Skip to content
View in the app

A better way to browse. Learn more.
LCPDFR.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
[16th April] LSPDFR Enhanced Preview has been updated to include a fix for users struggling to access the PD interior.

Malware Warning

missingjdubb
in Discussion

Featured Replies

The developers have decided that in order for users to support their mod, they should bundle it with malware. 

 

Regular:

https://www.virustotal.com/en/file/5db899214c9fea80e3c5fc8e18b70549a14445ac2cc82b46d786f7fc88812507/analysis/

 

Alternate version

 

https://www.virustotal.com/en/file/bf1db24d5eebdb2983db9afe7f92cd1701e9be695db3d323676d642ed82e7a2d/analysis/

 

Contrary to what has been said in >this thread, this is NOT a false positive, there is malware present, albeit commonly used as a cheap tactic to gain income from it's users. Also both versions have malware, even the "alternate" installer.

 

  • Management Team
  • Popular Post

Before making false accusations, why don't you double check? The normal installation gets "detected" as OpenCandy, which we don't try to hide.

 

The alternative version gets detected for another reason, namely being "confused". This is because we obfuscate our code to prevent it from being decompiled. How is this supposed to be malware?

It's common knowledge that AV software treats packers/obfuscaters as risky sometimes, because it could be used to hide stuff.

 

Please, next time before you accuse of something like this, check the details. You're spooking people only because you have no idea of IT and/or didn't check the details.

Please do not PM me unless really necessary (knowing you helps). If you think you need my attention in a topic, tag me.

    • Author

    Before making false accusations, why don't you double check? 

    ...

    You're spooking people only because you have no idea of IT and/or didn't check the details.

    I know more than you'd imagine. Did you bother to check the links I've posted? Do you even know what malware is? Just because you have fancy name for it and use it to gain income doesn't make it any more or less safe than traditional malware.

     

     

     

    It's common knowledge that AV software treats packers/obfuscaters as risky sometimes, because it could be used to hide stuff.

    Yes, but if you check the link to the analysis, you'll see it checked the known signature.

     

    If you're going to use Opencandy software/malware, than there needs to be some sort of warning before someone downloads the mod. There is no transparency here and you expect people to take your word. Why should we trust you? You're obfuscating code that does what exactly?

     

     

     

    This is because we obfuscate our code to prevent it from being decompiled. How is this supposed to be malware?

    No it makes it harder to be decompiled/reverse engineering, it's still possible. You have security backwards, "how is this not malware" should be the question.

    Edited by missingjdubb

    • Management Team

    I know more than you'd imagine. Did you bother to check the links I've posted? Do you even know what malware is? Just because you have fancy name for it and use it to gain income doesn't make it any more or less safe than traditional malware.

     

    Yes, I did check the links as I take it seriously. But it looks to me you did not. Read the second one again:

     

    "Riskware.Confuser!", "TR/Confuser", "MSIL.Bladabindi", "Confuser.dmcsmu".

     

    The third one is the best one really. We are obfuscating the MSIL code to prevent it from being decompiled. We don't obfuscate OpenCandy, but LCPDFR! Hence MSIL! That's all. There is no OpenCandy included in the alternative install nor anything you could possibly call "malware". I highly doubt you know anything about it. If you did, you would have made your own analysis instead of running it through an online service.

     

    At the end of the day: If you are in doubt, you don't have to use it. But I can assure you there is nothing wrong with it. Go fire IDA on it and see for yourself if you wish.

    Please do not PM me unless really necessary (knowing you helps). If you think you need my attention in a topic, tag me.

    • Popular Post

    The developers have decided that in order for users to support their mod, they should bundle it with malware. 

     

    Regular:

    https://www.virustotal.com/en/file/5db899214c9fea80e3c5fc8e18b70549a14445ac2cc82b46d786f7fc88812507/analysis/

     

    Alternate version

     

    https://www.virustotal.com/en/file/bf1db24d5eebdb2983db9afe7f92cd1701e9be695db3d323676d642ed82e7a2d/analysis/

     

    Contrary to what has been said in >this thread, this is NOT a false positive, there is malware present, albeit commonly used as a cheap tactic to gain income from it's users. Also both versions have malware, even the "alternate" installer.

    You honestly believe that LCPDFR would have over 580,000 downloads and yet it is infected with malware?

     

    Get real. It is indeed a false positive, but if you don't believe me, just delete it!

     

    Since you won't be playing LCPDFR, you won't need to stick around so you can bugger off and take your shitty attitude with you.

     

     

    I know more than you'd imagine. Did you bother to check the links I've posted? Do you even know what malware is? Just because you have fancy name for it and use it to gain income doesn't make it any more or less safe than traditional malware.

     

    Yes, but if you check the link to the analysis, you'll see it checked the known signature.

     

    If you're going to use Opencandy software/malware, than there needs to be some sort of warning before someone downloads the mod. There is no transparency here and you expect people to take your word. Why should we trust you? You're obfuscating code that does what exactly?

    You do realise you're speaking to the lead developer there, don't you?

     

    The amount of effort involved with this mod should prove that they have no reason to implement malware. They wouldn't bother spending this much time working on the project to just fuck people off.

    •

    Im not trying to say it is a virus but why is it when I run a scan on Norton it removes LCPDFR and says it's a Trojan?

    It's a false positive. There is no need to worry.

     

    Sometimes the makers of software obfuscate the code so that it can't be stolen or used without permission. This is also done by some viruses to avoid detection and this is why it is believed by some anti virus software to be malicious.

     

    It happens some times, nothing to worry about. I can personally say that I have inspected the code myself (sorry LMS :P) and there's nothing to hide.

    •

    Im not trying to say it is a virus but why is it when I run a scan on Norton it removes LCPDFR and says it's a Trojan?

     

    It's not a trojan, like explained above it is a false positive. Don't get why some antivirus programs instantly delete stuff though. You might want to add LCPDFR to the exempt list so it won't get deleted again.

     

    Nevermind, AlconH already explained it :)

    Edited by SuperStumpje

    quack.png

    •

    It's not a trojan, like explained above it is a false positive. Don't get why some antivirus programs instantly delete stuff though. You might want to add LCPDFR to the exempt list so it won't get deleted again.

     Oh okay i'll do that.

    • Author

    You honestly believe that LCPDFR would have over 580,000 downloads and yet it is infected with malware?

     

     

    Though the amount of downloads means nothing (see Lenovo's Superfish), you're counting all downloads of LCPDFR, when the only version that has the malware is the latest 1.0d.

     

     

    Get real. It is indeed a false positive, but if you don't believe me, just delete it!

     

    Please look up what Malware is, than look up what opencandy is.

     

     

     

    You do realise you're speaking to the lead developer there, don't you?

     

    The amount of effort involved with this mod should prove that they have no reason to implement malware. They wouldn't bother spending this much time working on the project to just fuck people off.

    I don't care who I'm talking to, unless you know these people personally you can't make blanket assumptions about their character or their motives.

     

    I'm not saying the Opencandy software/malware is screwing people over, but if you're going to bundle your mod with such risky software, there needs to be a disclaimer.

     

     

     I highly doubt you know anything about it. If you did, you would have made your own analysis instead of running it through an online service.

    I highly doubt you know anything about it either, see, we can both talk out of our ass, makes no difference. Why would I waste my time analyzing a simple mod when the problem is clear? Virustotal does a damn good job with preliminary findings, there is nothing new, exciting, or unique about what's going on here. Standard bundle software with crapware. At least have the dignity of placing disclaimers.

    Edited by missingjdubb

    -snip-

    If you don't want to use the mod, don't use it. Spewing bullshit all over this thread won't get you anywhere.

    Have a great day.

    Nothing to see here!

    This topic has been closed by LCPDFR.com staff.

    If you feel that this topic has been closed in error, please report this post.

    de816a4fa5.png

    •
    Guest
    This topic is now closed to further replies.
    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.