Win32:Kolabc-CN [Wrm] in every game from Big Fish Games?!

[bpgisme]

I'm not sure if they've updated Avast or if all my fiddling made it work, but I can play the games again!  Yay!

[misak]

False positive alert in "Big Fish Games" has been fixed in VPS 080711-0

[amandapace]

Thank you tech support!!

[Ratqueen]

I just installed the latest virus definitions 080722-1, and I'm having what I believe is another false positive with one of my Big Fish Games: Mahjong Towers Eternity. The file flagged has having a Trojan is named nqnvbtr.exe (that's the file used to launch the game). Anybody else having this problem, and is this also going to be fixed in an upcoming update?

I scanned all my drives and this file was the only one flagged as having a virus. I quarantined it, then reinstalled Mahjong Towers Eternity from a fresh download off Big Fish' site, but aVast still flags it have having a Trojan.

Thanks for your help.

[Lisandro]

Ratqueen, To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

[Ratqueen]

Thanks for the information. I did as you suggested (had to exclude the file from aVast to be able to upload it to VirusTotal first -- it wouldn't let me otherwise).

I don't know what qualifies as a false positive, but the results are quite ambiguous, here:
http://www.virustotal.com/reanalisis.html?cf2b8ce6c683494df4ede733494f7e37

Should I still send you the file by email?

I really don't think this file contains a virus -- Big Fish Games certify that all their games are virus-free (and that's really to their own advantage too). I scanned all my drives which were found clean except for this file, and reinstalled the game from a fresh download. Yet, aVast still flags the newly-installed "certified clean" file as being a Trojan. I've been using this game for several months with no ill-effects. It was only flagged as a Trojan since July 11.

I'm also trying to understand how sending a file to VirusTotal for analysis determines whether a file really contains a virus or not. Is this only based on whether or not a large enough number of other antivirus programs flag is as such? From my end it looks like word of mouth science ('course, I'm no expert. I'm just saying).

I'll be glad to email the file to you as per your instructions if you think this may be helpful.

Thank you.

EDIT: Forgot to mention that the virus found in this file is win32: Trojan-gen {other}, which I read in another thread was a very common trigger for false positives...

[Lisandro]

I don't know what qualifies as a false positive, but the results are quite ambiguous, here:
http://www.virustotal.com/reanalisis.html?cf2b8ce6c683494df4ede733494f7e37

This link goes to nowhere...

Should I still send you the file by email?

It won't be bad (virus (at) avast (dot) com).

Is this only based on whether or not a large enough number of other antivirus programs flag is as such? From my end it looks like word of mouth science ('course, I'm no expert. I'm just saying).

It's not 100% sure, neither for positive nor for negative detection... but the more scanners you test, the more probability of taken the right decision, don't you think?

[Ratqueen]

This link goes to nowhere...

Sorry about the link. This is the correct link:

http://www.virustotal.com/analisis/ca9bd8a085a929d79c8246dae9087f1d

Not really sure what to do now, besides sending the file to aVast, if you think that would be useful.

Thanks.

[Lisandro]

Not really sure what to do now, besides sending the file to aVast, if you think that would be useful.

It does not seem to be a false positive... seems an infected file...
Maybe you could send it to virus (at) avast (dot) com into a zip passworded archive.
In the email body you could mention the password used and a link to this thread.

[Ratqueen]

It does not seem to be a false positive... seems an infected file...

Mmh, I still think the file is clean.

May I ask what this virus win32: Trojan-gen {other} is supposed to do? I tried to look it up in the aVast virus database, but I can't find anything at all in there. Is this virus supposed to spread to other files on the infected system? What damage is it supposed to do? Because I've been running this supposedly infected file for months every day (and still running the game now), and it hasn't spread to any other files on my system, nor have I noticed any odd behaviors at all. Just wondering.

Maybe you could send it to virus (at) avast (dot) com into a zip passworded archive.
In the email body you could mention the password used and a link to this thread.

I will do that. Thank you.