Stargrade.exe [game] - virus detected - false positive?

Stargrade.exe - virus detected - Is this a safe download?

Stargrade is one of several free games that I downloaded from www.softlab.gda.pl
[They also have the popular Mario Forever game.]
I previously downloaded to another PC and then transferred it to my PC a day or two before I did a Virus scan. After Avast deleted it, I went back to their website. As I began to download it again, Avast popped up alerting me of the same virus.
Of the games that they have for download, this is the only one where a virus is detected by Avast.
I scanned it with Trend Micro security suite on another PC, but NO VIRUS was detected in Stargrade.
I also did an online Virus scan with Symantec, and NO VIRUS was found.
Is this a false positive… or is there a Virus in Stargrade?

-Angelo

There has just been a large VPS update so it might be the cause.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 29 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

Hi uawildcat25,

Here is a secure download link for Stargrade: http://gry.wp.pl/core.html?filtr=1,0&x=gra,29,7006&ticket=5552067925914435VleJIxYoE9NMs%2FEOc5ZgKrhXEwtpi4aIi1Iyk0m9eGmUzkKIx%2BPeiQq8fEouw1TahwQGyAC81JhWFYhZLlEO4YDBiADxkgcvgqWy1yTtmrI%3D

Checked it with DrWeb av hyperlink checker.
The link you gave was marked by McAfee SiteAdvisor as with unsafe downloads.

polonus

Well i checked that file on virus total…here are the results:

Complete scanning result of “CCTrans.dll”, received in VirusTotal at 02.27.2007, 00:39:23 (CET).
Antivirus Version Update Result
AntiVir 7.3.1.38 02.26.2007 no virus found
Authentium 4.93.8 02.26.2007 no virus found
Avast 4.7.936.0 02.26.2007 Win32:Trojan-gen. {Other}
AVG 386 02.25.2007 no virus found
BitDefender 7.2 02.27.2007 no virus found
CAT-QuickHeal 9.00 02.26.2007 no virus found
ClamAV devel-20060426 02.27.2007 no virus found
DrWeb 4.33 02.26.2007 no virus found
eSafe 7.0.14.0 02.27.2007 no virus found
eTrust-Vet 30.4.3434 02.26.2007 no virus found
Ewido 4.0 02.26.2007 no virus found
FileAdvisor 1 02.27.2007 no virus found
Fortinet 2.85.0.0 02.26.2007 no virus found
F-Prot 4.3.1.45 02.26.2007 no virus found
F-Secure 6.70.13030.0 02.27.2007 no virus found
Ikarus T3.1.1.3 02.26.2007 no virus found
Kaspersky 4.0.2.24 02.27.2007 no virus found
McAfee 4971 02.26.2007 no virus found
Microsoft 1.2204 02.26.2007 no virus found
NOD32v2 2082 02.26.2007 no virus found
Norman 5.80.02 02.26.2007 no virus found
Panda 9.0.0.4 02.26.2007 no virus found
Prevx1 V2 02.27.2007 no virus found
Sophos 4.14.0 02.26.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.27.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.26.2007 no virus found
VBA32 3.11.2 02.26.2007 no virus found
VirusBuster 4.3.19:9 02.26.2007 no virus found

Aditional Information
File size: 73728 bytes
MD5: 4d2edb473521a27c8694c3843812333e
SHA1: 6efaeaf2751c519ca75a0c085da6f8e4486d2b7f

So only Avast detects this…
I will send this file to avast because i think it’s a FP

Quoting:
Hi uawildcat25,
Here is a secure download link for Stargrade: http://gry.wp.pl/core.html?filtr=1,0&x=gra,29,7006&ticket=5552067925914435VleJIxYoE9NMs%2FEOc5ZgKrhXEwtpi4aIi1Iyk0m9eGmUzkKIx%2BPeiQq8fEouw1TahwQGyAC81JhWFYhZLlEO4YDBiADxkgcvgqWy1yTtmrI%3D
Checked it with DrWeb av hyperlink checker.
The link you gave was marked by McAfee SiteAdvisor as with unsafe downloads.

I went to the link above, but I could seem to download it for various reasons. The main reason, I don’t speak Polish and there was no link for English. I clicked on a few buttons that I thought would lead me to the download but no luck.

So I will just assume that it was a false positive. And thx for reporting this to Avast.

-Angelo

Never assume anything with your computer security, your file may differ from Hawk’s do the confirmatory checks.

As you suggested, I also did a scan. the scan was done on a Dell desktop with XP home sp2, with Trend Micro suite installed. With my scan, a few more scanners detected it as a threat.

Complete scanning result of “Stargrade.exe”, received in VirusTotal at 02.28.2007, 05:53:30 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.27.2007 no virus found
Authentium 4.93.8 02.27.2007 W32/Downloader.BVA
Avast 4.7.936.0 02.27.2007 no virus found
AVG 7.5.0.441 02.27.2007 no virus found
BitDefender 7.2 02.28.2007 no virus found
CAT-QuickHeal 9.00 02.27.2007 no virus found
ClamAV devel-20060426 02.28.2007 no virus found
DrWeb 4.33 02.27.2007 no virus found
eSafe 7.0.14.0 02.27.2007 suspicious Trojan/Worm
eTrust-Vet 30.4.3440 02.28.2007 no virus found
Ewido 4.0 02.27.2007 no virus found
FileAdvisor 1 02.28.2007 No threat detected
Fortinet 2.85.0.0 02.27.2007 W32/Agent.EX!tr.dr
F-Prot 4.3.1.45 02.28.2007 W32/Downloader.BVA
F-Secure 6.70.13030.0 02.28.2007 W32/Agent.CYZ
Ikarus T3.1.1.3 02.27.2007 no virus found
Kaspersky 4.0.2.24 02.28.2007 no virus found
McAfee 4972 02.27.2007 no virus found
Microsoft 1.2204 02.28.2007 no virus found
NOD32v2 2083 02.27.2007 no virus found
Norman 5.80.02 02.27.2007 W32/Agent.CYZ
Panda 9.0.0.4 02.27.2007 Suspicious file
Prevx1 V2 02.28.2007 no virus found
Sophos 4.14.0 02.26.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.28.2007 no virus found
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.27.2007 Trojan.Win32.Agent.F43D
VBA32 3.11.2 02.27.2007 no virus found
VirusBuster 4.3.19:9 02.27.2007 no virus found

Aditional Information
File size: 1699943 bytes
MD5: 4ed0d1ab08660abfdbe84dc8893a2c6f
SHA1: a995bf3511fd179f2e03fff9f1fb60918b0404de
packers: UPX, ZLIB
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=4ed0d1ab08660abfdbe84dc8893a2c6f

Hello,

Here is the removal info for this malware, adclicker ao alias W32/Downloader BVA:
http://www.trendmicro.com/vinfo/grayware/ve_GraywareDetails.asp?GNAME=ADW_MEMLOAD.A

Whenever you computer is fully cleansed from malware, install appropiate adware prevention:
Ad-Aware, Spybot S&D, SpywareBlaster (the latter only to be installed if the system is a 100% clean). Also scan your comp with a-squared AT scanner (free).

polonus