Cheat Engine

badcat.co · How do I cheat? Reputation: 0 Joined: 30 Oct 2018 Posts: 2

Hi I've been using the program for a few weeks now and I love it. Very thankful such a tool exist for free.

I know this has been asked before but in previous posts I never saw as many virus total alerts I am getting now.

I wrote a basic trainers for Supreme Commander.

I cant attach directly due to file size limit being 1 bit.

When I generate a trainer from that and scan it in virus total, i get 15+ alerts

The files were denied from popular trainer websites, and I'm kinda stuck as to why. I understand a few based on compression, but there's some warning for keyloggers, ect. too

I downloaded CE directly from Github.

Can anyone help me or provide some advice?

atom0s · Posted: Tue Oct 30, 2018 3:05 pm Post subject:

You aren't going to avoid this using CE's trainer maker, no matter what it's going to always detect as a false-positive. You would need to create your own trainer in a real programming language vs. the automated tool if you want to avoid false-positives like this.

AV's detect CE itself as a cheat tool, which is a false-positive in terms of being an actual threat, they do the same for other things such as keygens, cracks, etc. which have no infection in them but are considered something to be cautious about. Sadly, it makes things look infected when it's not, hence the term false-positive.

Since CE's trainer maker bundles CE inside of itself, you are going to land up with a file that has known markers to look for to determine it's from Cheat Engine. You can try to pack the file or alter the trainer creation to avoid the detections but in most cases you land up creating more that way. You would generally have to change the entire generator of the trainer file to get around the false positives.

But at that point, you're just better off writing your own trainer.

badcat.co · How do I cheat? Reputation: 0 Joined: 30 Oct 2018 Posts: 2

Thanks for your well thought out reply. This community is so supportive and amazing

That makes sense, now that you explain that CE bundles itself. I never considered that but it makes sense.

I am gonna consider this closed. Your response was exactly what I needed. I have downloaded 6.8.1 from GitHub and I know that release is safe. I need to stop being so paranoid about listening to less than perfect AV.

BadCat

atom0s · Posted: Wed Oct 31, 2018 1:46 pm Post subject:

Most AV's gave up on being accurate ages ago and instead of doing a normal 'innocent until proven guilty' approach to detections, most just go with the opposite now and assume everything is a virus cause they are too shitty at making real detections.

False-positives are such a common thing now due to how bad most AV companies implement things or blanket-assume anything with any small bit of code similar to another actually infected file is a virus.

For example, a simple trainer that makes use of a well-known injection method using CreateRemoteThread is generall marked as a virus now in a lot of AV's simply because it's a method that has been used in the past by malicious things. Similar problems with tools made to protect the work of developers (obfuscators, packers, protectors, etc.) all land up being marked as a false positive because of the same reasons.

AV's have become more of a waste of time and resources on someones PC than any type of useful tool. Common sense is generally all most need anymore while using a computer, AV's generally cause more harm than good these days.