Virus in Rappelz, need help!

I installed a free MMORPG game called Rappelz, and ever since I keep getting this from Comodo Firewall:

Date/Time :2007-05-06 23:07:35
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\WINDOWS\system32\svchost.exe
Protocol: TCP Out
Details: D:\rappelz epic 3\SFrame.exe modified the memory of the Parent application C:\WINDOWS\system32\svchost.exe in memory.

Date/Time :2007-05-06 23:07:34
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\WINDOWS\system32\svchost.exe
Protocol: UDP Out
Details: D:\rappelz epic 3\SFrame.exe modified the memory of the Parent application C:\WINDOWS\system32\svchost.exe in memory.

Date/Time :2007-05-06 21:48:49
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: TCP Out
Details: D:\rappelz epic 3\SFrame.exe modified the memory of C:\Program Files\Internet Explorer\IEXPLORE.EXE in memory.

Date/Time :2007-05-06 21:48:48
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (IEXPLORE.EXE)
Application: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Details: D:\rappelz epic 3\SFrame.exe modified the memory of C:\Program Files\Internet Explorer\IEXPLORE.EXE in memory.

I checked SFrame.exe with Virus Total:

AhnLab-V3 2007.5.7.1 05.07.2007 no virus found
AntiVir 7.4.0.15 05.07.2007 no virus found
Authentium 4.93.8 05.04.2007 no virus found
Avast 4.7.997.0 05.05.2007 no virus found
AVG 7.5.0.467 05.06.2007 no virus found
BitDefender 7.2 05.07.2007 no virus found
CAT-QuickHeal 9.00 05.05.2007 no virus found
ClamAV devel-20070416 05.07.2007 no virus found
DrWeb 4.33 05.07.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3616 05.07.2007 no virus found
Ewido 4.0 05.06.2007 no virus found
FileAdvisor 1 05.07.2007 no virus found
Fortinet 2.85.0.0 05.07.2007 no virus found
F-Prot 4.3.2.48 05.04.2007 no virus found
F-Secure 6.70.13030.0 05.07.2007 no virus found
Ikarus T3.1.1.7 05.07.2007 no virus found
Kaspersky 4.0.2.24 05.07.2007 no virus found
McAfee 5024 05.04.2007 no virus found
Microsoft 1.2503 05.07.2007 no virus found
NOD32v2 2245 05.06.2007 no virus found
Norman 5.80.02 05.04.2007 no virus found
Panda 9.0.0.4 05.06.2007 Suspicious file
Prevx1 V2 05.07.2007 no virus found
Sophos 4.17.0 05.05.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.07.2007 no virus found
TheHacker 6.1.6.108 05.06.2007 no virus found
VBA32 3.11.4 05.07.2007 no virus found
VirusBuster 4.3.7:9 05.06.2007 no virus found
Webwasher-Gateway 6.0.1 05.07.2007 Virus.Win32.FileInfector.gen (suspicious)

What should I do ???

Strange… didn’t you find any help from Comodo forum?

Well I decided to write to you first because the firewall says that this activity is common for vireses and trojans.

Does the behavior occur only when you open the game or at other times too?

EDIT: In your initial post the only IPs outside your own computer belong to Comnet-BG which is an ISP in Bulgaria. Does that connection make sense?

Yes Comnet are my internet suppliers.

The behavior occurs right after I exit the game and try to connect to the net.
SFrame.exe I think is a part of the hack shield installed in the game.

I’m not finding anything linking Rappelz to spyware so if you trust it and want to keep playing you should expect some firewall activity when you open and close the program. I don’t think I would be so trusting, but as far as i can tell it just comes down to personal choice with this.

So if I decide now to uninstall the game I could be sure that svchost.exe and IEXPLORE.EXE are not infected in some way ???

I don't think I would be so trusting

Why ???

You can upload them to Virus Total to be checked by multiple antivirus scanners

http://www.virustotal.com/en/indexf.html

Because I’m paranoid about that stuff.

Lots of people play online games with no problems. But many come away from them with worms and trojans. I just prefer to play it safe.

Btw can I send the file to Avast by e-mail ???
And where in the e-mail should I write the password of the archive?

Yes you can.

Put the password in the body of the email.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

A bit of a strange question - how to put a password on the file ???

Use one of these:

http://www.snapfiles.com/get/7zip.html

http://www.snapfiles.com/get/zipgenius.html

Right click on the file and select add to archive or create archive with options/Main settings and enter a password in the appropriate field.

I forgot to mention I have WinRAR :slight_smile:
Can I use it ???

Well, yes. WinRar is capable to put a password on the archive.


Edited:


& the email is virusavast(.)com