I scanned my system with Windows Defender, and it claims that a virus was present in the GOG version of KotOR 2 that I downloaded from GOG Galaxy.

The file it flagged is "Steam_api.dll."

Windows claims it is a "HackTool:Win32/crack" and the "Alert level" for it is "High" and the Status is "Active" and the Category is "Tool."

"Details" say "this program has potentially unwanted behavior."

I'm not sure if that's a false positive or not, but anyway, I quarantined that file.

I'm not sure why a GOG game has a file named "Steam_api.dll" in the first place though.

What do you think about all this?

I know that it has been explained to you in several threads already…

That file exists because of your achievement moaning. It's what makes Galaxy achievements exist by replacing the Steam achievement mechanism via GOG's Steam crack.

I imagine that the heuristics of most AVs have gone to pot, but that probably falls under "PUP", not "Virus".

Windows didn't say the word "virus" to me verbatim about this file, but they did describe it verbatim as a "HackTool:Win32/crack" and a "threat" that they "took action" against, and also an "Alert level: High" file.

And they are right. It allows achievements to the game.

A false positive, windows is flagging GOG's crack

And yeah, the steam_api.dll has to exist if you want your precious achievements

If you didn't get this file from some funny source it is very likely a false positive. This happens with Virus scanners all the time.

Try writing a different name and address on a letter intended for one person. Will they be able to guess who the intended recipient is?

This is the kind of shit why I asked earlier for good free replacements for Windows Defender, which is becoming increasingly obnoxious, both by trying to prevent people from disabling it at will, and making decisions for the users which kind of files are "harmful" (not necessarily harmful to the user, but e.g. Microsoft's or other companies' interests).

The other option is to switch to Linux of course, but I understand that is not necessarily an option. At least if one wants to play their GOG games with Galaxy to get achievements.

Fjuck Microsoft, as they say in Norway.

A modified Steam_api.dll is the last resort option for GOG whenever game developers refuse to integrate Galaxy API in their games to provide achievement support for the GOG version, so obviously you can't change the filename because the whole point with the modified library is to trick games to load it instead of the real one and then route Steam API calls to Galaxy API calls.

I remember your topic and for some reason I think you have not seem my detailed post there about Kaspersky and BitDefender being the best free antivirus right now.

Since there's an international situation happening, Kaspersky became 'software-non-grata' in US, if you understand what I mean, so its up to you to use it or not, depending on your analysis of the current situation, In my opinion its a very good antivirus still, but because of the explained above, its power to find viruses will probably diminish because US is a huge source of cybersecurity material and research...
BitDefender, too, is simple, light on system resources and its database is known to be one of the best out there.

If you don't want to use Windows Defender because of false positives like this against unsigned softwares, use Bitdefender.
In my experience those three are the best free antivirus solutions right now, together with Malwarebytes, but Imo Malwarebytes is kinda bloated and intrusive, together with Kaspersky UI.. Bitdefender though is so not intrusive that you forget it is there sometimes. At least, in my experience.

The game executable is set to link dynamically to a file named Steam_api.dll. It is not possible to make it instead for a DLL with a different name to link to instead, unless you're able to recompile the binary, and specify a different file to link to.

(Or if there's some Windows-specific way to work around this, like Linux's LD_PRELOAD.)

its not the name of the file that keyed it off, its whats modified to the file thats set it off. you could name it "buttholesurfersrideintomynightmaresviamyass.dll" and it would still pick up as "HackTool:Win32/crack" as most virus scanners use heuristics now and not file names

I meant to try, I think it was Comodo, that someone mentioned. I even downloaded it already but didn't yet install it.

Well, yeah, unfortunately at this point if feels a bit like using antivirus made in China or North Korea. Can I really trust it? AV gets so many privileges in the computer.

I am actually unsure if the non-MS antivirus are any better in not making false positives. I used Avira before MS, and at least it had much of the same problems with false positives.

My main motivation to find a replacement was to find one that is easy to disable when needed, does not turn itself back on at least either I reboot the computer, or enable it myself, and if possible, does nothing behind my back but if it detects something, it ASKS what it should do with the file.

I recall in the old days that is what antivirus did, they asked every time what to do with detected files, but nowadays it seems none of them do. I am unsure if that is because the malware could then answer itself and tell the antivirus not to mind the malware...

It may be that no such AV exists anymore because I got an impression that MS decides which third-party AVs are allowed to replace (= disable) Defender, and there probably are some requirements for the 3rd party antivitus, like "you must automatically enable yourself 10 minutes after disabling" and "you can't be disabled permanently" and "you will not ask the user what to do with the detected files, but always move them away to some obscure place that the user can't find them".