Over 20 yrs in networking / IT and communications, I therefore believe I have a very good idea what I'm talking about, thank you very much.
If you prefer - I can spoon feed you a fuller explanation, if you like;
I downloaded the game, ran it through multiple Spyware and A/V programs.
I installed said game, and used it for years, always keeping the originally downloaded ISO for new machines / installs.
Some years later, my A/V picks up on a Trojan. Surprised I unpacked the original ISO stored on another machine, ran it though same A/V, and sure enough, a Trojan had existed all that time.
So even if you check - not all A/V's are aware of all viruses.
As for 'knowing how to do it proper', yes I used to use Newsgroups, and those hard-to-get CDs with all manner of s/w on them. But even there - those CDs were too found to contain viruses, that we were not yet aware of.
Key gens, bad ISOs, and so on, go ahead and keep exposing yourself.
It sounds like you could well be the 'noob' here.
How can you be sure it really was a trojan and not a false positive? Did it notice and stop any suspicious services running on your PC? Cracked games trigger lots of false positives. Can't really trust a single or even 2 AVs, thankfully nowadays there's Virustotal.