Cheat Engine

Dark Byte · Posted: Sat May 21, 2022 12:20 pm Post subject:

you may have to add an exception for the temp folder explicitly.

But the message "Operation did not complete successfully because the file contains a virus or potentially unwanted software." usually comes from either "realtime protection" or "reputation based protection" still being enabled (it's not defender)

geekgirl101 · How do I cheat? Reputation: 0 Joined: 21 May 2022 Posts: 2

Jake78 · Posted: Sun Jul 10, 2022 4:55 am Post subject: Antivirus

Bit Defender won't let me install it even after I disable realtime protection because it detects malicious behaviour of installer. (And I don't want to disable last line of defense - behavior based detection. I had already reset my Windows several times due to persistent infections which had been bogging down my Hard disk making PC almost unusable. I built source from GitHub but it doesn't contain kernel mode driver so I can't enable speed hack. Can you tell me how to add kernal driver to git-hub build? Confused

Dark Byte · Posted: Sun Jul 10, 2022 5:11 am Post subject:

you need to compile the speedhack dll's from the sourcecode, not the driver

Jake78 · Posted: Wed Jul 20, 2022 10:08 pm Post subject: Cheat Engine compilation

Dark Byte · Posted: Thu Jul 21, 2022 4:07 am Post subject:

Same way I do it. Just open the speedhack.lpr in lazarus, and then build.

The Change build mode button (left of the play button) has a dropdown menu where you can select the version to build (32/64 bit)
You can also use run->compile many modes and then compile the 32 and 64 bit builds from there

Jake78 · Posted: Wed Aug 24, 2022 11:15 am Post subject: Bundled Malware

This is posted on Quora as an answer to "Is cheat engine safe to download?"

Answer by "Guillaume Tera
·
Follow
Former Avionic Mechanic (2018–2019) Jul 3
No, Cheat Engine is no longer safe to download. It was when we had an alternative way to downloading it.

Any downloads from now on will attempt to install “OfferCore” which is a nice little malware. It’s not the worst thing, but the issue is that it creates huge weaknesses in your security that can, and surely will, be exploited by someone else.

Offercore will also modify things in your registry and other places you don’t want it to modify.

Offercore will install itself in your windows, and even worse, windows defender will only desinstall it. But it will reinstall itself later on because it infects other parts in your PC.

There are alternatives such as ArtMoney instead of Cheatengine. Those work just as well if you just want to modify some memory values.

But what if you already installed cheatengine?

I highly suggest you get MalwareByte and run a scan. It will detect also changes in registry. For my case, OfferCore modified 11 files in my system that MalwareByte found. And I have no idea if my system is now 100% clean.

Windows defender only found 1 file out of 11."

Any Comment?

Dark Byte · Posted: Wed Aug 24, 2022 2:14 pm Post subject:

Just fearmongering of uneducated people who freak out when their anti virus tells them something is dangerous. And then freak out even more when they try to delete it and aren't allowed to, because their anti virus is blocking them disk access to the files it thinks are dangerous (And especially hilarious when they tell the AV to delete it for them, and then the AV fails to delete it, because it's blocking itself)

It doesn't attempt to 'install' offercore. It just uses a third party advertiser network to download optional software you may or may not be interested in (AV Like Mcafee, or avast, VPN, file management tools, etc...)
It likely records which software you have installed before, so it won't offer those again

It is verified and up to downloader/advertiser rules and does not do anything besides offer the software download, and if clicked on accept, downloads the software, else it won't do a single thing

Here's a recent execution of the installer on my main system and goes into what it actually installs.
https://www.youtube.com/watch?v=v7QsS5qp0og
Is my system fucked after running it? No. Did it install anything after making this video? No? Is my anti virus still disabled? No, I turned it back on, and it still hasn't detected anything (Besides the cheat engine installer file)

Also, just noticed that noxplayer on bignox.com uses the same advertiser network

Anyhow,
if you're too afraid of this 'installcore' then join the CE patreon and get a version without it. (Your antivirus will still complain, it tends to have even more virus detections, but no ads)

Jake78 · Posted: Wed Aug 24, 2022 8:03 pm Post subject:

Thanks for the reply. It is nice to know you knowingly didn't add malware Cool

. But I hope antivirus vendors be a little more careful about which they block and which they won't, otherwise, users have to switch off their antivirus frequently, and consequently, they will get into a habit of opting out of blocks and eventually fall prey to malware because they become careless of choice which they should unblock and which they shouldn't. Also, antivirus programs didn't give much of an insight into the reason they block or quarantine a particular program other than some technically savvy, brief, and generic explanations which are generally hard to search even online due to them differing from one vendor to another. Furthermore, Reporting false positives is with some vendors are lengthy affair since they provide no such option in their main program hence users have to manually search Google/Bing to find their sample submitting service page and manually upload the item. (of course, you have to manually restore the item from quarantine first.) For most non-technically non-savvy people this is a boring task even if they know or find how to do it. For a critical industry like it, this is a huge weakness in particular. Of course, this has nothing to do with the Cheat engine or Darkbyte or Cheat engine but I intended to mention this because it affects Cheat Engine too.

By the way, your program is great and I've heard some young engineers in their early careers prefer Cheat Engine over professional tools like IDA pro or Ghidra for reverse engineering and disassembly because they are used to Cheat Engine as a Game hacking tool. Of course, the Cheat engine is by no means unprofessional, just that it is fine-tuned for gaming (or I think so). We all love Very Happy

Cheat Engine (other than the game developers of course). Please kindly keep up the good work! Many many thanks! Smile

LeFiXER · Posted: Thu Aug 25, 2022 9:00 am Post subject: Re: Bundled Malware

timomajere · Posted: Thu Oct 20, 2022 9:10 am Post subject:

Hello, new guy to these forums and this cheat engine.
Not gonna delve into what I know and don't, just wanted to ask a straight forward question.
My alert isnt saying Trojan, its.. showing this..

PUADlManager:Win32/OfferCore
affected files is the installer.

webfile: C:\Users\MYNAME\Downloads\CheatEngine74.exe|XXXXX://d3l9r5lew7psag.cloudfront.net/installer/7592316402693636/8338005|pid:4648,ProcessStart:133107515540832852

The XXXXX is https It says i cant post links yet...

I just want to know what all that is if the files needed exist in the installer i just downloaded?

Not a panic thing here.. I ain't worried. Just asking a question.
Thank you.

Dark Byte · Posted: Thu Oct 20, 2022 9:24 am Post subject:

i think the part after the .exe is metadata added to the file by your browser to show where you downloaded it from

the warning shows that part after the .exe as information to inform you

timomajere · Posted: Thu Oct 20, 2022 9:42 am Post subject:

Rifmaster · Posted: Sat Feb 04, 2023 3:14 am Post subject: Re: OMG VIRUS!!!

hcova · How do I cheat? Reputation: 0 Joined: 11 Feb 2023 Posts: 1

I run virustotal and there are many AVG that reports it as a malware. Desktop Malwarebytes and McAfee programs say the same.