating YYC builds to upload to Steam from now on instead of VM builds. Kills two birds with one stone, less false positive reports and FPS gains to boot.

Thank you for pointing that out, I never knew about YYC builds running much faster with potentially significant FPS gains.
 
Sorry been busy.. coming back I uninstalled the runtime and then reinstalled it and everything was fine... so I don't know if something got messed up, but after doing that it was working as expected.
 

Owly

Member
Sorry been busy.. coming back I uninstalled the runtime and then reinstalled it and everything was fine... so I don't know if something got messed up, but after doing that it was working as expected.
Hey Michael! How do I uninstall the runtime (sorry if it sounds like a silly question!) and reinstall it?
 

biyectivo

Member
I'm experiencing the same, but Bitdefender Pro isn't even letting me build, any way to fix it in the meantime?
EDIT: I added an Antivirus exception to the GMS2 project file as well as %LOCALAPPDATA%\GameMakerStudio2 and it let me build.
 

Yal

šŸ§ *penguin noises*
GMC Elder
Hey Michael! How do I uninstall the runtime (sorry if it sounds like a silly question!) and reinstall it?
Download a GM installer (click any version number on this page and it's a download link to that version) and run it, it will uninstall your current installation of GM and then install a new one (this includes the runtime). (If you don't want to risk updates breaking your game, you could manually install the exact version you're currently using.)
 

Owly

Member
Download a GM installer (click any version number on this page and it's a download link to that version) and run it, it will uninstall your current installation of GM and then install a new one (this includes the runtime). (If you don't want to risk updates breaking your game, you could manually install the exact version you're currently using.)
So that what it means, okay thanks!
 
Top