Had my WoW-BC installer pop up with a positive for a trojan yesterday when the screensaver popped up - had been off my computer for days so don’t know when the scanner started picking it up. I saw the positive, and forced an update of the virus database. Unfortunately it still came up positive. Waited for the update this morning, and was still a false positive…
Here’s the Virustotal:
File WoW-BurningCrusade-enUS-Installer received on 09.28.2008 17:51:09 (CET)
Current status: finished
Result: 3/36 (8.33%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.28 -
Authentium 5.1.0.4 2008.09.28 -
Avast 4.8.1195.0 2008.09.27 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.28 -
BitDefender 7.2 2008.09.28 -
CAT-QuickHeal 9.50 2008.09.26 -
ClamAV 0.93.1 2008.09.28 -
DrWeb 4.44.0.09170 2008.09.28 -
eSafe 7.0.17.0 2008.09.28 Trojan-GameThief.Win
eTrust-Vet 31.6.6110 2008.09.26 -
Ewido 4.0 2008.09.28 -
F-Prot 4.4.4.56 2008.09.25 -
F-Secure 8.0.14332.0 2008.09.28 -
Fortinet 3.113.0.0 2008.09.28 -
GData 19 2008.09.28 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.09.28 -
K7AntiVirus 7.10.473 2008.09.25 -
Kaspersky 7.0.0.125 2008.09.28 -
McAfee 5392 2008.09.25 -
Microsoft 1.3903 2008.09.28 -
NOD32 3478 2008.09.28 -
Norman 5.80.02 2008.09.26 -
Panda 9.0.0.4 2008.09.28 -
PCTools 4.4.2.0 2008.09.26 -
Prevx1 V2 2008.09.28 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.28 -
Sophos 4.34.0 2008.09.28 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.28 -
TheHacker 6.3.0.9.095 2008.09.27 -
TrendMicro 8.700.0.1004 2008.09.26 -
VBA32 3.12.8.6 2008.09.26 -
ViRobot 2008.9.26.1393 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.28 -
Additional information
File size: 1038603 bytes
MD5…: ac578ed96e8ab27525dfc076c6aab4e2
SHA1…: a735c79ec2882abfcb9356ae9f2ce8b0aef2d056
SHA256: e6d08193c4e5ee51950002c7cdf014689e2fe5e548bd677fba866a7dfde0d6eb
SHA512: 624608bc985f8d080c3b0f53375f137a5f4ac95d206efef517f474bd4c2707f3
9e3210468c7ac592a8ff63f11addf2765b488e2ddcea3e7a5fa4a0fb8c332ad8
PEiD…: -
TrID…: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4629dd
timedatestamp…: 0x45b6b002 (Wed Jan 24 01:01:54 2007)
machinetype…: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x72302 0x73000 6.53 195b74be3b1fa0747effff15c6189d46
.rdata 0x74000 0x23a0a 0x24000 6.04 3a921e80edcb5363dce7bfbeffb5bb0c
.data 0x98000 0x7e44 0x5000 5.63 ef25124c468482a2de2d396bf4d8689a
.rsrc 0xa0000 0x1e540 0x1f000 7.49 410d363aae41910b87efaec50822a693
( 14 imports )
iphlpapi.dll: GetAdaptersInfo, GetTcpTable
WININET.dll: HttpSendRequestA, HttpQueryInfoA, InternetReadFile, HttpOpenRequestA, InternetReadFileExA, InternetSetStatusCallback, InternetConnectA, InternetOpenA, InternetCloseHandle, InternetSetOptionA, InternetCrackUrlA
VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
COMCTL32.dll: -
RPCRT4.dll: UuidCreate
WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
KERNEL32.dll: EnumSystemLocalesA, GetModuleFileNameA, CreateThread, GetUserDefaultLangID, WideCharToMultiByte, MultiByteToWideChar, GetProcAddress, LoadLibraryA, SetFileAttributesA, GetDiskFreeSpaceExA, GetVersionExA, GetComputerNameA, GetLastError, CreateEventA, CloseHandle, WriteFile, SetEvent, DeleteFileA, OpenMutexA, CopyFileA, GetCurrentDirectoryA, WaitForSingleObject, CreateFileA, CreateMutexA, GetFileSize, GlobalFree, GlobalAlloc, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetUserDefaultLCID, GetStringTypeW, GetStringTypeA, VirtualProtect, SetFilePointer, VirtualQuery, IsValidLocale, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, HeapCreate, HeapDestroy, HeapSize, GetOEMCP, GetACP, SetUnhandledExceptionFilter, GetCPInfo, LCMapStringW, LCMapStringA, GetCurrentThreadId, ExitThread, HeapReAlloc, HeapAlloc, GetFullPathNameA, GetCommandLineA, GetStartupInfoA, GetCurrentProcess, TerminateProcess, ExitProcess, HeapFree, RaiseException, RtlUnwind, InterlockedExchange, InterlockedIncrement, InterlockedDecrement, GetSystemInfo, VirtualFree, VirtualAlloc, GetDiskFreeSpaceA, IsValidCodePage, QueryPerformanceCounter, GetCurrentProcessId, IsBadReadPtr, SetLastError, SetEndOfFile, IsBadCodePtr, SetStdHandle, GetLocaleInfoW, GetDriveTypeA, FlushFileBuffers, ReadFile, SetCurrentDirectoryA, GetFileAttributesA, CreateDirectoryA, GetLocaleInfoA, GetFileTime, GetSystemTimeAsFileTime, FileTimeToLocalFileTime, GetTickCount, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Sleep, FileTimeToSystemTime, CreateProcessA, WaitForSingleObjectEx, GetModuleHandleA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection
USER32.dll: DialogBoxParamA, GetClientRect, WaitForInputIdle, SetTimer, KillTimer, wsprintfA, GetWindowTextA, SendMessageA, MoveWindow, ScreenToClient, GetWindowRect, GetDlgItem, EnumWindows, FindWindowA, PostMessageA, InvalidateRect, ShowWindow, LoadIconA, SetWindowTextA, SetDlgItemTextA, MessageBoxA, EndDialog, CheckDlgButton, IsDlgButtonChecked, ReleaseDC, FillRect, GetDC, SetWindowLongA, SystemParametersInfoA, SetWindowPos, CopyImage, DrawTextA, EnumChildWindows, GetWindowTextLengthA, GetParent, SetPropA, GetWindowLongA, GetCapture, SetCapture, ClientToScreen, PtInRect, ReleaseCapture, LoadCursorA, SetCursor, GetPropA, CallWindowProcA, RemovePropA, GetDesktopWindow, EnableWindow, GetMenu, ModifyMenuA, LoadImageA, IsWindowVisible, CreateDialogParamA, BringWindowToTop, SetForegroundWindow
GDI32.dll: SetBkMode, GetObjectA, SetTextColor, GetStockObject, StretchBlt, SetBkColor, CreateFontIndirectA, CreateCompatibleDC, CreateBitmap, SelectObject, CreateSolidBrush, SetPixel, DeleteObject
comdlg32.dll: GetSaveFileNameA
ADVAPI32.dll: RegEnumKeyExA, RegCloseKey, RegQueryValueExA, GetUserNameA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA
SHELL32.dll: SHBrowseForFolderA, ShellExecuteA, Shell_NotifyIconA, SHGetPathFromIDListA, SHGetMalloc
ole32.dll: OleSetContainedObject, CreateStreamOnHGlobal, CoUninitialize, OleInitialize, CoInitialize, OleCreate
OLEAUT32.dll: -, -, -, -
( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=ac578ed96e8ab27525dfc076c6aab4e2
The Installer is clean - and has been since it was downloaded back in Feb 2008 when I reinstalled Wow on my machine. The file hasn’t been modified since I downloaded it.