Author Topic: Sudden Attack Sea ( Virus or False Positive)?  (Read 48149 times)

0 Members and 1 Guest are viewing this topic.

derick123

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #15 on: October 26, 2010, 07:30:27 AM »
Before this, avast also picked up launcher.exe as virus in my comp.... but after i reformatted my comp,avast no longer pick it up as virus... what about trying to uninstall your sudden attack and reinstall it? does that solve your problem? my virus total result: http://www.virustotal.com/file-scan/report.html?id=887a0a94f9df16a50f82ccfc9bedda4b2a0b97cdfc3b5768f26161fc8b33bfc1-1288019238
« Last Edit: October 26, 2010, 07:38:17 AM by derick123 »

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #16 on: October 26, 2010, 07:40:56 AM »
@ derick123,

If Mopppp is being redirected on the Internet, this is a clear sign of malware.  Therefore uninstalling/installing  a game will not resolve the problem.  This OP has much deeper issues that need to be dealt with.  Thank you for trying. ;)

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #17 on: October 26, 2010, 07:53:50 AM »
@ Mopppp,

You clearly have signs of malware on your machine. 

1.  Can you please update and run a FULL MBAM scan, then cut and paste the log to this thread.  Quarantine any threats/infections that come up (do not delete or ignore the infections).

2.  Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0

Follow the directions for obtaining the OTL logs.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post). 

After you post the MBAM and OTL logs, I will then refer you to our Certified Malware expert, Essexboy, for malware removal.  After completing your OTL logs, do not make any changes to your machine.

Essexboy will analyze your logs and give you further instructions here in this thread, therefore check the thread at least daily; he is on UK time zone.  In the meantime, I will be available to assist you should you have any questions.  Do you have any questions?




Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #18 on: October 26, 2010, 09:33:41 AM »
Ah I already said this in an earlier post - I found out the reason I am getting redirected is because of a problem with my Internet Service Provider's (ISP's) Domain Name System (DNS) service. The redirecting has nothing to do with malware. I ran a full scan of malwarebytes and came up completely clean.

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #19 on: October 26, 2010, 09:49:30 AM »
I updated my virus definitions and rescanned and the file was still picked up as a win32:sality.
I also uploaded the file to virustotal and here is the result...similar to derick123's
http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519
You reported win32:sality, which is a nasty malware.  How do you know that the reason you are getting redirected is because of a problem with your Internet Service Provider's (ISP's) Domain Name System (DNS) service?  How have you fixed this problem?

I am willing to offer you assistance if you want it.

doggie015

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #20 on: October 26, 2010, 10:14:12 AM »
virustotal seems to be down at the moment? I get redirected to a page saying "Sorry! We could not find www.virustotal.com

It may be unavailable or may not exist."
That happens to me whenever I try to access it through Bigpond's DNS servers. It works fine on OpenDNS tho

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #21 on: October 26, 2010, 10:21:21 AM »
@SafeSurf

I did a bit of searching around on the internet and found many people using my ISP have complained about the DNS service. So I manually changed my internet to use the Google Public DNS and I was able to access virustotal (hence being able to post the results in the link I provided). And so because of this I am sure that the problem of being redirected does not involve malware.

Also let me restate...

I ran a full avast scan and the launcher.exe file was the only file detected and so I quarantined it in virus chest.
I ran a full MBAM scan and NO files were detected as malware.
« Last Edit: October 27, 2010, 04:34:12 AM by Mopppp »

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #22 on: October 27, 2010, 04:34:43 AM »
So what should I do from here?

I also would appreciate it if someone could answer these questions that I have:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

« Last Edit: October 27, 2010, 04:37:09 AM by Mopppp »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #23 on: October 27, 2010, 07:45:28 AM »
1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?

1. Yes, that's possible.
2. Yes, it's strange..!
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #24 on: October 27, 2010, 07:54:35 AM »
I ran a full avast scan and the launcher.exe file was the only file detected and so I quarantined it in virus chest.
I ran a full MBAM scan and NO files were detected as malware.
If you ran the Avast scan first, then MBAM may have had nothing to pick up as a threat.  We do recommend that any threats/infections in the Virus Chest (VC) remain there for 1.5 - 2 weeks.  You can, however right click on the item(s) in the VC to rescan it, especially since Avast just put out a large update.  If the rescans still comes out as infected, then it is malware and leave it in the VC.  Should it come out clean, you can restore it.

I also would appreciate it if someone could answer these questions that I have:

1) Are there ways in which the launcher.exe could have been clean when I downloaded but later infected by something else? (Note: this is the one and only infected file picked up by the avast scan on the whole computer. And also that I downloaded the file from a source that I believe to be trusted - the official game website)

2) Is it unusual that SuddenAttackSEA was under the exclusions for the File System Shield when I don't remember ever putting it there myself?
1.  Not unless it is a FP, in which case follow the directions I posted above in THIS post for rescanning items in the VC after Avast does periodic updates.

2. Yes, very unusual.  Does anyone else use your machine?  Did you check for a keylogger or other type of malware that allow remote access to your machine? 
Other suggestions I have for you are:

Keep your definitions up to date for both Avast and MBAM.  Keep all your shields on with Avast, do Quick scans with MBAM, and add things to your browsers for safer browsing.

You may also want to check to see that your software is up to date with the free Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/ since software is changing all the time.  This site gives you the vendor's direct download link making it easy to upgrade your software.  Many of us here scan our machines weekly.

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #25 on: October 27, 2010, 09:26:28 AM »
Yes, very unusual.  Does anyone else use your machine?  Did you check for a keylogger or other type of malware that allow remote access to your machine? 
No one else uses my computer. I did check for keyloggers and other malware by scanning with an updated MBAM (coming up clean with no files detected).

Is it unusual because only way to put something onto the exclusion list is manually?



In the meantime, I will keep the file in the virus chest and scan it regularly. I will post up my situation after some time has passed.

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #26 on: October 27, 2010, 09:41:05 AM »
Is it unusual because only way to put something onto the exclusion list is manually?
Yes.
Keep us posted.

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #27 on: November 01, 2010, 02:25:06 PM »
Well it has been about a week since the file was first detected.

I have been regularly scanning the quarantined file with avast and it is still being detected as a win32:Sality.

I also uploaded it again to virustotal today.

And the result is the same as last week's.

Today's result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288617733

Last week's result: http://www.virustotal.com/file-scan/report.html?id=7cd115a6cb58422f8a45d06baba8c00eaab245c93786e29d01302b67c755540e-1288026519

So does this mean this is not a false positive?

SafeSurf

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #28 on: November 02, 2010, 01:35:36 AM »
Your VT link for today's results didn't come through, but you said that were the same as last week's, so I believe you.

If you rescanned the items in the VC, I would err on the side that it is malware since Avast did a large update recently.  However I would also suggest that you keep it in the VC longer and rescan in another week, but I wouldn't hold my breath that the results would change.

Let me ask you something:  Is your machine acting normally now or not?  If not, please describe any problems.

Also, have you performed additional MBAM scans (update MBAM first)?  Thank you.

Mopppp

  • Guest
Re: Sudden Attack Sea ( Virus or False Positive)?
« Reply #29 on: November 02, 2010, 01:45:50 AM »
My machine is acting normal as far as I can tell. Nothing unusual at all. The symptoms for a win32:Sality infection includes the disabling of security-related processes, but my firewall (comodo), antivirus (avast), and background spyware scanner (spybot) all appear to be running normally.

As for MBAM, I have done 3 scans with it since the file was detected and all scans have come up clean.