Why does Malwarebytes view a Windows 3.1 program as malware?

[EvilGrins]

I still use a lot of prgorams that I've been using since as far back as I've been using computers, though in some cases I've had to go hunting for downloads to find some I've lost. Like this thing:

Handy little mouse tool. Right-click selects weapons, left-click shoots. You can destroy your desktop or whatever windows you had open before activating it...

...which is handy for destroying certain annoying people on Twitter:

It makes me feel better. Sue me.

Here's what I don't understand: Malwarebytes views the program as malware, although AVG doesn't. It isn't malware but it keeps getting recognized as such by 1 of the 2 system checkers I've got.

Why is that?

[Dr.Flay]

Without knowing what "a windows 3.1 program" or "this thing" is or where it can be downloaded, all I can do is shake some bones in a cup, read some tea-leaves, or pull some mystic cards from a deck.

Some info please. I can't virus test screenshots

*EDIT*
Try this in your browser https://www.virustotal.com/en/documenta ... xtensions/

[EvilGrins]

Some info please. I can't virus test screenshots

Given nature of the question, thought linking might be frowned on.

1) Windows 3.1 is the version of Windows that was out before Windows '95; Microsoft Windows.

2) It's from http://www. MouseRunner. com

Go here http://www. mouserunner. com/MR_StressBustersScreenshots.html skim down to "Stress The Game".

[Dr.Flay]

I take your point, but the product name and site name cane be done without linking....
Too late.
https://www.mywot.com/en/scorecard/mouserunner.com
Site: https://www.virustotal.com/en/url/5f8b1 ... 411712711/
File: https://www.virustotal.com/en/file/2102 ... 411688942/

*EDIT*
Tweaked your URLs

Evidence is inconclusive, but I think it is "jokeware" Avira has it as an option to block.

Note:
Many "desktop hacks" do odd things to the OS, so AV software can detect this as bad activity.
Most of the good AV is ignoring it and most others are aware but classify as a joke. I suspect a false positive.

[JackGriffin]

Without a long technical post, here's the important part:

Back when this was made coders were still very much working out how to show things on the screen. Super quickly the advertiser sites hijacked this code to splash stuff all over your screen. For a long time Windows has established a "pipeline" within the code where things that render to the screen must go or they are discarded. This is the root of a lot of your black screenshots, some games not displaying properly (or at all), etc. I bet you had to run this as an administrator to get it to work? That's why, it had to be specifically allowed.

Anyway MwB sees it as a rogue program that wants to display things to the screen without following the declared path.

[Chamberly]

You can always send MWB a message about what's up and see what they say.

[EvilGrins]

You can always send MWB a message about what's up and see what they say.

I may just.

[papercoffee]

ClamWin can find things other scanner do not even recognize ...but...
Got a worm Trojan alert ...checked it via total virus and got nothing ...only Clam AV reacted on the list.
MwB couldn't find anything ...and SUPER-Antispyware could find other threads (Synthesia and some tracking cookies) but nothing more. After a virus-DB update from ClamWin did I got another trojan warning.
I scan it again ...but I get the slight feeling only ClamWin is somehow corrupted.

[Dr.Flay]

Unfortunately modern AV companies do not share their databases (unlike the Amiga AV software).

MalwareBytes has detected the behaviour of the file rather than an infection.
Jack explained it very well, and it is why we still refer to such software as a "Desktop hack".
A favourite of mine was Lemmings climbing around my windows, but probably the most famous was the desktop cockroaches, hiding under the windows.
Things like this tend not to be "OS legal", and so it is mostly a thing of the past.
However as I said Avira (and some others) can tell these apart, and have a "Joke" category you can enable if these programs are a concern.