Author Topic: Zuma Deluxe.exe virus  (Read 11908 times)

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Zuma Deluxe.exe virus
« on: July 16, 2008, 10:47:35 AM »
Okay, so I backed up a bunch of files onto a dvd disk bout a month ago, they were all scanned seconds before going onto the disc, now all of a sudden when I try to run or even what i'm trying to do now, install, Zuma Deluxe, this message comes up Win32:Trojan-gen (other) telling me it's now got a virus/malware.  What in the heck is Avast doing, because if its a false positive i'm getting pretty tired of it.  Soon, it'll be all my programs are suddenly infected because of false positives, and I won't be able to run any of them.

My only 2 scanners on this pc are Ad-aware, and Avast 4.8 Home Edition, VDB is 080715-0. 07/15

And I have no intentions of doing needless scanning for log files for whatever, because I was just using the program, Zuma Deluxe, like a week ago, and no problems at all.  So any ideas as why all of a sudden its infected when it wasn't when it went onto the disc?

Does Avast even have a way to actually clean the files other than going to chest all the time??

« Last Edit: July 16, 2008, 10:49:30 AM by Twigs »

Offline Jtaylor83

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 1068
  • Gender: Male
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #1 on: July 16, 2008, 10:55:49 AM »
As usual, upload the file to VirusTotal and post the results.
Avast 6.0, MalwareByte's Anti-Malware, CCleaner, Defraggler, DownloadHelper, WOT, NoScript, KeyScrambler, Thunderbird, Firefox, Windows XP SP3.

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #2 on: July 16, 2008, 06:17:12 PM »
***

Welcome to the forums, Twigs.   :)

It may well depend on what website from which you downloaded Zuma Deluxe. Not all of them will be "clean" downloads of the game. Although the creators of these small games create clean games, there are websites that add malicious programs to the downloads. There are 2 examples below. Click them to enlarge.

I agree that you should follow Jtaylor's advice above as a first step. It may be that you have a clean copy of the game and it is a false postitive ... but then again, you may have an infection.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #3 on: July 16, 2008, 06:26:43 PM »
***

By the way, Twigs ...

These days, Adaware is not considered a very good program to detect such malware. I would suggest you download the free versions of others such as SuperAntiSpyware, Spyware Terminator (without installing the toolbar, clamav, etc), and/or Spybot - Search & Destroy (activate Teatimer module only if you want resident spyware protection).

Another example of a bad Zuma download site below.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #4 on: July 17, 2008, 04:54:10 AM »
I know the downloaded file is clean and legit, as I bought it straight from the Yahoo website, and that was back in 2005.  I've been playing the game perfectly fine, and never had any problems until about a week ago.

Spybot, I used to have it, and I was told Ad-aware was better, when I uninstalled spybot and ran ad-aware, ad-aware had found 300+ infections that spybot wasn't even finding.  And I remember this clearly because just before I had gotten rid of spybot I did one final scan, and it came up 100% clean, and it was right after that scan that I had uninstalled spybot, installed ad-aware, and on the first scan it found 300+ infections, and a couple TAC 8's and 9's.  So i'm still very very skeptical about going back to spybot.


Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
VirusTotal scan results
« Reply #5 on: July 17, 2008, 05:00:28 AM »
File has already been analysed:


MD5: c6cf7c22edb668503b1cc518313e9016
First received: 11.13.2007 08:35:57 (CET)
Date: 07.13.2008 08:46:56 (CET) [>3D]
Results: 6/33
Permalink: analisis/4f4743b5f004527f8de9a80c2e9cad03



Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #6 on: July 19, 2008, 09:31:56 AM »
I created a new post because once a post is looked at X amount of times, the author of that post could be adding more information to the post, while no one else will look at it, once it goes to page 2, 3, 4, etc. etc.

I personally don't feel like i'm being helped at all with my current situation.  And using the same generic answer is not help either.

But this is my problem, and if it's not too much hassle, I would kindly ask that if someone has spare time, to please help me figure out how to get rid of this virus.

I feel that the virus in question, Win32:Trojan-gen {other} is a false positive and has infected one of my files that came clean off of a dvd back-up disk I created.  The infected file is a legit archive installer for a game, Zuma Deluxe, Avast 4.8 is able to scan it and finds that the Zuma Deluxe.exe file inside of the archive is infected, I have uploaded the file once to the Avast Online Virus Cleaner, 0 infections were found.  I also went to http://www.freedrweb.com/cureit/, the results of that online scan also came up CLEAN.  AND I also posted above this post, the virustotal results log of when I sent the file there.  All i'm looking for is just some advice or instructions on what to do so I can get rid of this virus.

Offline wyrmrider

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1299
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #7 on: July 19, 2008, 07:32:44 PM »
sorry for the go around
Have you uploaded the file to Avast?
virus total usually does that automatically- however...

ad-aware has changed back and forth over the years
The also got involved with OINGO after it was bought by Google Ad-sense- need I say more
they either quite using OINGO technology adware or hid it but I question their ethics as they never admited
Ad-aware may find 300 fragments that spybot or one of the other cleaners do not find but usually they are benign
Only the paid version has any real time protection
ad-aware has the reputation of pulling detections when a baddie threatens them
Spybot has the reputation of standing up to the bad guys

So Spybat and SAS would be my choices as FREE on-demand scanners
Spybot's immunize feature along with Spywareblaster can't hurt
 Malwarebytes' Anti-Malware may also deal with this

so run the spybot scan first then MBAM and let us know
you can remove ad-aware if it did not detect or keep it as an on-demand scanner


these may also work for you
RogueRemover
Spyware Terminator (exclude the crawler toolbar, add ons, and ClamAV)
let us know

did you post a link to your virus total results?
if KAspersky or Bit Defender or one of the ones with a good on-line scan detected run that scan

thanks for your interest in keeping Avast up to date
« Last Edit: July 19, 2008, 07:40:01 PM by wyrmrider »

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #8 on: July 19, 2008, 08:14:25 PM »
File has already been analysed:


MD5: c6cf7c22edb668503b1cc518313e9016
First received: 11.13.2007 08:35:57 (CET)
Date: 07.13.2008 08:46:56 (CET) [>3D]
Results: 6/33
Permalink: analisis/4f4743b5f004527f8de9a80c2e9cad03

This is the virustotal log from 7/17/2008

Yea, Avast has an Online virus cleaner which when I uploaded my file, the results came back that there was no infections.  Its only Avast 4.8 that says the file is infected.

Offline wyrmrider

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1299
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #9 on: July 19, 2008, 09:20:06 PM »
Results: 6/33

post up the list or a link to the 33 who looked at your sample
which 6 and what were their results- hit names

any luck with any of the other scanners yet?

interesting
where did you find the on live virus scanner?
I'll run some test things myself

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #10 on: July 19, 2008, 09:32:34 PM »
http://www.virustotal.com/reanalisis.html?de9010e887c14a69ff28f9f32a11a3c2

This is the link to the virustotal.

http://www.avast.com/eng/down_cleaner.html

This is the link to the Avast online virus cleaner you can download.  I didn't download it I decided to just open it and scan the file that way.

http://www.freedrweb.com/cureit/

And this link is to the other online virus scanner I used to scan the file.

But I think both of these online scanners contain information for removing a known list of viruses that can be cleansed only.  And I think this virus Avast keeps reporting is just a generic name for any type of malware or worm infecting this file.  I've ran two different online scanners on this file however, both came up 100% clean.  So thats why i'm thinking if the online scanners say the file is clean, why does the Avast 4.8 program say virus?

Offline wyrmrider

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1299
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #11 on: July 19, 2008, 09:40:25 PM »
Impossible to tell from the virus total log if this is a FP or not
hopefully someone form AVAST will ask for an up load
I've never had to do it
Is there stickie or FAQ covering the subject?
You do seem to be posted in the correct place

thanks for the links

you can
Zip the file with a password, place (inform) copy of the password in the email body and send the email to virus (at) avast.com
with a link to this thread
should work

no use scanning with scanners with no hits
AS soon as you find out that this is a real virus you could scan with the other scanners and let them know about your detection :)

ps
"This is the link to the Avast online virus cleaner you can download."
is Dr Web not Avast (no harm no fowl)
« Last Edit: July 19, 2008, 09:50:34 PM by wyrmrider »

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #12 on: July 19, 2008, 10:38:59 PM »
There were 2 different online scanner links, this one http://www.avast.com/eng/down_cleaner.html is for avast


This link http://www.freedrweb.com/cureit/ is for Dr. Web.  Which I know isn't avast, but I wanted to post my sources as a verification since that seems to be the trend on most other websites.

I'll see if I can upload to Avast or not.  I thought I saw something last nite that in order to contact them you had to pay money.

Thanks for the help so far :D

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #13 on: July 19, 2008, 11:21:46 PM »
I've changed this post, I know how to set a password now to my zip files.  I pulled one of the infected Zuma.exe files out of the chest, and Avast renamed it to Zuma.exe.vir

When I try to send it through email using my yahoo email acct., yahoo tells me the zip file is infected, and cannot be attached.  However, if I right click the file and click scan, Avast does not find the zip file to be infected at all.  Yahoo uses Norton to scan files being attached, so I dont know what to do now.
« Last Edit: July 20, 2008, 12:11:15 AM by Twigs »

Offline Twigs

  • Newbie
  • *
  • Posts: 15
    • Personal Message (Offline)
Re: Zuma Deluxe.exe virus
« Reply #14 on: July 20, 2008, 02:33:15 AM »
At the request of a friend I went to http://www.eset.eu/online-scanner-run which scanned my entire computer.  0 threats were detected.  But yet Norton via Yahoo wouldn't even let me attach that zip file because it said it was infected.  I'm pretty dead set that it has to be an Avast issue.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now