So, I was having a problem with cod 4 modern warfare (1 not the new one) and since i run it through steam which auto updates i was at version 1.7 when my friend whom I wanted to play with was at 1.6. The issue was he isn't able to update to 1.7 so we tryed to find a workaround to downgrade me to 1.6. The links we had found worked (for non-steam users. i was out of luck) apparently we had found an application that allowed you to swap between patches that worked for steam.
I scanned the file with MSE,MBAM,a-squared and even hitman pro. I then uploaded it to virus total and jotti and it came back clean. I installed the program and went to the directory it had installed to and decided to scan the files it created, the application itself and the uninstaller.
They all came back clean except for the exception of ONE detection by mcafee as a behaves-like-heuristics.trojan.h. I figured... hmm false positive if its 1/41 detecting it. i decided to be on the safe side and uploaded both the uninstaller and the app itself to anubis and the results were ...strange... Im not sure what to make of them.
They look like they are creating files ,modifying registry's to change security settings and even opens a dns connection. i figured it could be normal, it has to create this and that and the dns connection is for the updater.
I ran it past my friend who also deemed it to be unsafe. the uninstaller does the same yet SPAWNS a process during uninstallation.
this seems to be very malicious and yet undetected because itself is NOT bad. it opens connections for the bad things to happen.
Please, someone look at the reports and help me. I need to know if it created other files and registry entries and if its bad or not.
I have NOT used it yet. merely installed it.
virustotal result for for the application. 0/41
http://www.virustotal.com/analisis/c651cadd2e1aa659ac1b9b964861fbbee896e4f772e64f6545827003a12492a4-1263862888virustotal for the uninstaller: 1/41
http://www.virustotal.com/analisis/d581f4f5d27c49257e7b72af0ab589fd7b259c6542bca5e388477c1760bc87de-1263863063Jotti results : (both came back clean so i wont post the links.)
HERE is the interesting stuff that tells you what the file is doing and the processes its creating and what not.
anubis results for application :
http://anubis.iseclab.org/?action=result&task_id=1a3bebc737584ddd42d5d50f38cde5124&format=htmlanubis results for uninstaller :
http://anubis.iseclab.org/?action=result&task_id=11111a8d38dadcba4e571754ec217ee05&format=htmlyou may download the file in question to analyse it yourself at(MAY BE MALICIOUS. DOWNLOAD AT OWN RISK)
hxxp://etwolf.net/download/patch/CoD4-Version_Changer_v1.7.5.3_%5BUK%5D.exe
