I just downloaded a exe file which is meant to be a game mod for GTA IV (LCPD:FR) and looking at all the feedback, I thought i’d give it a go (over 53k downloads) but before I installed I uploaded the file to VT to see what it said first and this is what it returned:
According to that, Avast didn’t detect anything but 2 others are giving 2 detections but don’t know if their FP or not, any idea’s where I go from here?
The FP could be a heuristical flag for a bifrose variant (trojan/win32.chifrax,gen (and gen denotes it is a generic find!). These kind of detections could indeed be FP-prone. McAfee’s finds the “Heuristic.BehavesLike.Win32.Fake.O” here probably meaning that the program is behaving like a fake windows 32 file. Some game proggies like Pkdude behave in a similar way and therefore are FP-prone and run by testers. Here the wakoopa file was classified as “malware dropper”, see: htxp://www.prevx.com/filenames/920927429217678332-X1/03906147.html
Malware is also found up in game trainers like Trojan.Win32.Shutdowner!IK 20120407
I would also bet on a false positive in this case, but as files like this become uploaded and shared a lot, there is always a slight chance to stumble onto something from suspicious sources, like romanian upload & share sites for instance,
Yeah, i’ve come to the conlusion that it’s likely just a FP, as I downloaded the stable verison of the mod and not the beta one and it gives no detections at all on VT.
Thought when I do install, i’ll def keep an eye on how my PC acts after a few hours.