sry for posting in the wrong place just now… so should i just submit the the file as false positive?
result in virus total :
a-squared 5.0.0.31 2010.07.16 -
AhnLab-V3 2010.07.17.00 2010.07.16 -
AntiVir 8.2.4.12 2010.07.16 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.16 -
Avast 4.8.1351.0 2010.07.16 Win32:Sality
Avast5 5.0.332.0 2010.07.16 Win32:Sality
AVG 9.0.0.836 2010.07.16 -
BitDefender 7.2 2010.07.17 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.16 -
Comodo 5451 2010.07.16 Heur.Pck.Themida
DrWeb 5.0.2.03300 2010.07.17 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.16 -
F-Secure 9.0.15370.0 2010.07.16 -
Fortinet 4.1.143.0 2010.07.16 -
GData 21 2010.07.17 Win32:Sality
Ikarus T3.1.1.84.0 2010.07.16 -
Jiangmin 13.0.900 2010.07.16 -
Kaspersky 7.0.0.125 2010.07.17 -
McAfee 5.400.0.1158 2010.07.17 Artemis!FD56DB070488
McAfee-GW-Edition 2010.1 2010.07.16 Artemis!FD56DB070488
Microsoft 1.6004 2010.07.16 -
NOD32 5285 2010.07.16 -
Norman 6.05.11 2010.07.16 -
nProtect 2010-07-16.01 2010.07.16 -
Panda 10.0.2.7 2010.07.16 Suspicious file
PCTools 7.0.3.5 2010.07.17 -
Prevx 3.0 2010.07.17 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.17 Sus/Sality-A
Sunbelt 6595 2010.07.17 -
SUPERAntiSpyware 4.40.0.1006 2010.07.17 -
Symantec 20101.1.1.7 2010.07.16 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.17 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.16 -
VirusBuster 5.0.27.0 2010.07.16 Packed/Themida
Additional information
File size: 1884160 bytes
MD5 : fd56db070488273b75f1c9875bd94759
SHA1 : f4b6a3d093e82f0f0dfa501ede8d66521e56d227
SHA256: 7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x133014
timedatestamp…: 0x4979695F (Fri Jan 23 07:53:19 2009)
machinetype…: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xCE000 0x22000 7.97 ebd8a6eefd128ac8f90e4232d186df65
.rsrc 0xCF000 0x625B0 0x41000 7.95 05acff6eac0028146020ab02684aaff0
.idata 0x132000 0x1000 0x1000 0.24 f5ac2ce60737c87682ba156e406b7f27
SA_L 0x133000 0x2DF000 0x167000 7.80 d737468b24fc79f7fe8a60325460734f
( 2 imports )
comctl32.dll: InitCommonControls
kernel32.dll: CreateFileA, ExitProcess
( 1 exports )
_interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:APDZ/qbc+KiWtDkfUM6BN2O0qaIlayj1s:APDZ/qbdKK/6eO0qaryj
sigcheck: publisher…:
copyright…: Copyright (C) 2008
product…: SuddenAttack
description…: SuddenAttack
original name: SuddenAttack
internal name: SuddenAttack
file version.: 1, 0, 0, 1
comments…:
signers…: -
signing date.: -
verified…: Unsigned
PEiD : -
packers (F-Prot): Themida
RDS : NSRL Reference Data Set
Did you run an Avast scan on your machine?
Edit: OP’s prior post in wrong section of forum: http://forum.avast.com/index.php?topic=62418.0.
Doesn’t look like a FP…
asyn
Looks like a real Sality infection.
You will need to format and re-install your OS. Backup all your personal files (non-PE) before you start from scratch.
Virut and other file infectors - Throwing in the Towel?
When should I re-format? How should I reinstall?
You can also use Sality Killer or Dr. Web CureIt.
but then… this program is a popular online game worldwide… and i played this game for around 3 years without any problem or detection from nod32 before i switch to avast. ???
I also have the Sudden Attack SEA multiplayer game installed on my computer and when I did a full scan with avast recently, it detected the launcher.exe in the SuddenAttackSEA folder as a Win32:Sality.
I am also thinking if it may be a false positive as I downloaded this game from the official site and I know it is a game that many many people in Malaysia and Singapore play. And as far as I can tell, there appears to be no symptoms of a Win32:Sality infection - my firewall, anti-virus, etc are running fine…
However, I found something that seems interesting to note. When I went to the settings for the File System Shield, SuddenAttackSEA was under the exclusions and I don’t remember ever putting it there myself.
Is there anything that can be done to confirm whether this file is really infected or just a false positive?
Is there anything that can be done to confirm whether this file is really infected or just a false positive?Upload to www.virustotal.com and test the file with 43 malware scanners when you have the result, copy the URL in the address bar and post it here
virustotal seems to be down at the moment? I get redirected to a page saying "Sorry! We could not find www.virustotal.com
It may be unavailable or may not exist."
It is working fine here… ???
you can also try http://www.virscan.org/ or http://virusscan.jotti.org/en
+1
No problems with VT here…
asyn
if you get redirected…maybe you should check for malware with
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
It is working fine in my comp now… avast no longer detect it as a threat… Is your virus definition up to date?
Derick
Oh wow, already sidetracked by another problem…
I get redirected from virustotal. I better scan my comp with malwarebytes.
Could there be other reasons apart from malware that I get redirected and can’t access virustotal?
EDIT: Ah I did a bit of searching and the reason why I can’t access virustotal seems to have something to do with my ISP’s DNS.
Now back to the main problem - I will try and update my avast virus definitions and scan again to see if the file still comes up as infected.
I updated my virus definitions and rescanned and the file was still picked up as a win32:sality.
I also uploaded the file to virustotal and here is the result…similar to derick123’s
So what should I do from here?
I also have a few questions:
- Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be fairly trusted - the official game website)
2)As I mentioned in an earlier post - is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don’t remember ever putting it there myself?
Before this, avast also picked up launcher.exe as virus in my comp… but after i reformatted my comp,avast no longer pick it up as virus… what about trying to uninstall your sudden attack and reinstall it? does that solve your problem? my virus total result: http://www.virustotal.com/file-scan/report.html?id=887a0a94f9df16a50f82ccfc9bedda4b2a0b97cdfc3b5768f26161fc8b33bfc1-1288019238
@ derick123,
If Mopppp is being redirected on the Internet, this is a clear sign of malware. Therefore uninstalling/installing a game will not resolve the problem. This OP has much deeper issues that need to be dealt with. Thank you for trying.
@ Mopppp,
You clearly have signs of malware on your machine.
-
Can you please update and run a FULL MBAM scan, then cut and paste the log to this thread. Quarantine any threats/infections that come up (do not delete or ignore the infections).
-
Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.
Follow the directions for obtaining the OTL logs. Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).
After you post the MBAM and OTL logs, I will then refer you to our Certified Malware expert, Essexboy, for malware removal. After completing your OTL logs, do not make any changes to your machine.
Essexboy will analyze your logs and give you further instructions here in this thread, therefore check the thread at least daily; he is on UK time zone. In the meantime, I will be available to assist you should you have any questions. Do you have any questions?
Ah I already said this in an earlier post - I found out the reason I am getting redirected is because of a problem with my Internet Service Provider’s (ISP’s) Domain Name System (DNS) service. The redirecting has nothing to do with malware. I ran a full scan of malwarebytes and came up completely clean.
You reported win32:sality, which is a nasty malware. How do you know that the reason you are getting redirected is because of a problem with your Internet Service Provider’s (ISP’s) Domain Name System (DNS) service? How have you fixed this problem?
I am willing to offer you assistance if you want it.