This is an identify scroll. n--a cursed amulet of NethackW.
March 28, 2017 7:27 AM Subscribe
When I need to rest my brain, I tend to play NethackW (the tile interface, not ASCII). As of yesterday, my computer's anti-virus software decided that only NethackW, and not the ASCII version, was infected with a Trojan or malware (gen:Variant.Jaik.15909), and promptly wiped it off my computer.
I tried downloading a new copy; same result. I've googled around and have found no reports either of anything evil with that name or of NethackW in general having the sniffles. Is my software just throwing up a false positive based on something about NethackW itself, or is something more malicious going on?
I tried downloading a new copy; same result. I've googled around and have found no reports either of anything evil with that name or of NethackW in general having the sniffles. Is my software just throwing up a false positive based on something about NethackW itself, or is something more malicious going on?
Response by poster: Assuming you downloaded it from nethack.org ?
Yep.
posted by thomas j wise at 8:23 AM on March 28, 2017
Yep.
posted by thomas j wise at 8:23 AM on March 28, 2017
You could also ask on rec.games.roguelike.nethack or possibly /r/nethack.
posted by dywypi at 8:44 AM on March 28, 2017
posted by dywypi at 8:44 AM on March 28, 2017
Best answer: > Is my software just throwing up a false positive based on something about NethackW itself
Almost certainly yes. The “gen:” prefix means it hasn't positively identified the executable as something known-bad, but thinks it looks suspicious based on generic detection rules. Trying to work out what pings AV generic rules is a murky, unpredictable business, but NetHackW.exe is a small unsigned binary and these days that's enough to make AV suspicious.
AV is pretty stupid.
FWIW I ran NetHackW.exe (3.6.0 x86, 4439040 bytes with SHA-256 hash 86f6b6088723400a2725ba1626619b1d4ab750d9d047a1787341c54f96a60198) on a VM and didn't see it do any unexpected file accesses or network connections.
posted by BobInce at 11:13 AM on March 28, 2017 [3 favorites]
Almost certainly yes. The “gen:” prefix means it hasn't positively identified the executable as something known-bad, but thinks it looks suspicious based on generic detection rules. Trying to work out what pings AV generic rules is a murky, unpredictable business, but NetHackW.exe is a small unsigned binary and these days that's enough to make AV suspicious.
AV is pretty stupid.
FWIW I ran NetHackW.exe (3.6.0 x86, 4439040 bytes with SHA-256 hash 86f6b6088723400a2725ba1626619b1d4ab750d9d047a1787341c54f96a60198) on a VM and didn't see it do any unexpected file accesses or network connections.
posted by BobInce at 11:13 AM on March 28, 2017 [3 favorites]
This thread is closed to new comments.
if nothing else, you can build it yourself and see if you get the same results.
posted by k5.user at 8:03 AM on March 28, 2017