Avast WEBforum

Other => Viruses and worms => Topic started by: derick123 on August 01, 2010, 06:48:15 AM

Title: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on August 01, 2010, 06:48:15 AM
sry for posting in the wrong place just now.... so should i just submit the the file as false positive?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on August 01, 2010, 06:50:40 AM
result in virus total :

a-squared    5.0.0.31    2010.07.16    -
AhnLab-V3    2010.07.17.00    2010.07.16    -
AntiVir    8.2.4.12    2010.07.16    -
Antiy-AVL    2.0.3.7    2010.07.15    -
Authentium    5.2.0.5    2010.07.16    -
Avast    4.8.1351.0    2010.07.16    Win32:Sality
Avast5    5.0.332.0    2010.07.16    Win32:Sality
AVG    9.0.0.836    2010.07.16    -
BitDefender    7.2    2010.07.17    -
CAT-QuickHeal    11.00    2010.07.16    -
ClamAV    0.96.0.3-git    2010.07.16    -
Comodo    5451    2010.07.16    Heur.Pck.Themida
DrWeb    5.0.2.03300    2010.07.17    -
eSafe    7.0.17.0    2010.07.15    -
eTrust-Vet    36.1.7715    2010.07.16    -
F-Prot    4.6.1.107    2010.07.16    -
F-Secure    9.0.15370.0    2010.07.16    -
Fortinet    4.1.143.0    2010.07.16    -
GData    21    2010.07.17    Win32:Sality
Ikarus    T3.1.1.84.0    2010.07.16    -
Jiangmin    13.0.900    2010.07.16    -
Kaspersky    7.0.0.125    2010.07.17    -
McAfee    5.400.0.1158    2010.07.17    Artemis!FD56DB070488
McAfee-GW-Edition    2010.1    2010.07.16    Artemis!FD56DB070488
Microsoft    1.6004    2010.07.16    -
NOD32    5285    2010.07.16    -
Norman    6.05.11    2010.07.16    -
nProtect    2010-07-16.01    2010.07.16    -
Panda    10.0.2.7    2010.07.16    Suspicious file
PCTools    7.0.3.5    2010.07.17    -
Prevx    3.0    2010.07.17    -
Rising    22.56.04.04    2010.07.16    -
Sophos    4.55.0    2010.07.17    Sus/Sality-A
Sunbelt    6595    2010.07.17    -
SUPERAntiSpyware    4.40.0.1006    2010.07.17    -
Symantec    20101.1.1.7    2010.07.16    -
TheHacker    6.5.2.1.318    2010.07.16    -
TrendMicro    9.120.0.1004    2010.07.16    -
TrendMicro-HouseCall    9.120.0.1004    2010.07.17    -
VBA32    3.12.12.6    2010.07.16    -
ViRobot    2010.7.12.3932    2010.07.16    -
VirusBuster    5.0.27.0    2010.07.16    Packed/Themida
Additional information
File size: 1884160 bytes
MD5   : fd56db070488273b75f1c9875bd94759
SHA1  : f4b6a3d093e82f0f0dfa501ede8d66521e56d227
SHA256: 7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x133014
timedatestamp.....: 0x4979695F (Fri Jan 23 07:53:19 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xCE000 0x22000 7.97 ebd8a6eefd128ac8f90e4232d186df65
.rsrc 0xCF000 0x625B0 0x41000 7.95 05acff6eac0028146020ab02684aaff0
.idata 0x132000 0x1000 0x1000 0.24 f5ac2ce60737c87682ba156e406b7f27
SA_L 0x133000 0x2DF000 0x167000 7.80 d737468b24fc79f7fe8a60325460734f

( 2 imports )

> comctl32.dll: InitCommonControls
> kernel32.dll: CreateFileA, ExitProcess

( 1 exports )

> _interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
TrID  : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:APDZ/qbc+KiWtDkfUM6BN2O0qaIlayj1s:APDZ/qbdKK/6eO0qaryj
sigcheck: publisher....:
copyright....: Copyright (C) 2008
product......: SuddenAttack
description..: SuddenAttack
original name: SuddenAttack
internal name: SuddenAttack
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
packers (F-Prot): Themida
RDS   : NSRL Reference Data Set
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on August 01, 2010, 07:31:45 AM
Did you run an Avast scan on your machine?

Edit:  OP's prior post in wrong section of forum: http://forum.avast.com/index.php?topic=62418.0 (http://forum.avast.com/index.php?topic=62418.0).
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on August 01, 2010, 11:34:59 AM
so should i just submit the the file as false positive?

Doesn't look like a FP...
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Jtaylor83 on August 01, 2010, 03:34:42 PM
Looks like a real Sality infection.

You will need to format and re-install your OS. Backup all your personal files (non-PE) before you start from scratch.

Virut and other file infectors - Throwing in the Towel? (http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html)

When should I re-format? How should I reinstall? (http://www.dslreports.com/faq/10063)

You can also use Sality Killer (http://support.kaspersky.com/faq/?qid=208279889) or Dr. Web CureIt (http://www.freedrweb.com/cureit/?lng=en).

Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on August 01, 2010, 04:13:41 PM
but then... this program is a popular online game worldwide... and i played this game for around 3 years without any problem or detection from nod32 before i switch to avast. ???
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 25, 2010, 03:43:42 PM
I also have the Sudden Attack SEA multiplayer game installed on my computer and when I did a full scan with avast recently, it detected the launcher.exe in the SuddenAttackSEA folder as a Win32:Sality.

I am also thinking if it may be a false positive as I downloaded this game from the official site and I know it is a game that many many people in Malaysia and Singapore play. And as far as I can tell, there appears to be no symptoms of a Win32:Sality infection - my firewall, anti-virus, etc are running fine..

However, I found something that seems interesting to note. When I went to the settings for the File System Shield, SuddenAttackSEA was under the exclusions and I don't remember ever putting it there myself.

Is there anything that can be done to confirm whether this file is really infected or just a false positive?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Pondus on October 25, 2010, 04:45:48 PM
Quote
Is there anything that can be done to confirm whether this file is really infected or just a false positive?
Upload to www.virustotal.com and test the file with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 25, 2010, 04:52:30 PM
virustotal seems to be down at the moment? I get redirected to a page saying "Sorry! We could not find www.virustotal.com

It may be unavailable or may not exist."
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Pondus on October 25, 2010, 04:57:52 PM
It is working fine here....  ???

you can also try http://www.virscan.org/   or   http://virusscan.jotti.org/en
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on October 25, 2010, 05:00:46 PM
It is working fine here....  ???

+1
No problems with VT here...
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Pondus on October 25, 2010, 05:02:37 PM
if you get redirected....maybe you should check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on October 25, 2010, 05:10:57 PM
It is working fine in my comp now... avast no longer detect it as a threat.. Is your virus definition up to date?

Derick
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 25, 2010, 05:55:28 PM
Oh wow, already sidetracked by another problem...
I get redirected from virustotal. I better scan my comp with malwarebytes.
Could there be other reasons apart from malware that I get redirected and can't access virustotal?

EDIT: Ah I did a bit of searching and the reason why I can't access virustotal seems to have something to do with my ISP's DNS.
      Now back to the main problem - I will try and update my avast virus definitions and scan again to see if the file still comes up as infected.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 25, 2010, 07:18:02 PM
I updated my virus definitions and rescanned and the file was still picked up as a win32:sality.
I also uploaded the file to virustotal and here is the result...similar to derick123's

http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519

So what should I do from here?

I also have a few questions:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be fairly trusted - the official game website)

2)As I mentioned in an earlier post - is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on October 26, 2010, 07:30:27 AM
Before this, avast also picked up launcher.exe as virus in my comp.... but after i reformatted my comp,avast no longer pick it up as virus... what about trying to uninstall your sudden attack and reinstall it? does that solve your problem? my virus total result: http://www.virustotal.com/file-scan/report.html?id=887a0a94f9df16a50f82ccfc9bedda4b2a0b97cdfc3b5768f26161fc8b33bfc1-1288019238
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on October 26, 2010, 07:40:56 AM
@ derick123,

If Mopppp is being redirected on the Internet, this is a clear sign of malware.  Therefore uninstalling/installing  a game will not resolve the problem.  This OP has much deeper issues that need to be dealt with.  Thank you for trying. ;)
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on October 26, 2010, 07:53:50 AM
@ Mopppp,

You clearly have signs of malware on your machine. 

1.  Can you please update and run a FULL MBAM scan, then cut and paste the log to this thread.  Quarantine any threats/infections that come up (do not delete or ignore the infections).

2.  Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0). 

Follow the directions for obtaining the OTL logs.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). 

After you post the MBAM and OTL logs, I will then refer you to our Certified Malware expert, Essexboy, for malware removal.  After completing your OTL logs, do not make any changes to your machine.

Essexboy will analyze your logs and give you further instructions here in this thread, therefore check the thread at least daily; he is on UK time zone.  In the meantime, I will be available to assist you should you have any questions.  Do you have any questions?



Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 26, 2010, 09:33:41 AM
Ah I already said this in an earlier post - I found out the reason I am getting redirected is because of a problem with my Internet Service Provider's (ISP's) Domain Name System (DNS) service. The redirecting has nothing to do with malware. I ran a full scan of malwarebytes and came up completely clean.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on October 26, 2010, 09:49:30 AM
I updated my virus definitions and rescanned and the file was still picked up as a win32:sality.
I also uploaded the file to virustotal and here is the result...similar to derick123's
http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519
You reported win32:sality, which is a nasty malware.  How do you know that the reason you are getting redirected is because of a problem with your Internet Service Provider's (ISP's) Domain Name System (DNS) service?  How have you fixed this problem?

I am willing to offer you assistance if you want it.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: doggie015 on October 26, 2010, 10:14:12 AM
virustotal seems to be down at the moment? I get redirected to a page saying "Sorry! We could not find www.virustotal.com

It may be unavailable or may not exist."
That happens to me whenever I try to access it through Bigpond's DNS servers. It works fine on OpenDNS tho
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 26, 2010, 10:21:21 AM
@SafeSurf

I did a bit of searching around on the internet and found many people using my ISP have complained about the DNS service. So I manually changed my internet to use the Google Public DNS and I was able to access virustotal (hence being able to post the results in the link I provided). And so because of this I am sure that the problem of being redirected does not involve malware.

Also let me restate...

I ran a full avast scan and the launcher.exe file was the only file detected and so I quarantined it in virus chest.
I ran a full MBAM scan and NO files were detected as malware.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 27, 2010, 04:34:43 AM
So what should I do from here?

I also would appreciate it if someone could answer these questions that I have:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on October 27, 2010, 07:45:28 AM
1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

1. Yes, that's possible.
2. Yes, it's strange..!
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on October 27, 2010, 07:54:35 AM
I ran a full avast scan and the launcher.exe file was the only file detected and so I quarantined it in virus chest.
I ran a full MBAM scan and NO files were detected as malware.
If you ran the Avast scan first, then MBAM may have had nothing to pick up as a threat.  We do recommend that any threats/infections in the Virus Chest (VC) remain there for 1.5 - 2 weeks.  You can, however right click on the item(s) in the VC to rescan it, especially since Avast just put out a large update.  If the rescans still comes out as infected, then it is malware and leave it in the VC.  Should it come out clean, you can restore it.

I also would appreciate it if someone could answer these questions that I have:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?
1.  Not unless it is a FP, in which case follow the directions I posted above in THIS post for rescanning items in the VC after Avast does periodic updates.

2. Yes, very unusual.  Does anyone else use your machine?  Did you check for a keylogger or other type of malware that allow remote access to your machine? 
Other suggestions I have for you are:

Keep your definitions up to date for both Avast and MBAM.  Keep all your shields on with Avast, do Quick scans with MBAM, and add things to your browsers for safer browsing.

You may also want to check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ (http://secunia.com/vulnerability_scanning/personal/) since software is changing all the time.  This site gives you the vendor's direct download link making it easy to upgrade your software.  Many of us here scan our machines weekly.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on October 27, 2010, 09:26:28 AM
Yes, very unusual.  Does anyone else use your machine?  Did you check for a keylogger or other type of malware that allow remote access to your machine? 
No one else uses my computer. I did check for keyloggers and other malware by scanning with an updated MBAM (coming up clean with no files detected).

Is it unusual because only way to put something onto the exclusion list is manually?



In the meantime, I will keep the file in the virus chest and scan it regularly. I will post up my situation after some time has passed.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on October 27, 2010, 09:41:05 AM
Is it unusual because only way to put something onto the exclusion list is manually?
Yes.
Keep us posted.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 01, 2010, 02:25:06 PM
Well it has been about a week since the file was first detected.

I have been regularly scanning the quarantined file with avast and it is still being detected as a win32:Sality.

I also uploaded it again to virustotal today.

And the result is the same as last week's.

Today's result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288617733

Last week's result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519

So does this mean this is not a false positive?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 02, 2010, 01:35:36 AM
Your VT link for today's results didn't come through, but you said that were the same as last week's, so I believe you.

If you rescanned the items in the VC, I would err on the side that it is malware since Avast did a large update recently.  However I would also suggest that you keep it in the VC longer and rescan in another week, but I wouldn't hold my breath that the results would change.

Let me ask you something:  Is your machine acting normally now or not?  If not, please describe any problems.

Also, have you performed additional MBAM scans (update MBAM first)?  Thank you.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 02, 2010, 01:45:50 AM
My machine is acting normal as far as I can tell. Nothing unusual at all. The symptoms for a win32:Sality infection includes the disabling of security-related processes, but my firewall (comodo), antivirus (avast), and background spyware scanner (spybot) all appear to be running normally.

As for MBAM, I have done 3 scans with it since the file was detected and all scans have come up clean.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 02, 2010, 01:51:27 AM
Are the files in the VC necessary files to run your machine or not?  You should leave them in the VC longer to rescan, but as I said, I really do not think the results of the scan will change.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 02, 2010, 02:03:47 AM
The file in the VC right now is launcher.exe - just the launcher for an online game.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 02, 2010, 02:23:19 AM
Leave it in the VC for a few more weeks and rescan weekly.  If you still get the same results, it is definitely malware.  As of now, this does not look like a FP.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 02, 2010, 04:02:26 AM
OK. Thanks for your help so far.

May I ask when another big update for avast will come along?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: DavidR on November 02, 2010, 05:01:18 AM
Avast 5.1 is being worked and relatively close, monitor the forums for notification of the beta release and the regular release shouldn't be too long after that.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 02, 2010, 10:52:36 AM
@ Mopppp,

Keep me posted and let me know if you have any questions.  Thank you.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 02, 2010, 12:28:05 PM
If this launcher.exe is really infected. How do I remove it?

Since it is the only infected file I pick up on Avast scans, can I simply delete it using the virus chest option?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 03, 2010, 09:21:38 AM
If this launcher.exe is really infected. How do I remove it?

Since it is the only infected file I pick up on Avast scans, can I simply delete it using the virus chest option?
Yes, you can remove it that way, however since Avast does updates, there is a slim possibility that is could be a FP, and therefore that is why I suggested keeping in the VC longer while Avast does updates and you rescan it weekly.  It can't hurt to keep it there longer; it is safe in the VC and cannot harm your machine while in there. 
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Mopppp on November 03, 2010, 10:04:37 AM
Well, I no longer play Sudden Attack SEA anymore, and was thinking about uninstalling it before I picked it up as an infected file.

So I think I will go on ahead and uninstall the game along with deleting launcher.exe from the VC

Thanks for all the help.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 03, 2010, 10:18:33 AM
You are quite welcome.  Make sure after cleaning your machine, you reboot.  Then clean your machine again with CCleaner and TCF...reboot again.  If in doubt, run scanners (Avast and MBAM) to be sure nothing is hidden after deleting.

I'm glad I could assist you.  Feel free to come back any time you need help, to learn something new, or just to ask questions.  Thank you.  :)
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 20, 2010, 09:52:54 AM
Hello every1 here, i also have this problem recently.I can play this game till 1 day my mom deleted Avast and installed MacAfee.After 1 day of using McAfee i was upset and changed back to Avast.Here the problem starts,after i installed Avast it detected the launcher.exe a virus.I did not encounter this problem for like a year using Avast till now.Pls help me solve this as quick as posible as i really want to play the game!!

Thank You.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 20, 2010, 10:08:08 AM
Hi derekdiong1 and welcome to the forum.

Prior to you installing Avast, did you uninstall McAfee with the McAfee uninstall tool?  Using more than 2 AV's can cause all kinds of problems including false positives.

- This article provides the steps to remove McAfee from the Security Center from your computer:
http://ts.mcafeehelp.com/faq3.asp?docid=71525 (http://ts.mcafeehelp.com/faq3.asp?docid=71525)

- Also for direct download: http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe (http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe) and http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe) (2007)

- http://uninstallers.blogspot.com/ (http://uninstallers.blogspot.com/)

I would try the uninstaller for McAfee again to make sure ALL remnants are gone, then reboot.

If Avast is not working properly after this because McAfee may have corrupted things, try an Avast Repair:
- Go to Control Panel > Add/Remove programs > Avast Antivirus.
- Scroll down and choose Repair function in the pop-up window.
- Reboot.

If this fails, you will need to uninstall Avast and do a clean install of Avast:

1. Save a copy of newest version of Avast (5.0.677) for the version you need and save it to your HDD:
Free – http://files.avast.com/iavs5x/setup_av_free_eng.exe (http://files.avast.com/iavs5x/setup_av_free_eng.exe) - (English only)
Free – http://files.avast.com/iavs5x/setup_av_free.exe (http://files.avast.com/iavs5x/setup_av_free.exe) - (multi-language version)
Pro –  http://www.avast.com/pro-antivirus#tab4 (http://www.avast.com/pro-antivirus#tab4)
AIS –  http://files.avast.com/iavs5x/setup_ais.exe (http://files.avast.com/iavs5x/setup_ais.exe)
2. Download the Avast Uninstall Utility, aswClear5.exe http://www.avast.com/uninstall-utility (http://www.avast.com/uninstall-utility) and save it to your HDD (it has uninstall tools for both 4.0 and 5.0 if you used a prior version on this machine).
3. Disconnect from the Internet at this time.
4. Go to Control Panel and uninstall Avast through Add/Remove Programs if possible and reboot.
5. If Step 4 fails, boot into Safe Mode (http://Safe Mode) (hit F8 repeatedly) and run the Avast Uninstall Tool.  Uninstall all versions of Avast you had on this machine at this time.
6. Reboot.
7. Install the newest version of Avast and reboot.
8. Get Internet access and register your copy or add the license key for Free, Pro, or AIS.
    Free – http://www.avast.com/registration-free-antivirus.php (http://www.avast.com/registration-free-antivirus.php)
9. Update the Avast definitions.

Next, run an Avast Full scan.  If any infections come up, put it in the Virus Chest.  If you have a 32-bit machine, run a Avast Boot-time scan.  Report back on the results.

Also check your computer for malware with Malwarebytes’ Anti-Malware (MBAM).
·   Download free http://www.malwarebytes.org/ (http://www.malwarebytes.org/) (the blue button) for an on-demand scanner.
·   Double Click mbam-setup.exe to install the application.
·   After install, click update so you have latest database before scanning.
·   Under Settings:
o   General: Automatically Save File After Scan Completes is checked off
o   Scanner SettingsCheck all boxes
o   Updater: Download and install update if available is checked off
·   Once the program has loaded, select "Perform FULL Scan", then click Scan.
·   The scan may take some time to finish, so please be patient.
·   When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·   Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·   The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·   Copy & Paste the entire report in your next reply.

Please let me know if you have any questions.  Thank you.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 21, 2010, 02:59:44 AM
WOW thats a very long list....I'll try to complete all those and try again,if the launcher.exe is still detected i don't know what to do next.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 21, 2010, 04:31:48 AM
Ok,i have cleaned MacAfee frm my com now and repaired Avast.Still same results detected...I'm running a 32-bit com. any more solutions? but i have not delete the Avast.Should i delete Avast??
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derick123 on November 21, 2010, 06:12:51 AM
Avast doesn't detect the launcher in my comp as virus anymore... but i suggest you to scan your computer with MalwareBytes as suggested as SafeSurf .
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 21, 2010, 10:30:52 AM
@ derekdiong1,

Did you reboot after uninstalling McAfee?

As derick123 said (people I've helped tend to remember ;)), yes, run MBAM Full scan and post your results...I need to make sure your machine is clean.  Post your results (cut and paste).

If you come out clean with MBAM, then follow my previous post directions for doing an Avast uninstall/clean install.  Most likely Avast got corrupt with McAfee (having 2 AV's on your machine).  Reboot.

Do a test drive with Avast and run a Full and boot-time scan.

Report back your results.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 21, 2010, 12:51:01 PM
yes i did reboot after cleaning MacAfee,now downloading MBAM scared that it will detect launcher.exe as a virus!
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 22, 2010, 08:03:27 AM
Heres the MBAM log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/22/2010 1:18:23 PM
mbam-log-2010-11-22 (13-18-23).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 317587
Time elapsed: 59 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\baidubar.tool (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{d12f94fa-fc9a-41f7-b808-7fbb419dd7a6} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4c2bfec9-f03c-4f74-932e-5723e603b4ac} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7ef05eff-0e62-4040-8d81-73a10d8de60f} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d158174c-004b-4a2e-9410-5442c10c60d2} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\baidubar.tool.1 (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.1 (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.2 (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.3 (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\baidubarex.bdhomepage.4 (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\baidubarx.bandie (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\baidubarx.bandie.1 (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\baidubarx.toolband (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\baidubarx.toolband.1 (Trojan.Cinmus) -> No action taken.
HKEY_CLASSES_ROOT\barbroker.bdbroker (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\barbroker.bdbroker.1 (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5becd27b-dcf5-4def-b066-486a47245c03} (Adware.BDSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7a33ce9e-4f33-4b4e-b263-6aeeab6c3dc2} (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3a8c9d89-3271-45f4-98c0-56b0f5a16172} (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2923508c-9425-4a61-b9ce-a98239055916} (Adware.BDSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9f44453e-1e46-4d5c-b57c-112ff2edae82} (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\Software\Baidu (Adware.Bdsearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduBarX (Adware.BDSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\Baidu (Trojan.Cinmus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar (Trojan.Cinmus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\Custom Buttons (Trojan.Cinmus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\DownloadTmp (Trojan.Cinmus) -> No action taken.

Files Infected:
C:\Program Files\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) -> No action taken.
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\rzr-cod4.exe (Trojan.Agent.CK) -> No action taken.
C:\Program Files\Baidu\Toolbar\BarBroker.exe (Adware.BDSearch) -> No action taken.
C:\Program Files\QvodPlayer\QvodBand.dll (Spyware.OnlineGames) -> No action taken.
C:\Downloads\QvodSetup3_ccch.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\iexp.dat (Trojan.Cinmus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\logex.dat (Trojan.Cinmus) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Baidu\Toolbar\namedsites.dat (Trojan.Cinmus) -> No action taken.

there are some infected files should i delete them?? reply ASAP!!
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on November 22, 2010, 08:10:23 AM
there are some infected files should i delete them?? reply ASAP!!

Let Mbam quarantine the findings..!!
See the instructions SafeSurf posted in reply #41...!
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 22, 2010, 10:25:10 AM
Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
Copy & Paste the entire report in your next reply.
You need to update MBAM again, then run the Full scan again, this time see the quote above and as Asyn and I both said....let MBAM quarantine the infections.  Right now they are still sitting in your machine because you told it to "take no action."  You need to let MBAM quarantine it.  You do NOT want to delete them.

After this, I want you to do the following:

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0). 

Follow the directions for obtaining the OTL logs.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). 

Please do not make any further changes to your machine once you have provided the logs.

I will review the logs and I am going to refer you to our Certified Malware expert, named Essexboy.  He will also review your logs and give you further instructions, however he comes on the forum late UK time.  He will respond to you in this thread, so remember to check this thread daily.  I will continue to provide assistance in the meantime, then remain in the background while he works with you.

Let me know if you have any questions.  Thank you.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 22, 2010, 08:52:42 PM
Step 1. Preparation to disinfection:

Download the file Sality.zip (http://support.kaspersky.com/downloads/utils/salitykiller.zip)
Extract SalityKiller.exe
Run the file SalityKiller.exe

Step 2. Registry repair: (Allow the files to merge when requested)

Download Sality_regkeys.zip (http://support.kaspersky.com/downloads/utils/sality_regkeys.zip)
Extract the file Sality_RegKeys.zip 
Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Step 3.  Finalising :(Allow the files to merge when requested)

From the archive Sality_RegKeys.zip run the file of the registry key: 
FULL SCAN

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
 
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

ANALYSIS LOG

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT




Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 22, 2010, 10:15:06 PM
Thanks Essexboy.  ;)
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 23, 2010, 02:51:15 AM
wait,now which step sould i do?? safesurf's or essexboy's steps?? and is it really safe don't want my parents to worry!!If i screw this up my dad won't buy me a new com!!
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: DavidR on November 23, 2010, 03:13:48 AM
Go with essexboy's instructions as they are more specific to your problem if you have the Sality file infecter virus it needs special tools to try and a) kill/stop Sality running and infecting other files (steps 1-3) and b) try and repair any files infected by Sality (the full scan with the DrWeb scan.

Finally after that an analysis to see if there are any other remnants/issues and attach the logs as asked for.

Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 23, 2010, 04:01:44 AM
I wanna ask how to run in safe mode?? And everyone here is so friendly!!THX guys!!
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on November 23, 2010, 08:26:24 AM
I wanna ask how to run in safe mode?? And everyone here is so friendly!!THX guys!!

Press F8 while your system is booting.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 23, 2010, 09:55:21 AM
derekdiong1,

I was referring you to Essexboy, who is our Certified Malware Removal expert.  He come on the forum usually late UK time, so remember to check this thread daily as he will give you specific instructions for your malware removal.  I will remain in the background while he works with you.  Thank you.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 24, 2010, 04:11:03 AM
When u mean booting its in the windows loading screen??
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 24, 2010, 06:06:27 AM
There was nothing detected on Dr.Cure.

The OTL log is to big can't type here.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on November 24, 2010, 07:46:11 AM
The OTL log is to big can't type here.

Attach the log...!
If you write a new post: -> Additional Options -> Attach
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 24, 2010, 10:30:40 AM
There will be 2 OTL logs to post (create a new post) -- both logs are located on your desktop.  To attach them to the post: attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 24, 2010, 11:00:09 AM
My OTL log.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 24, 2010, 11:01:10 AM
My extra log.

And the launcher.exe is still being detected...
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 24, 2010, 11:06:15 AM
Thank you for the logs. :) I'm not surprised you still have things being detected.  Essexboy will work with you later when he returns to the forum.

So now you know how to attach logs, which he will have you do for other tools he uses as well.  Do not make any further changes to your machine, and stay off of it (infected one) for now until you are ready to check the forum again and get further instructions from Essexboy.  Thank you again.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 24, 2010, 03:48:14 PM
I'm going camping tomorrow till Saturday....
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Asyn on November 24, 2010, 04:35:40 PM
I'm going camping tomorrow till Saturday....

Have fun..!! :)
asyn
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 24, 2010, 08:54:48 PM
When you get back lets run these fixes

Run OTL
THEN

Download ComboFix from one of these locations:


Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 25, 2010, 02:37:09 AM
Thx asyn ;D

And Essexboy i will do that when i come back,will the launcher.exe still be detected after all those steps??
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 25, 2010, 09:13:46 PM
Don't know yet
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 27, 2010, 10:53:09 AM
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45f9c9d4-d0e4-11de-8fd6-0024219bb59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45f9c9d4-d0e4-11de-8fd6-0024219bb59d}\ not found.
File 9b9w3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45f9c9d4-d0e4-11de-8fd6-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45f9c9d4-d0e4-11de-8fd6-0024219bb59d}\ not found.
File 9b9w3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56c2b4f1-b7fb-11de-8fa4-0024219bb59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56c2b4f1-b7fb-11de-8fa4-0024219bb59d}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56c2b4f1-b7fb-11de-8fa4-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56c2b4f1-b7fb-11de-8fa4-0024219bb59d}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\service.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a236850-07e8-11df-906a-0024219bb59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a236850-07e8-11df-906a-0024219bb59d}\ not found.
File ahymli.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a236850-07e8-11df-906a-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a236850-07e8-11df-906a-0024219bb59d}\ not found.
File ahymli.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8a08354-8c9d-11df-9192-0024219bb59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
File stara\\bagra.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
File stara\bagra.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
File stara\bagra.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8a08354-8c9d-11df-9192-0024219bb59d}\ not found.
File stara\bagra.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef561172-1621-11df-9089-0024219bb59d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef561172-1621-11df-9089-0024219bb59d}\ not found.
File J:\1.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Derek's Documents\Anti-virus stuff\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Derek's Documents\Anti-virus stuff\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 6025679 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1920371 bytes
 
User: Owner
->Temp folder emptied: 106998644 bytes
->Temporary Internet Files folder emptied: 607313161 bytes
->Java cache emptied: 2250268 bytes
->FireFox cache emptied: 65909324 bytes
->Google Chrome cache emptied: 420033713 bytes
->Apple Safari cache emptied: 141659136 bytes
->Opera cache emptied: 29473169 bytes
->Flash cache emptied: 109687 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108098 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2564768937 bytes
 
Total Files Cleaned = 3,766.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Owner
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.17.3 log created on 11272010_172013

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e18.dat not found!

Registry entries deleted on Reboot...
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 27, 2010, 10:54:43 AM
That was the log after the fix on OTL. Now i'm doing combofix.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 27, 2010, 10:59:16 AM
When i use the combofix it says that AVG is targeting it and won't let it start!! now my Start toolbar looks old!! PLS REPLY ASAP and tell me how to change my start toolbar new again!!
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 27, 2010, 11:03:01 AM
Ok now i've fix the toolbar problem now pls tell me about the combo fix problem.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 27, 2010, 03:02:11 PM
AVG in their wisdom have determined that Combofix is malicious and basically try to destroy the programme (and fail) but Combofix will not run unless AVG is uninstalled

Download the AVG removal tool from here http://www.avg.com/us-en/download-tools

Uninstall AVG then run the tool

On completion run combofix
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 28, 2010, 07:39:18 AM
Have you checked my OTL log is there any problems??
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 28, 2010, 01:25:08 PM
With OTL I removed all the visible malware - combofix will check out the hidden drivers and files
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on November 30, 2010, 10:07:48 AM
How come the combofix is in chinese?? Do u know how to change pc language to english??
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on November 30, 2010, 10:13:57 AM
How come the combofix is in chinese?? Do u know how to change pc language to english??
Did you have an option of what code (like Unicode) to use like with OTL?  I'd wait for Essexboy to assist you with this one.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on November 30, 2010, 09:21:50 PM
Do you have chinese set as a lnanguage on your system - as CF takes the language it finds in the number one spot
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on December 01, 2010, 04:09:13 AM
i don't really know... sometimes its in chinese but most of the time its in english...
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on December 01, 2010, 09:29:56 PM
Run combofix and just pretend that you speak chinese, the prompts are self explanatory any way - then post the log
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: derekdiong1 on December 07, 2010, 04:35:13 AM
These days very busy so i don't have time to run combo fix..i will do tat next week.. :(
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 13, 2011, 01:41:58 PM
recently i have also been having the same problem. here are my results at VirusTotal http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1301756743

i think i have downloaded the game 3 times and install and uninstall it for.. 5 times i think lol.
anyway, do u think i shud put it as a fp? or something else. thx
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on April 13, 2011, 10:00:40 PM
That is sality a file infector - is it on your system or is Avast blocking it ?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 16, 2011, 10:21:50 AM
its in my avast virus chest.. so.. i guess Avast is blocking it probably?
sry, low in english
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on April 16, 2011, 05:08:02 PM
Is Avast reporting multiple files infected on your system ?  If not then sality was blocked

What problems do you have now ?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 16, 2011, 05:25:45 PM
oo, no. my launcher.exe is the only infected file on my system for now.
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on April 16, 2011, 05:33:22 PM
Kill the launcher file as you do not want it on your system

Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 16, 2011, 06:22:15 PM
kill it as in.. delete it in the virus chest rite?
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on April 16, 2011, 06:32:22 PM
Yup - wave bye bye to it.  Although it is safe in the chest it is not the sort of file I would like to keep on my system
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 17, 2011, 03:21:02 AM
is there any other way? cos if i delete it, i would be deleting the file also. thus, i cant play my game since it needs a launcher? if no, then i understand
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: SafeSurf on April 17, 2011, 09:05:37 AM
If Essexboy says to kill it, as it delete it, then that's what he means.  You may be able to get the game launcher or game elsewhere, but otherwise you could be dealing with a dead machine. 
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: essexboy on April 17, 2011, 02:21:38 PM
The file is a sality launcher - not the game launcher

Download a fresh copy from the manufacturers site and use that instead
Title: Re: Sudden Attack Sea ( Virus or False Positive)?
Post by: Gravius on April 18, 2011, 10:56:36 AM
ok. thx for ur help. appreciate it.