Avast WEBforum

Other => Viruses and worms => Topic started by: fatherast on January 13, 2022, 02:29:15 PM

Title: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 02:29:15 PM
Hello, there is a very known video game called Freestyle GunZ, here is their website: http://fgunz.net and here is a download link of the game provided by the official website: https://fgunz.net/Freestyle%20GunZ%20V8%20Installer.exe

Upon installing the game, my Avast blocks the game and notifies it has Win32:Malware-gen in it. It is a known false and even Windows confirmed it to be false in Windows Defender.

Would very much appreciate if an Avast dev can look into it and confirm :)
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Asyn on January 13, 2022, 02:30:33 PM
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 02:52:41 PM
Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Hi, the maximum file size there is 50mb whereas the file is 400mb and it doesn't let me proceed without uploading a file.
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Asyn on January 13, 2022, 03:18:51 PM
Report the link and mention it in the description.
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Asyn on January 13, 2022, 03:20:19 PM
FYI: https://sitecheck.sucuri.net/results/fgunz.net
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 03:21:34 PM
Report the link and mention it in the description.

Thank you. Do you know how long does it usually take?
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Asyn on January 13, 2022, 03:23:40 PM
You're welcome. You should get a reply within 48 hours.
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Pondus on January 13, 2022, 03:36:14 PM
avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1


Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 04:10:13 PM
avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1

Hi, so I too have run it through virustotal, but Avast kept timing out. Regardless, I suppose it would flag it since my Avast does. My goal at this point is for someone to tell me whether it is a false alert or true.
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Pondus on January 13, 2022, 04:26:29 PM
avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1

Hi, so I too have run it through virustotal, but Avast kept timing out. Regardless, I suppose it would flag it since my Avast does. My goal at this point is for someone to tell me whether it is a false alert or true.
No, VT already have the file, you just click the refresh button at top right ... as i have just done

Seems it timed out again


Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: polonus on January 13, 2022, 06:29:24 PM
Pondus' interpretations of VT results have been found to be very accurate (i.m.h.o.).

As you can see the file has not been signed. That makes it at least more FP-prone.

Then it comes in the following categories,
that makes it could be much easier to be(come) malware-infested.

Buckets:
PastesPRO
Darknet: TorPRO
Darknet: I2PPRO
WhoisPRO
UsenetPRO
Private LeaksSECRET
Leaks COMBSECRET  (info credits go to X Intelligence X special search engine)

But is no longer detected here: https://www.virustotal.com/gui/url/32303b34286480e53f6721ac782728999f90861534f75df93703a2ff5aee096e?nocache=1 (I am asking Pondus why some detections are not constantly being distributed to VT?)

polonus
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 06:38:32 PM
Pondus' interpretations of VT results have been found to be very accurate (i.m.h.o.).

As you can see the file has not been signed. That makes it at least more FP-prone.

Then it comes in the following categories,
that makes it could be much easier to be(come) malware-infested.

Buckets:
PastesPRO
Darknet: TorPRO
Darknet: I2PPRO
WhoisPRO
UsenetPRO
Private LeaksSECRET
Leaks COMBSECRET  (info credits go to X Intelligence X special search engine)

But is no longer detected here: https://www.virustotal.com/gui/url/32303b34286480e53f6721ac782728999f90861534f75df93703a2ff5aee096e?nocache=1 (I am asking Pondus why some detections are not constantly being distributed to VT?)

polonus
Hi polonus, thank you for following up with this. Please let us know once it can be established whether the game is infected or not :)
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: polonus on January 13, 2022, 06:46:59 PM
Howdy fatherast,

Well, we will keep an eye out for eventual final verdicts and scan results.
There are more ways than one to kill the proverbial animal you know.  ;D

Also waiting for some specific feed-back from my forum friend, Pondus.
He sees more where VT is concerned than the average person will.

I am more into website security analysis and error-hunting, my specific thingy (libraries, JS, CMS etc.).
So whenever new data will arrive, you will read it here pronto.

So keep safe both offline as well as online, is the wish of,

polonus
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: fatherast on January 13, 2022, 07:00:58 PM
Howdy fatherast,

Well, we will keep an eye out for eventual final verdicts and scan results.
There are more ways than one to kill the proverbial animal you know.  ;D

Also waiting for some specific feed-back from my forum friend, Pondus.
He sees more where VT is concerned than the average person will.

I am more into website security analysis and error-hunting, my specific thingy (libraries, JS, CMS etc.).
So whenever new data will arrive, you will read it here pronto.

So keep safe both offline as well as online, is the wish of,

polonus
Thank you kindly! Much obliged :) I will be following this thread
Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Pondus on January 13, 2022, 07:38:05 PM
It seems that avast/AVG engine used at VT will not scan this file (times out) maybe it has something to do with the file size? 605mb

Title: Re: Win32:Malware-gen falsely detected in a video game?
Post by: Pondus on January 13, 2022, 07:41:54 PM
Pondus' interpretations of VT results have been found to be very accurate (i.m.h.o.).

As you can see the file has not been signed. That makes it at least more FP-prone.

Then it comes in the following categories,
that makes it could be much easier to be(come) malware-infested.

Buckets:
PastesPRO
Darknet: TorPRO
Darknet: I2PPRO
WhoisPRO
UsenetPRO
Private LeaksSECRET
Leaks COMBSECRET  (info credits go to X Intelligence X special search engine)

But is no longer detected here: https://www.virustotal.com/gui/url/32303b34286480e53f6721ac782728999f90861534f75df93703a2ff5aee096e?nocache=1 (I am asking Pondus why some detections are not constantly being distributed to VT?)

polonus
This is a scan of the URL (download link) and not the file.

My VT scan show the file scan, i downloaded the file and uploaded it to VT