I Said:
Avast(current version) alert about Win32:Monga [trj] in file
hxxp://acclaim.solidstatenetworks.com/2moons_downloader_us_8-28-2008.exe
I did the comunication about the trojan in the game 2moons forum hxxp://phpbb.acclaim.com/2moons/viewtopic.php?t=107970
hxxp://2moons.acclaim.com/download.htm
Look this link is the same server.
2Moons VGM said that:
“Only Avast! seems to detect a “trojan” when clearly there aren’t any - other antivirus programs detect nothing. If you’re downloading from the official Acclaim website, there’s nothing to worry about.”
What is the truth?
01/09/2008 17:06:53 1220299613 LOCAL SERVICE 1772 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
01/09/2008 17:07:29 1220299649 Andrezao 3848 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
01/09/2008 17:09:32 1220299772 LOCAL SERVICE 1772 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
01/09/2008 17:10:02 1220299802 Andrezao 984 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
01/09/2008 17:38:21 1220301501 Anderson 1232 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
02/09/2008 20:18:04 1220397484 Anderson 3764 Sign of “Win32:Monga [trj]” has been found in “E:\Downloads\2moons_downloader_us_8-28-2008.exe” file.
The DrWeb link checker doesn’t find anything at the link you gave.
the download you downloaded from doesn’t appear to be acclaim.com that I would guess they are talking about as the official acclaim web site ???
there really is only one way to check and that is by analysis. You would need to pause the web shield to be able to download it and take no action when the standard shield alerts (as it most likely will) when it is downloaded to your HDD.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Update, OK I tried downloading this, twice actually, once without the web shield disabled and no alert by the standard shield, I repeated it with the web shield enabled and again no detections.
So what version of avast are you using, the latest versions are, program 4.8.1229, VPS 080902-0 ?
Using notepad, check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. Or the C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log file which is the data file where the info is stored.
please send a copy here following these instructions
and a link to the virus total results
see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451,
how to report it to avast! and what to do to exclude them until the problem is corrected if you think a FP
I’ve the same problem,if I run Pro Evolution Soccer 2008 with kitserver. :-[ I don’t know, what I can do. I’ve downloaded new update of avast! and iAVS, too. :-[ Still doesn’t work, I just click on install in setup of kitserver, and avast! warns me, that there’s a Win32:Monga [trj]. Please, don’t kill me, if I’ve given too less informations about my problem, but I’ve never ever been there and I don’t know much about it… I need a professional help! I want to fix my problem and I want to play PES again! Tell me, what you need or what I must do and I’ll do it!
Check if you really has the latest VPS (virus database) update.
You need to use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…
For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…
You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.
Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
What avast! version and virus database are you using? (see About dialog of avast!)
Yes, I can… I hope it could be like this!
6.9.2008 21:49:13 XXX 1868 Virus “Win32:Monga [trj]” byl nalezen v souboru “D:\Hry\Pro evolution soccer 2008\PES08\PES2008.exe”.
avast! version 4.8 Home Edition
VPS: 080906-0, 06.09.2008
I have Czech language in avast, so maybe you don’t understand, but it says that “…it was found in…”
It isn’t unusual to not have avast detect on VT when it does so on your system. VT isn’t able to update the VPS in real time as the user is and this is often the cause.
Remember the point of submitting it to VT is to see what the other scanners find and this basically confirms a false positive.