One Hour One Life Forums
a multiplayer game of parenting and civilization building
You are not logged in.
- Topics: Active | Unanswered
#1 2023-07-23 08:27:58
- profilore
- Member
- Registered: 2023-07-23
- Posts: 3
Anyone else get a trojan from the last update?
My windows defender found a trojan in OneLife.exe suddenly. Trojan:Win32/Bearfoos.B!ml. Anyone else this happen to, or is it just me?
edit: to clarify, after the virus was found, i deleted the game, downloaded it again. it was fine until the game loaded the updates, then it was suddenly infected again.
Last edited by profilore (2023-07-23 09:01:24)
Offline
#2 2023-07-23 13:01:37
- Shady
- Banned
- Registered: 2023-07-04
- Posts: 113
Re: Anyone else get a trojan from the last update?
If you have a download manager that could be the issue, just make sure it doesn't stay on your computer, according to the web it allows attackers to send commands into your computer for malicious activity.
I am Shady, I love exploring the internet.
Offline
#3 2023-07-23 13:10:43
- profilore
- Member
- Registered: 2023-07-23
- Posts: 3
Re: Anyone else get a trojan from the last update?
I downloaded straight from my link from jason's website.
Offline
#4 2023-07-23 16:15:31
- selalov734
- Member
- Registered: 2021-06-01
- Posts: 77
Re: Anyone else get a trojan from the last update?
Can you upload the file here: https://www.virustotal.com/gui/home/upload
and screenshot the result (if there is one)
Offline
#5 2023-07-23 17:25:16
- profilore
- Member
- Registered: 2023-07-23
- Posts: 3
Re: Anyone else get a trojan from the last update?
I deleted the files just in case, sorry. And after a reboot, i downloaded the steam version of the game, and the problem seems to have fixed itself. But if it comes back I will!
Offline
#6 2023-07-23 18:16:32
- Shady
- Banned
- Registered: 2023-07-04
- Posts: 113
Re: Anyone else get a trojan from the last update?
Somebody could have hacked into the website; it is marked as Not secure meaning it has no certificate.
I am Shady, I love exploring the internet.
Offline
#7 2023-08-03 08:51:32
- DoubleDot
- Member
- Registered: 2023-08-03
- Posts: 1
Re: Anyone else get a trojan from the last update?
Can you upload the file here: https://www.virustotal.com/gui/home/upload
and screenshot the result (if there is one)
I suddenly got the same problem today, but mine didn't resolve itself after reinstalling the game. I uploaded the file there, but most of the undetected-marks didn't fit in the screenshot.
Last edited by DoubleDot (2023-08-03 08:53:07)
Offline
#8 2023-08-03 12:12:13
- jasonrohrer
- Administrator
- Registered: 2017-02-13
- Posts: 4,805
Re: Anyone else get a trojan from the last update?
I got an email about this today. I'm CC'ing my response here for others:
>>>>>>>>>>>>>>>>>>
Sorry for the confusion and trouble.
I'm guessing that it's a false alarm. I build the Windows version on a relatively isolated PC that I never use for anything else (it's old and slow, and has nothing installed on it). And nothing about that PC has changed recently (I've been building the Windows version in the same environment for 5+ years).
However, I'd like to check it out.
Can you send me the OneLife.exe file somehow? Some email programs forbid attaching EXE files, so maybe you need to post to Google Drive and then send me a link to it?
>>>>>>>>>>>>>>>>>>>
Also, I found this:
https://superuser.com/questions/1416678 … -aml-virus
Apparently, once I verify that the application isn't actually infected, I can submit it to MS for whitelisting by Windows Defender. Also, here's the list of types of software that MS will tend to flag:
https://learn.microsoft.com/en-us/micro … -worldwide
This includes software that downloads stuff. And OHOL does this, of course, in order to download each weekly update. And those downloads include EXE files (the update to the game itself). Furthermore, the latest version of OHOL also downloads pictures while running (whenever you pick up a photograph to look at).
I've heard that even some Steam users are having this problem. While the Steam version doesn't download anything itself (Steam handles the update stuff outside of the game), the code that handles this is still included. And the picture-downloading stuff is still in there.
Offline
#9 2023-08-03 16:33:36
- jasonrohrer
- Administrator
- Registered: 2017-02-13
- Posts: 4,805
Re: Anyone else get a trojan from the last update?
I have verified that the OneLife.exe file that you have is exactly the same one that I uploaded from my clean-room machine. It has not been tampered with by any third parties.
If you want to verify the OneLife.exe file yourself, you can use this tool:
https://emn178.github.io/online-tools/md5_checksum.html
The MD5 Checksum should be:
69fd65121c5dec63ed89ca2526c7d747
Thus, I think this is likely a case of Windows Defender being too aggressive after an update to Windows Defender itself. Whitelisting with Windows Defender should be safe.
Note that after future updates, the OneLife.exe file will change, and that checksum will also change. That checksum is valid for the current version only.
Offline
#10 2023-08-03 21:59:05
- jasonrohrer
- Administrator
- Registered: 2017-02-13
- Posts: 4,805
Re: Anyone else get a trojan from the last update?
Okay, I submitted it to Microsoft, and it got the all-clear. Supposedly, it has been removed from Windows Defender now.
Instructions on how to update Defender are here:
Offline