Win32:MalOb-IJ [Cryp] GOG Galaxy Client spam?

Viruses and worms
1

Today I started getting the following error dozens of times

http://i.imgur.com/70fqB95.png

In the time span of about 20 minuits or so I got well over 200 events, Avast saying that it blocked them all.

Is this a false positive, or am I being attacked, or is this a normal GOG Galaxy process?

Any help would be great.

2

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

I have the three logs, cannot get the aswmbr to finish its scan without crashing.

Thanks for any help.

4

Hello,

The detection is related to GOG.com, a video game distributed through the GOG online portal and can be run from the optional download manager.

I don’t know why avast! flags this (it is a Mal-Generetic routine) so, most likely FP. This is what avast! flags:

  • registry Run key, value ‘GalaxyClient’ with path of C:\Program Files (x86)[i]GalaxyClient\GalaxyClient.exe[/i], 7457336 bytes, created at 2015-05-28 by GOG.com.

This is your legit installer, take a note of time being…

2015-05-25 13:44 - 2015-05-25 13:44 - 62776056 _____ (GOG.com ) C:\Users\MFive\Downloads\setup_galaxy_1.0.2.958 (1).exe
2015-05-25 13:43 - 2015-05-25 13:43 - 62776056 _____ (GOG.com ) C:\Users\MFive\Downloads\setup_galaxy_1.0.2.958.exe

You have a lots of game installed from that portal so the best thing is to contact and talk to “avast! contact us” web support and ask them to remove the FP.

==================== Installed Programs ======================

Alternative Look for Yennefer (HKLM-x32.…\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
Ballad Heroes - Neutral Gwent Card Set (HKLM-x32.…\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
Beard and Hairstyle Set (HKLM-x32.…\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Elite Crossbow Set (HKLM-x32.…\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
GOG Galaxy (HKLM-x32.…{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
New Quest - Contract Missing Miners (HKLM-x32.…\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
New Quest - Fool’s Gold (HKLM-x32.…\New Quest - Fool’s Gold_is1) (Version: 1.0.0.0 - GOG.com)
Nilfgaardian Armor Set (HKLM-x32.…\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
Privateer 2 - The Darkening (HKLM-x32.…\1207659613_is1) (Version: 2.2.0.7 - GOG.com)
Temerian Armor Set (HKLM-x32.…\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32.…\1207664643_is1) (Version: 1.0.6.0 - GOG.com)
Wing Commander (HKLM-x32.…\1207662643_is1) (Version: 2.1.0.18 - GOG.com)
Wing Commander Academy (HKLM-x32.…\1207659473_is1) (Version: 2.1.0.5 - GOG.com)
Wing Commander Armada (HKLM-x32.…\1207659603_is1) (Version: 2.0.0.4 - GOG.com)
Wing Commander II (HKLM-x32.…\1207662653_is1) (Version: 2.1.0.18 - GOG.com)
Wing Commander III (HKLM-x32.…\1207658966_is1) (Version: 2.1.0.7 - GOG.com)
Wing Commander IV (HKLM-x32.…\1207659021_is1) (Version: 2.1.0.21 - GOG.com)
Wing Commander Privateer (HKLM-x32.…\1207658938_is1) (Version: 2.1.0.13 - GOG.com)
Wing Commander Secret Ops (HKLM-x32.…\1207662673_is1) (Version: 2.1.0.14 - GOG.com)

:slight_smile:

Posted logs seems clean and shows no active malware on board. Your PC is clean.

5

Sorry for the long delay.

Thanks for the info, alright, I will talk to them.

Good to know that my computer is clean.

Thanks!