Author Topic: Win32:Malware-gen falsely detected in a video game? (Read 4256 times)

fatherast · « **on:** January 13, 2022, 02:29:15 PM »

Hello, there is a very known video game called Freestyle GunZ, here is their website: http://fgunz.net and here is a download link of the game provided by the official website: https://fgunz.net/Freestyle%20GunZ%20V8%20Installer.exe

Upon installing the game, my Avast blocks the game and notifies it has Win32:Malware-gen in it. It is a known false and even Windows confirmed it to be false in Windows Defender.

Would very much appreciate if an Avast dev can look into it and confirm

Asyn · « **Reply #1 on:** January 13, 2022, 02:30:33 PM »

Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

fatherast · « **Reply #2 on:** January 13, 2022, 02:52:41 PM »

Quote from: Asyn on January 13, 2022, 02:30:33 PM

Hi, you can report a suspected FP (File/Website) here: https://www.avast.com/false-positive-file-form.php

Hi, the maximum file size there is 50mb whereas the file is 400mb and it doesn't let me proceed without uploading a file.

Asyn · « **Reply #3 on:** January 13, 2022, 03:18:51 PM »

Report the link and mention it in the description.

Asyn · « **Reply #4 on:** January 13, 2022, 03:20:19 PM »

FYI: https://sitecheck.sucuri.net/results/fgunz.net

fatherast · « **Reply #5 on:** January 13, 2022, 03:21:34 PM »

Quote from: Asyn on January 13, 2022, 03:18:51 PM

Report the link and mention it in the description.

Thank you. Do you know how long does it usually take?

Asyn · « **Reply #6 on:** January 13, 2022, 03:23:40 PM »

You're welcome. You should get a reply within 48 hours.

Pondus · « **Reply #7 on:** January 13, 2022, 03:36:14 PM »

avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1

fatherast · « **Reply #8 on:** January 13, 2022, 04:10:13 PM »

Quote from: Pondus on January 13, 2022, 03:36:14 PM

avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1

Hi, so I too have run it through virustotal, but Avast kept timing out. Regardless, I suppose it would flag it since my Avast does. My goal at this point is for someone to tell me whether it is a false alert or true.

Pondus · « **Reply #9 on:** January 13, 2022, 04:26:29 PM »

Quote from: fatherast on January 13, 2022, 04:10:13 PM

Quote from: Pondus on January 13, 2022, 03:36:14 PM
avast/AVG engine timed out, wait an hour and click refresh to see if it is detected

https://www.virustotal.com/gui/file/b444175c211fafe82a84cc791aa032c17d13a71b9465f9b5d759253e65e78705?nocache=1

Hi, so I too have run it through virustotal, but Avast kept timing out. Regardless, I suppose it would flag it since my Avast does. My goal at this point is for someone to tell me whether it is a false alert or true.

No, VT already have the file, you just click the refresh button at top right ... as i have just done

Seems it timed out again

polonus · « **Reply #10 on:** January 13, 2022, 06:29:24 PM »

Pondus' interpretations of VT results have been found to be very accurate (i.m.h.o.).

As you can see the file has not been signed. That makes it at least more FP-prone.

Then it comes in the following categories,
that makes it could be much easier to be(come) malware-infested.

Buckets:
PastesPRO
Darknet: TorPRO
Darknet: I2PPRO
WhoisPRO
UsenetPRO
Private LeaksSECRET
Leaks COMBSECRET (info credits go to X Intelligence X special search engine)

But is no longer detected here: https://www.virustotal.com/gui/url/32303b34286480e53f6721ac782728999f90861534f75df93703a2ff5aee096e?nocache=1 (I am asking Pondus why some detections are not constantly being distributed to VT?)

polonus

fatherast · « **Reply #11 on:** January 13, 2022, 06:38:32 PM »

Quote from: polonus on January 13, 2022, 06:29:24 PM

Pondus' interpretations of VT results have been found to be very accurate (i.m.h.o.).

As you can see the file has not been signed. That makes it at least more FP-prone.

Then it comes in the following categories,
that makes it could be much easier to be(come) malware-infested.

Buckets:
PastesPRO
Darknet: TorPRO
Darknet: I2PPRO
WhoisPRO
UsenetPRO
Private LeaksSECRET
Leaks COMBSECRET (info credits go to X Intelligence X special search engine)

But is no longer detected here: https://www.virustotal.com/gui/url/32303b34286480e53f6721ac782728999f90861534f75df93703a2ff5aee096e?nocache=1 (I am asking Pondus why some detections are not constantly being distributed to VT?)

polonus

Hi polonus, thank you for following up with this. Please let us know once it can be established whether the game is infected or not

polonus · « **Reply #12 on:** January 13, 2022, 06:46:59 PM »

Howdy fatherast,

Well, we will keep an eye out for eventual final verdicts and scan results.
There are more ways than one to kill the proverbial animal you know.

Also waiting for some specific feed-back from my forum friend, Pondus.
He sees more where VT is concerned than the average person will.

I am more into website security analysis and error-hunting, my specific thingy (libraries, JS, CMS etc.).
So whenever new data will arrive, you will read it here pronto.

So keep safe both offline as well as online, is the wish of,

polonus

fatherast · « **Reply #13 on:** January 13, 2022, 07:00:58 PM »

Quote from: polonus on January 13, 2022, 06:46:59 PM

Howdy fatherast,

Well, we will keep an eye out for eventual final verdicts and scan results.
There are more ways than one to kill the proverbial animal you know.

Also waiting for some specific feed-back from my forum friend, Pondus.
He sees more where VT is concerned than the average person will.

I am more into website security analysis and error-hunting, my specific thingy (libraries, JS, CMS etc.).
So whenever new data will arrive, you will read it here pronto.

So keep safe both offline as well as online, is the wish of,

polonus

Thank you kindly! Much obliged

I will be following this thread

Pondus · « **Reply #14 on:** January 13, 2022, 07:38:05 PM »

It seems that avast/AVG engine used at VT will not scan this file (times out) maybe it has something to do with the file size? 605mb

Author Topic: Win32:Malware-gen falsely detected in a video game? (Read 4256 times)

fatherast

Win32:Malware-gen falsely detected in a video game?

Asyn

Re: Win32:Malware-gen falsely detected in a video game?

fatherast

Re: Win32:Malware-gen falsely detected in a video game?

Asyn

Re: Win32:Malware-gen falsely detected in a video game?

Asyn

Re: Win32:Malware-gen falsely detected in a video game?

fatherast

Re: Win32:Malware-gen falsely detected in a video game?

Asyn

Re: Win32:Malware-gen falsely detected in a video game?

Pondus

Re: Win32:Malware-gen falsely detected in a video game?

fatherast

Re: Win32:Malware-gen falsely detected in a video game?

Pondus

Re: Win32:Malware-gen falsely detected in a video game?

polonus

Re: Win32:Malware-gen falsely detected in a video game?

fatherast

Re: Win32:Malware-gen falsely detected in a video game?

polonus

Re: Win32:Malware-gen falsely detected in a video game?

fatherast

Re: Win32:Malware-gen falsely detected in a video game?

Pondus

Re: Win32:Malware-gen falsely detected in a video game?