PC game trainers classified as game hacks, means trojan or virus?

I have been using game trainers (which modify a PC game to do something other than the game maker intended) from CheatHappens (CH) on single player PC games for many years. They update them for current games, usually until the last game patch is made. They usually work, but subscription members can ask for an update or fix, which usually comes pretty quickly.

For some older games like Civilization 5, which hasn't been updated in over a year, the trainer would show up in my AV software (MS Security Essentials with Real-Time protection) as malicious.

CH suggests I scan the trainer (it's an EXE file) at Jottis malware scan which scans it with a few dozen anti-virus programs and gives a report. Usually about 30-40% of the AV vendor results come back as 'positive' for a virus or trojan.

I submitted one file I used in 2016 with no problems and now comes up as a virus by Security Essentials to F-Secure for analysis and got this back in an email:

====
Greetings,

Thank you for your submission.

Our analysis indicates that the file you submitted is a Potentially Unwanted Applications (PUA) and is detected as Trojan.Generic.22696973. We categorized it as a riskware because the software is a game hack which the behavior like that is unwanted. However, if you are aware of and accept the potential risk associated with this program, you can configure the F-Secure security product to exclude it from scanning.

If there is anything else we can help you with, please do not hesitate to contact us again.

Best regards,
Li Ken
Malware Analyst
F-Secure Security Labs
====

So, what is the definition of a 'game hack'? Is it something I would not want if I wasn't aware of it (someone griefing me) but DO want if I knowingly run it? or something more malicious? What is the general consensus by those who know a little about PC security?

Thanks in advance,
Yet another Steve online

Thanks for the replies.

1) I consider a game 'Trainer' to be one program altering the way another program works. In my case, it lets a gamer (me) knowingly play a single-player game with features or abilities that aren't in the original game, like modifying abilities, weapons, and other stuff. Game 'Mods' are when someone modifies the actual files the game runs. (like an INI or XML file) Some sites host trainers, other sites host mods. I try to use the sites that keep gaming safe.

2) I never intended to promote piracy. I pay for my games, and I pay for the effort being made by those who provide me the ability to play those games how I like. So I pay Steam and GOG (through their game store cut) for their service, and I pay donations to sites like CheatHappens and NexusMods for providing me additional ways to play single-player games the way I want to without having to break out Notepad++ all the time to edit game files like I did many years ago. I'm pretty sure the mod and trainer sites I use would be shut down or get takedown notices if they were doing something that game devs thought was illegal. Breaking EULAs or piracy never entered my mind.

3) I don't cheat on multiplayer games. I hate it, and have left game groups/guilds/clans after finding out that some members were cheating and other members allowed it. But I think of using a 'trainer' like modifying my car for more performance to race it on a controlled racetrack (single-player), not to speed on the open highway (multiplayer). Call it rationalizing if you like. Just know I don't want to cheat others.

4) I don't know how to code, unless it's "10 print Hello, 20 goto line 10". I know enough about PCs to build one and debug my own, as well as help family and friends when theirs go wonky. I would say that while most people I know IRL think I am a computer whiz, most members here would clean my clock as far as actual PC knowledge. (which is why I posted in the first place)

So with all of that being said...

5) My thought when making the initial post was that I got some EXE files from a long-used source I thought was 'safe', that were flagged by my AV as malicious. I was thinking along the lines of when Download.com started adding a wrapper to software that some people thought may install adware.

For the trainer, my thoughts were "Is this program being flagged because one player 'could' use it against another player without their knowledge?" or "Was this program installing some spyware on my machine?" or "Do some AV vendors err on the side of caution because the program has the 'ability' to do something bad?"

I think about stuff like that when installing Google Play apps on my phone. Why does Evernote want access to my phone dialer? Is it to make secret long distance phone calls (bad), or to prevent an app pop-up when I am making a phone call? (good)


Sorry for the long post, but I think the intent of my post may have been construed as being a troll or trying to promote bad behavior. Aside from the length of the post, that was not my intent in the slightest. Feel free to close this thread once others have the opportunity to reply.

Thanks,
Steve

I want to say some things about your latest post:

1) "Game mods" doesn't modify configuration files (.cfg, .ini or .xml files), the trainers do this. Game mod is called something which changes skin, model, map, etc. in the game. Game mods normally shouldn't be flagged as threat by AV software.

5) If your AV flag a trainer as malware or virus, most of the times it is not. Of course this doesn't apply to every trainer. There may be working trainers for a game, but they can be a "backdoor" or some sort of malware too. AV's in general flag trainers as virus not because it is actually a virus, but a cheat for game. Most of the trainers are flagged as virus because of two reasons:

1. It modify game files in malicious way (i.e. the trainer may crack protected files and modify their values so that you can get what you want.

2. It is actually a detected virus (thanks for the clarification, Sherlock). But if you want to know if trainer is safe to use, you can run it inside a virtual machine and test it or you can disassemble the .exe (reverse engineer it) and see for yourself. Notice that disassembling software is against the software's EULA (but I doubt trainers have EULA anyway).

If you download trainers which many people download, the chance for a virus in this trainer is probably low (because someone may already reverse engineered or inspected the trainer and confirmed it is not hidden malware or backdoor).

Android applications which has permission that is useless for it is suspicious. For example, if Android notepad app needs permission to access phone dialer, this without any doubt may be a spying application.