Game: PointBlank

General Topics
1

My wife’s son have a game named PointBlank, which Avast decide is a virus. Avast have already solved that problem once, but today Avast again says it’s a virus. At my com, which also have Avast I can play it without warning from Avast. We both run with Win Xp pro, Sp3. What to do?

2

First ensure a) his VPS version is the latest (090406-0) or at least the same as yours, b) that he has the same version of the game as you.

If his game version is different.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

3

The VPS is the latest, updated today, and the game is the same as mine. It’s 3 computers which have the same game, and only this com can play with Avast on. The other two need to disable Avast to play. The file is already rapported as FP to Avast, in two week or so, but now it’s wrong again. Here is a new scanning to VirusTotal:

a-squared 4.0.0.101 2009.04.06 -
AhnLab-V3 5.0.0.2 2009.04.06 -
AntiVir 7.9.0.138 2009.04.06 HEUR/Crypted
Antiy-AVL 2.0.3.1 2009.04.06 -
Authentium 5.1.2.4 2009.04.06 W32/Threat-HLLAY-based!Eldorado
Avast 4.8.1335.0 2009.04.06 -
AVG 8.5.0.285 2009.04.06 -
BitDefender 7.2 2009.04.06 -
CAT-QuickHeal 10.00 2009.04.06 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.04.06 -
Comodo 1101 2009.04.06 -
DrWeb 4.44.0.09170 2009.04.06 -
eSafe 7.0.17.0 2009.04.06 Suspicious File
eTrust-Vet 31.6.6435 2009.04.03 -
F-Prot 4.4.4.56 2009.04.05 W32/Threat-HLLAY-based!Eldorado
F-Secure 8.0.14470.0 2009.04.06 -
Fortinet 3.117.0.0 2009.04.06 -
GData 19 2009.04.06 -
Ikarus T3.1.1.49.0 2009.04.06 -
K7AntiVirus 7.10.694 2009.04.06 -
Kaspersky 7.0.0.125 2009.04.06 -
McAfee 5576 2009.04.06 -
McAfee+Artemis 5576 2009.04.06 -
McAfee-GW-Edition 6.7.6 2009.04.06 Heuristic.Crypted
Microsoft 1.4502 2009.04.06 -
NOD32 3990 2009.04.06 -
Norman 6.00.06 2009.04.06 -
nProtect 2009.1.8.0 2009.04.06 -
Panda 10.0.0.14 2009.04.06 -
PCTools 4.4.2.0 2009.04.06 Packed/ExeSt
Prevx1 V2 2009.04.06 -
Rising 21.23.41.00 2009.04.03 -
Sophos 4.40.0 2009.04.06 -
Sunbelt 3.2.1858.2 2009.04.04 VIPRE.Suspicious
Symantec 1.4.4.12 2009.04.06 -
TheHacker 6.3.4.0.302 2009.04.06 -
TrendMicro 8.700.0.1004 2009.04.06 -
ViRobot 2009.4.6.1680 2009.04.06 -
VirusBuster 4.6.5.0 2009.04.06 Packed/ExeStealth

Seems that Avast not detect it in VT so why it’s stopping at the game?

4

Does it have the same MD5?

5

Well avast doesn’t detect it in VT but that isn’t unusual as VT isn’t able to update the VPS in real time as the user is and this is often the cause. Remember the point of submitting it to VT is to see what the other scanners find. The dates shown may indicate that the avast VPS on VT is up to date or perhaps a day out of date.

However, there are multiple others that don’t like it, though many of those are suspicious/heuristic rather than a specific signature detection. It may just be how the file is packed (compressed) which is often taken as suspicious.

So it is a bit of a mystery, but you didn’t give the malware name assigned on the avast detection, I suspect win32:trojan-gen ?

6

I don’t know what “MD5” is, so I can’ answer that. When I tried to start the game to check the malwarename, Avast don’t react. That means that now they both can play with Avast active. What have happened I don’t know, but it working alright now. :slight_smile:

7

Each file has a unique identification, and even though a file might be called something different, the content of the file would have a unique identifier. There are many different identifiers, the MD5 one is one of the most common. http://en.wikipedia.org/wiki/MD5

There are some free tools that you can use to get the nd5 for a particular file, this is just one of a search for md5 tools, http://www.bullzip.com/md5/md5.htm.