Sudden Attack Sea ( Virus or False Positive)?

[derick123]

hi its me again.. i am using avast 5.0.594 and latest virus definitions. Currently avast is detecting this popular online game as Win32:Sality... so, i have upload the file to virustotal and the result is:

a-squared    5.0.0.31    2010.07.16    -
AhnLab-V3    2010.07.17.00    2010.07.16    -
AntiVir    8.2.4.12    2010.07.16    -
Antiy-AVL    2.0.3.7    2010.07.15    -
Authentium    5.2.0.5    2010.07.16    -
Avast    4.8.1351.0    2010.07.16    Win32:Sality
Avast5    5.0.332.0    2010.07.16    Win32:Sality
AVG    9.0.0.836    2010.07.16    -
BitDefender    7.2    2010.07.17    -
CAT-QuickHeal    11.00    2010.07.16    -
ClamAV    0.96.0.3-git    2010.07.16    -
Comodo    5451    2010.07.16    Heur.Pck.Themida
DrWeb    5.0.2.03300    2010.07.17    -
eSafe    7.0.17.0    2010.07.15    -
eTrust-Vet    36.1.7715    2010.07.16    -
F-Prot    4.6.1.107    2010.07.16    -
F-Secure    9.0.15370.0    2010.07.16    -
Fortinet    4.1.143.0    2010.07.16    -
GData    21    2010.07.17    Win32:Sality
Ikarus    T3.1.1.84.0    2010.07.16    -
Jiangmin    13.0.900    2010.07.16    -
Kaspersky    7.0.0.125    2010.07.17    -
McAfee    5.400.0.1158    2010.07.17    Artemis!FD56DB070488
McAfee-GW-Edition    2010.1    2010.07.16    Artemis!FD56DB070488
Microsoft    1.6004    2010.07.16    -
NOD32    5285    2010.07.16    -
Norman    6.05.11    2010.07.16    -
nProtect    2010-07-16.01    2010.07.16    -
Panda    10.0.2.7    2010.07.16    Suspicious file
PCTools    7.0.3.5    2010.07.17    -
Prevx    3.0    2010.07.17    -
Rising    22.56.04.04    2010.07.16    -
Sophos    4.55.0    2010.07.17    Sus/Sality-A
Sunbelt    6595    2010.07.17    -
SUPERAntiSpyware    4.40.0.1006    2010.07.17    -
Symantec    20101.1.1.7    2010.07.16    -
TheHacker    6.5.2.1.318    2010.07.16    -
TrendMicro    9.120.0.1004    2010.07.16    -
TrendMicro-HouseCall    9.120.0.1004    2010.07.17    -
VBA32    3.12.12.6    2010.07.16    -
ViRobot    2010.7.12.3932    2010.07.16    -
VirusBuster    5.0.27.0    2010.07.16    Packed/Themida
Additional information
File size: 1884160 bytes
MD5   : fd56db070488273b75f1c9875bd94759
SHA1  : f4b6a3d093e82f0f0dfa501ede8d66521e56d227
SHA256: 7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x133014
timedatestamp.....: 0x4979695F (Fri Jan 23 07:53:19 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xCE000 0x22000 7.97 ebd8a6eefd128ac8f90e4232d186df65
.rsrc 0xCF000 0x625B0 0x41000 7.95 05acff6eac0028146020ab02684aaff0
.idata 0x132000 0x1000 0x1000 0.24 f5ac2ce60737c87682ba156e406b7f27
SA_L 0x133000 0x2DF000 0x167000 7.80 d737468b24fc79f7fe8a60325460734f

( 2 imports )

> comctl32.dll: InitCommonControls
> kernel32.dll: CreateFileA, ExitProcess

( 1 exports )

> _interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
TrID  : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:APDZ/qbc+KiWtDkfUM6BN2O0qaIlayj1s:APDZ/qbdKK/6eO0qaryj
sigcheck: publisher....:
copyright....: Copyright (C) 2008
product......: SuddenAttack
description..: SuddenAttack
original name: SuddenAttack
internal name: SuddenAttack
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
packers (F-Prot): Themida
RDS   : NSRL Reference Data Set

[SafeSurf]

You should be making this post under the Virus and Worms section of the forum.

If the virus is in your Virus Chest:
Send the sample/s directly to Avast as a Undetected Malware:

Open the Virus Chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest.  Once in the Chest, right click on the file and select 'Submit to virus lab...' complete the form and submit the file will be uploaded during the next update.

Otherwise, please open a thread in the Virus and Worms section so we can assist you with disinfection, making sure you give us your machine's OS, security software information, version of Avast and product, and FW.  Thank you.