So every so often, there's a thread that comes up that says, "X is malware?", and it's always a false positive. I implicitly trust GOG not to give us files with viruses.

So, I thought it might be nice to start a thread to help keep track of the various false positives by using Virustotal and organizing them into a single thread.

I think for now, I'll be skipping over clean files, because that'd be just tedious. And for sanity reasons, I'm sticking to the executable.

Avernum IV: Babable lists it as Malware, but I wonder if it has to do with a faulty submission.

Civ3 Launcher: VBA32 detects it as a Backdoor IRC bot.

JCS is detected by Icarus as the Alman virus.

Locomotion is detected by Tencent as a Trojan.

Uru Setup is detected as a Trojan by Rising, and generically suspect by TrendMicro.

Uru Explorer is detected by Babable as Malware.

PopTB is detected by Whitearmor as Malware. Ditto to the D3D version and Undiscovered Worlds, except for D3Dpop3w, oddly.

Roller Coaster Tycoon 2 is detected by Aegislab as a trojan, BKav as Malware, TrendMicro as Generic, and Zillya as Adware.

Aegislab detects Roller Coaster Tycoon 3 as above, and BKav misses again, showing HW32.packed.D811.

And once again the same suspects for Roller Coaster Tycoon.

Babable continues the trend of having no clue, by marking Serious Sam as Malware. (The other Serious utilities are clean.)

Space Empires IV is detected by Jingmin as a backdoor.

Rogue Squadron is dartboarded by Bkav as malware again.

Bkav proving itself as useful a particularly uncomfortable rock has marked Undertale as Malware.

Whitearmor marks Terror from the Deep as Malware.

And that's it for my end of things. That should get things started.

TL;DR: Don't use crap nobody's heard of.

My girlfriend plays this steam game called "Dead by Daylight." She downloaded a "character," which just seems to be a simple key file (since the mandatory updates include the actual character data, so that people can play with you even if you didn't buy all the DLC) to enable the DLC character as playable, and it got marked as a virus.

The problem with AVs is that any decent virus would be ahead of the game, but at the same time all these AVs basically rely on reporting of viruses to the company (since looking for suspicious code just isn't good enough), so then they come up with a "signature" that they think is unique to the build version of the virus they were sent, but it really wasn't and it ends up being shared with legit programs, and it's just a mess. There needs to be a much, much bigger focus on patching security holes and giving the users agency.

EDIT: on the flip side, there are well known viruses that are well used by people and are well known. FunWebProducts is a great example, along with Norton, and, iirc, google earth got caught snooping, and i'm sure we could find quite a few others.

Babable, Whitearmor, Icarus, Rising, BKav, Zillya, Jingmin... I've never even heard of these products.
IMO VirusTotal should list the best\famous antiviruses first, so people won't focus too much on random unknown ones..

I remember having Avast giving false positives on Rayman Forever

How can you ever be sure something nasty isn't lurking in there.

Games already have spyware in them. There was a big fuss over redshell but the others were conveniently forgotten about.
Another game had a trojan as part of anti piracy.
Some Autodesk products would install something that uses your bandwidth secretly like a torrent system.

To be fair, i've seen people embed viruses into really, really tiny spaces like that. It's not unusual to find viruses hiding in sizes less than half a kilobyte. Just find a spot in your little DOS game that is zeroed and will later be zeroed again for safety by the DOS program. Then just make a nice little stub that executes your tiny virus before giving control back to the original DOS program.

Oh, I'm aware of such a nature, I know of an entire channel dedicated to such a thing.
But again, I do trust GOG not to have such issues, which was the matter of the original discussion.

Perhaps, but the issue is with false positives in virus scanners. Virus scanners ignore special treatment for certain files, because they can't verify where they came from, and if they did, a good virus programmer would use them to quickly embed their virus onto a system, if you were to make a virus and stick it out in the wild long enough, you can start hiding your payload (a second virus) into trusted software before your original virus gets nailed. For an antivirus to be trustworthy at all, it can't play nice and make special exceptions based on filename or something to that effect. That's why it gives YOU the tools to say you know better than it and you want it to ignore that file in the future, so then it's on your head not theirs if the file actually is infected. It's a legitimate question: how do we know a file's safe? Sure, we trust gog, but should we? I feel we can, but that doesn't mean that things haven't happened like that before, where an authoritative repo gets compromised. What if GOG hires a new employee, who manages to bring a virus into work on a usb drive or something on accident? Some viruses are known to embed secondary viruses into all known files that they know they can sink into: it's not unreasonable to assume that at some point GOG could end up with a virus that propagates itself as soon as it sees inno installers and likes to embed itself in them. Sure, it's unlikely, we assume, as GOG tries its' best to prevent such things, but it's not unreasonable to suggest it potentially happening.

So, the safer rule is that if you want to use an AV, accept false positives from AVs, since that's inevitable (it's been getting alot worse over the years, and will continue to get worse) when using AVs, and learn to make exceptions in your AV for programs you're sure are safe. Remember, we also can't expect GOG (and i'm sure you don't) to solve this issue, since one of the AV's jobs is to find viruses trying to avoid it's detection, so anything GOG would do to prevent the false positives would actually be something the AV company breaks, as it's looking for actual viruses using the same tactics.

signature based virus / malware detection simply doesnt work today as advertised .. and never will lol :D

so have fun with tons of false positives .. thats a never ending list!

any "good" malware wont be listed anyway ...

All of the MYST series will not run on my computer due to Norton reporing Trojns and Heuristic Malware. Even I instruct norton to ignore one problem, another will pop up. Is the problem with the games or Norton>

Norton, of course. It's not been worth using since Peter Norton himself left.

I am coming to that conclusion myself , I like your thinking

It wasn't worth using before he left, either.

I mean there were a lot of important products made before he left.