I just logged the FOV changer with process monitor.
I think I understand what flags this on most AV software. sh4w1 is just a package for H@tKeysH@@k.DLL, nircmd.exe, sh4wide1.exe, t15717.bat and t15727.exe.
The first of these is a dll for keyloggers. It seems it's only loaded by these executables though, given I opened other processes and none touched it.
The whole thing is quite unorthodox since even after patching (silent hill 4.exe was genuinely sought) it remains in Windows's System32/SysWOW64 folder.
Then there's a second file marked as harmful which should be the actual "loader" of the aforementioned dll.
@echo off set ztmp=C:\Users\Michele\AppData\Local\Temp\ztmp set MYFILES=C:\Users\Michele\AppData\Local\Temp\afolder set bfcec=t15727.exe attrib +h C:\Users\Michele\AppData\Local\Temp\ztmp @echo off %MYFILES%\nircmd.exe exec show sh4wide1.exe %MYFILES%\nircmd.exe exec show "SILENT HILL 4.exe" %MYFILES%\nircmd.exe wait 10000 %MYFILES%\nircmd.exe sendkey 0x71 down %MYFILES%\nircmd.exe waitprocess "SILENT HILL 4.exe" %MYFILES%\nircmd.exe killprocess sh4wide1.exe
The mystery is even crappier if you think that "t15727" is a 15 byte file with only (I said it) 15 bytes: RCHELICOPTERFTW. Which seems the mark of a "bat to exe" converter.
brainDEAD1986 (its creator) being also a somewhat popular russian repacker of games also does not add to his reputation.
I don't own the game, but Garret doesn't seem to have had anything to report.