That happens to me whenever I try to access it through Bigpond’s DNS servers. It works fine on OpenDNS tho
@SafeSurf
I did a bit of searching around on the internet and found many people using my ISP have complained about the DNS service. So I manually changed my internet to use the Google Public DNS and I was able to access virustotal (hence being able to post the results in the link I provided). And so because of this I am sure that the problem of being redirected does not involve malware.
Also let me restate…
I ran a full avast scan and the launcher.exe file was the only file detected and so I quarantined it in virus chest.
I ran a full MBAM scan and NO files were detected as malware.
So what should I do from here?
I also would appreciate it if someone could answer these questions that I have:
-
Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)
-
Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don’t remember ever putting it there myself?
- Yes, that’s possible.
- Yes, it’s strange…!
asyn
If you ran the Avast scan first, then MBAM may have had nothing to pick up as a threat. We do recommend that any threats/infections in the Virus Chest (VC) remain there for 1.5 - 2 weeks. You can, however right click on the item(s) in the VC to rescan it, especially since Avast just put out a large update. If the rescans still comes out as infected, then it is malware and leave it in the VC. Should it come out clean, you can restore it.
-
Not unless it is a FP, in which case follow the directions I posted above in THIS post for rescanning items in the VC after Avast does periodic updates.
-
Yes, very unusual. Does anyone else use your machine? Did you check for a keylogger or other type of malware that allow remote access to your machine?
Other suggestions I have for you are:
Keep your definitions up to date for both Avast and MBAM. Keep all your shields on with Avast, do Quick scans with MBAM, and add things to your browsers for safer browsing.
You may also want to check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software is changing all the time. This site gives you the vendor’s direct download link making it easy to upgrade your software. Many of us here scan our machines weekly.
No one else uses my computer. I did check for keyloggers and other malware by scanning with an updated MBAM (coming up clean with no files detected).
Is it unusual because only way to put something onto the exclusion list is manually?
In the meantime, I will keep the file in the virus chest and scan it regularly. I will post up my situation after some time has passed.
Yes.
Keep us posted.
Well it has been about a week since the file was first detected.
I have been regularly scanning the quarantined file with avast and it is still being detected as a win32:Sality.
I also uploaded it again to virustotal today.
And the result is the same as last week’s.
Today’s result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288617733
Last week’s result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519
So does this mean this is not a false positive?
Your VT link for today’s results didn’t come through, but you said that were the same as last week’s, so I believe you.
If you rescanned the items in the VC, I would err on the side that it is malware since Avast did a large update recently. However I would also suggest that you keep it in the VC longer and rescan in another week, but I wouldn’t hold my breath that the results would change.
Let me ask you something: Is your machine acting normally now or not? If not, please describe any problems.
Also, have you performed additional MBAM scans (update MBAM first)? Thank you.
My machine is acting normal as far as I can tell. Nothing unusual at all. The symptoms for a win32:Sality infection includes the disabling of security-related processes, but my firewall (comodo), antivirus (avast), and background spyware scanner (spybot) all appear to be running normally.
As for MBAM, I have done 3 scans with it since the file was detected and all scans have come up clean.
Are the files in the VC necessary files to run your machine or not? You should leave them in the VC longer to rescan, but as I said, I really do not think the results of the scan will change.
The file in the VC right now is launcher.exe - just the launcher for an online game.
Leave it in the VC for a few more weeks and rescan weekly. If you still get the same results, it is definitely malware. As of now, this does not look like a FP.
OK. Thanks for your help so far.
May I ask when another big update for avast will come along?
Avast 5.1 is being worked and relatively close, monitor the forums for notification of the beta release and the regular release shouldn’t be too long after that.
@ Mopppp,
Keep me posted and let me know if you have any questions. Thank you.
If this launcher.exe is really infected. How do I remove it?
Since it is the only infected file I pick up on Avast scans, can I simply delete it using the virus chest option?
Yes, you can remove it that way, however since Avast does updates, there is a slim possibility that is could be a FP, and therefore that is why I suggested keeping in the VC longer while Avast does updates and you rescan it weekly. It can’t hurt to keep it there longer; it is safe in the VC and cannot harm your machine while in there.
Well, I no longer play Sudden Attack SEA anymore, and was thinking about uninstalling it before I picked it up as an infected file.
So I think I will go on ahead and uninstall the game along with deleting launcher.exe from the VC
Thanks for all the help.
You are quite welcome. Make sure after cleaning your machine, you reboot. Then clean your machine again with CCleaner and TCF…reboot again. If in doubt, run scanners (Avast and MBAM) to be sure nothing is hidden after deleting.
I’m glad I could assist you. Feel free to come back any time you need help, to learn something new, or just to ask questions. Thank you. 