Author Topic: Sudden Attack Sea ( Virus or False Positive)?  (Read 45070 times)

0 Members and 1 Guest are viewing this topic.

derick123

  • Guest
Sudden Attack Sea ( Virus or False Positive)?
« on: August 01, 2010, 06:48:15 AM »
sry for posting in the wrong place just now.... so should i just submit the the file as false positive?

derick123

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #1 on: August 01, 2010, 06:50:40 AM »
result in virus total :

a-squared    5.0.0.31    2010.07.16    -
AhnLab-V3    2010.07.17.00    2010.07.16    -
AntiVir    8.2.4.12    2010.07.16    -
Antiy-AVL    2.0.3.7    2010.07.15    -
Authentium    5.2.0.5    2010.07.16    -
Avast    4.8.1351.0    2010.07.16    Win32:Sality
Avast5    5.0.332.0    2010.07.16    Win32:Sality
AVG    9.0.0.836    2010.07.16    -
BitDefender    7.2    2010.07.17    -
CAT-QuickHeal    11.00    2010.07.16    -
ClamAV    0.96.0.3-git    2010.07.16    -
Comodo    5451    2010.07.16    Heur.Pck.Themida
DrWeb    5.0.2.03300    2010.07.17    -
eSafe    7.0.17.0    2010.07.15    -
eTrust-Vet    36.1.7715    2010.07.16    -
F-Prot    4.6.1.107    2010.07.16    -
F-Secure    9.0.15370.0    2010.07.16    -
Fortinet    4.1.143.0    2010.07.16    -
GData    21    2010.07.17    Win32:Sality
Ikarus    T3.1.1.84.0    2010.07.16    -
Jiangmin    13.0.900    2010.07.16    -
Kaspersky    7.0.0.125    2010.07.17    -
McAfee    5.400.0.1158    2010.07.17    Artemis!FD56DB070488
McAfee-GW-Edition    2010.1    2010.07.16    Artemis!FD56DB070488
Microsoft    1.6004    2010.07.16    -
NOD32    5285    2010.07.16    -
Norman    6.05.11    2010.07.16    -
nProtect    2010-07-16.01    2010.07.16    -
Panda    10.0.2.7    2010.07.16    Suspicious file
PCTools    7.0.3.5    2010.07.17    -
Prevx    3.0    2010.07.17    -
Rising    22.56.04.04    2010.07.16    -
Sophos    4.55.0    2010.07.17    Sus/Sality-A
Sunbelt    6595    2010.07.17    -
SUPERAntiSpyware    4.40.0.1006    2010.07.17    -
Symantec    20101.1.1.7    2010.07.16    -
TheHacker    6.5.2.1.318    2010.07.16    -
TrendMicro    9.120.0.1004    2010.07.16    -
TrendMicro-HouseCall    9.120.0.1004    2010.07.17    -
VBA32    3.12.12.6    2010.07.16    -
ViRobot    2010.7.12.3932    2010.07.16    -
VirusBuster    5.0.27.0    2010.07.16    Packed/Themida
Additional information
File size: 1884160 bytes
MD5   : fd56db070488273b75f1c9875bd94759
SHA1  : f4b6a3d093e82f0f0dfa501ede8d66521e56d227
SHA256: 7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x133014
timedatestamp.....: 0x4979695F (Fri Jan 23 07:53:19 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xCE000 0x22000 7.97 ebd8a6eefd128ac8f90e4232d186df65
.rsrc 0xCF000 0x625B0 0x41000 7.95 05acff6eac0028146020ab02684aaff0
.idata 0x132000 0x1000 0x1000 0.24 f5ac2ce60737c87682ba156e406b7f27
SA_L 0x133000 0x2DF000 0x167000 7.80 d737468b24fc79f7fe8a60325460734f

( 2 imports )

> comctl32.dll: InitCommonControls
> kernel32.dll: CreateFileA, ExitProcess

( 1 exports )

> _interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B
TrID  : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:APDZ/qbc+KiWtDkfUM6BN2O0qaIlayj1s:APDZ/qbdKK/6eO0qaryj
sigcheck: publisher....:
copyright....: Copyright (C) 2008
product......: SuddenAttack
description..: SuddenAttack
original name: SuddenAttack
internal name: SuddenAttack
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
packers (F-Prot): Themida
RDS   : NSRL Reference Data Set

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #2 on: August 01, 2010, 07:31:45 AM »
Did you run an Avast scan on your machine?

Edit:  OP's prior post in wrong section of forum: http://forum.avast.com/index.php?topic=62418.0.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76053
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #3 on: August 01, 2010, 11:34:59 AM »
so should i just submit the the file as false positive?

Doesn't look like a FP...
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Jtaylor83

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #4 on: August 01, 2010, 03:34:42 PM »
Looks like a real Sality infection.

You will need to format and re-install your OS. Backup all your personal files (non-PE) before you start from scratch.

Virut and other file infectors - Throwing in the Towel?

When should I re-format? How should I reinstall?

You can also use Sality Killer or Dr. Web CureIt.


derick123

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #5 on: August 01, 2010, 04:13:41 PM »
but then... this program is a popular online game worldwide... and i played this game for around 3 years without any problem or detection from nod32 before i switch to avast. ???

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #6 on: October 25, 2010, 03:43:42 PM »
I also have the Sudden Attack SEA multiplayer game installed on my computer and when I did a full scan with avast recently, it detected the launcher.exe in the SuddenAttackSEA folder as a Win32:Sality.

I am also thinking if it may be a false positive as I downloaded this game from the official site and I know it is a game that many many people in Malaysia and Singapore play. And as far as I can tell, there appears to be no symptoms of a Win32:Sality infection - my firewall, anti-virus, etc are running fine..

However, I found something that seems interesting to note. When I went to the settings for the File System Shield, SuddenAttackSEA was under the exclusions and I don't remember ever putting it there myself.

Is there anything that can be done to confirm whether this file is really infected or just a false positive?
« Last Edit: October 25, 2010, 04:20:36 PM by Mopppp »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37151
  • Not a avast user
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #7 on: October 25, 2010, 04:45:48 PM »
Quote
Is there anything that can be done to confirm whether this file is really infected or just a false positive?
Upload to www.virustotal.com and test the file with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #8 on: October 25, 2010, 04:52:30 PM »
virustotal seems to be down at the moment? I get redirected to a page saying "Sorry! We could not find www.virustotal.com

It may be unavailable or may not exist."

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37151
  • Not a avast user
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #9 on: October 25, 2010, 04:57:52 PM »
It is working fine here....  ???

you can also try http://www.virscan.org/   or   http://virusscan.jotti.org/en

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 76053
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #10 on: October 25, 2010, 05:00:46 PM »
It is working fine here....  ???

+1
No problems with VT here...
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37151
  • Not a avast user
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #11 on: October 25, 2010, 05:02:37 PM »
if you get redirected....maybe you should check for malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found

derick123

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #12 on: October 25, 2010, 05:10:57 PM »
It is working fine in my comp now... avast no longer detect it as a threat.. Is your virus definition up to date?

Derick

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #13 on: October 25, 2010, 05:55:28 PM »
Oh wow, already sidetracked by another problem...
I get redirected from virustotal. I better scan my comp with malwarebytes.
Could there be other reasons apart from malware that I get redirected and can't access virustotal?

EDIT: Ah I did a bit of searching and the reason why I can't access virustotal seems to have something to do with my ISP's DNS.
      Now back to the main problem - I will try and update my avast virus definitions and scan again to see if the file still comes up as infected.
« Last Edit: October 25, 2010, 06:09:04 PM by Mopppp »

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #14 on: October 25, 2010, 07:18:02 PM »
I updated my virus definitions and rescanned and the file was still picked up as a win32:sality.
I also uploaded the file to virustotal and here is the result...similar to derick123's

http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519

So what should I do from here?

I also have a few questions:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be fairly trusted - the official game website)

2)As I mentioned in an earlier post - is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

« Last Edit: October 26, 2010, 04:18:32 AM by Mopppp »