*URGENT* Win32:SdBot-996 Company sells software which steals information ?

[Wessi]

Hello everyone here. I hope I am getting some attention because I am a user which actually wanted to use this program . This is an addon for a computer game which u can play online. After installing the file i got a warning which you can read here:

http://forum.lin2rich.com:8080/viewtopic.php?t=2888&start=15&postdays=0&postorde

The rest in the post is included too. You can also download the file at this homepage. Paul is selling this software and many people dont know if hes lying or if he really sells a software which steals information from other peoples computer.

I deinstalled this software, because I dont want to loose information.

You can download normally this file @ www.lin2rich.com

Is Paul lying here ? (hes the programmer). Or might the virus warning be a fake ? This is really urgent, and I hope someone from AVAST maybe reads this post and can help me or many people out here.


Thank you!

[Wessi]

I have to add the information:

You can only find this SDBot with the "NEWEST" definitions updated ! So this thing is brand new as it looks like.

[Eddy]

1] Please scan that possible infected file with Avast and vps 437-1
2] Please scan that file also on JOTTI and let us know the results.

[Wessi]

I will do in 2 hours when I am at home. What do you personally think Eddy ?

Or u wanna scan and download it ? I am at work and cant. Else I would right now.

To me this doesnt look as a fake.

Can u please explain me what you mean with 1.) ? I will try Jotti, but what do i have to do for your first step and what do you expect ? I have the home edition and everything updated.

[Eddy]

It can be a false positive. Not saying it is at this point. It is just a possibility we are facing. Avast has just released vps 437-1. Make sure you have it at home.

Install the application and scan your system. Set Avast to do a thorough scan and enable archive scanning.
Do not only scan the folder the application is in, since it also may install/extract files in the windows or windows\system(32)\ folder(s).

This scan may take some time, but please do it. Write down the filename(s) and their location(s) if Avast finds anything. Also write down as what is detected exactly.

Take all files that Avast detectes as infected to Jotti. Let Jotti scan them and tell us the results.

Do as I suggested here and when we have the results, we take it from there.

[Wessi]

Just send the file to Jotti.....waiting for a result now.

Update:

LinMate2.exe  
Status:  POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)  
Packers detected:  None
   
AntiVir  No viruses found (1.31 seconds taken)
Avast  No viruses found (3.05 seconds taken)
BitDefender  No viruses found (5.72 seconds taken)
ClamAV  No viruses found (6.04 seconds taken)
F-Prot Antivirus  No viruses found (0.42 seconds taken)
F-Secure Anti-Virus  No viruses found (38.21 seconds taken)
Kaspersky Anti-Virus  No viruses found (42.66 seconds taken)
mks_vir  Win32.4 (probable variant) (1.50 seconds taken)
Norman Virus Control  No viruses found (8.21 seconds taken)

[Eddy]

Looks like this was a false positive which has been solved in the latest vps. I think that if you scan that file at home with Avast and the latest vps, you will find it is clean.

If not, put the file in a password protected zip and send it to virus@avast.com Mention in your mail it likely a false positive and don't forget to mention the password ofcourse.