Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assistance.


  • Please log in to reply
8 replies to this topic

#1 carhinge18

carhinge18

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 15 April 2013 - 03:05 PM

Can someone get this out for me and let me know what you think of it.

 

https://www.virustotal.com/pl/file/d7aeba2b8ee95590d9f0bc039fe0f12e8b6b46acefb591d216744869bc63164c/analysis/



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:52 PM

Posted 15 April 2013 - 06:49 PM

Could be false positive.

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    :filefind
    RSUpdate.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Edited by Broni, 18 April 2013 - 04:02 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 carhinge18

carhinge18
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 18 April 2013 - 12:20 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:19 on 18/04/2013 by Travis
Administrator - Elevation successful

Invalid Context: filefindRSUpdate.exe

-= EOF =-

 

 

Edit: I have scanned my Computer using Malwarebytes and SuperAntiSpyware and MSE

However using Virus Total or AVG it gives it says its a virus/possible keylogger?


Edited by carhinge18, 18 April 2013 - 12:21 PM.


#4 carhinge18

carhinge18
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 18 April 2013 - 12:28 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:24 on 18/04/2013 by Travis
Administrator - Elevation successful

========== filefind ==========

Searching for "DeadZlauncher.exe"
C:\Users\Travis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHWL0NYW\DeadZlauncher.exe    --a---- 8395264 bytes    [16:38 14/04/2013]    [16:38 14/04/2013] 704832F27B8193C09B6CCA05C7E836E7
C:\Users\Travis\Desktop\DeadZ\DeadZlauncher.exe    --a---- 8395264 bytes    [16:39 14/04/2013]    [16:39 14/04/2013] 704832F27B8193C09B6CCA05C7E836E7

-= EOF =-

 

 

Note: DeadZlauncher.exe is the same file from VirusTotal called RSupdate.exe (Once you scan using VirusTotal)


Edited by carhinge18, 18 April 2013 - 12:30 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:52 PM

Posted 18 April 2013 - 04:03 PM

Re-run System Look with this code:

:file
C:\Users\Travis\Desktop\DeadZ\DeadZlauncher.exe

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 carhinge18

carhinge18
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 18 April 2013 - 04:45 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:44 on 18/04/2013 by Travis
Administrator - Elevation successful

========== file ==========

C:\Users\Travis\Desktop\DeadZ\DeadZlauncher.exe - File found and opened.
MD5: 704832F27B8193C09B6CCA05C7E836E7
Created at 16:39 on 14/04/2013
Modified at 16:39 on 14/04/2013
Size: 8395264 bytes
Attributes: --a----
FileDescription: DeadZ Launcher
FileVersion: 1.0.0.1
ProductVersion: 1.0.0.1
OriginalFilename: RSUpdate.exe
InternalName: RSUpdate.exe
ProductName: DeadZ Launcher
CompanyName: 4playfun Entertainment Group
LegalCopyright: © 4playfun Entertainment Group.  All rights reserved.
Comments: http://thewarz.com/

-= EOF =-

 

Note: This is a Private Server for The War Z and was told they use Safe Guard or something like that to encrypte the file

 

Added Link for where the file came from:

 

http://forum.ragezone.com/f794/first-public-server-warz-built-924317/


Edited by carhinge18, 18 April 2013 - 04:50 PM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:52 PM

Posted 18 April 2013 - 04:48 PM

It looks like perfectly legit file to me.

Is it being flagged by your AV program?

If so which one?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 carhinge18

carhinge18
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 18 April 2013 - 04:51 PM

It gets Flagged with AVG and VirusTotal scans and we were told they encrypte the file with safe guard or something like that

 

I just hope its not a keylogger since its a Private server for The war z.



#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:52 PM

Posted 18 April 2013 - 05:03 PM

I suggest you post at AVG forum.

Attach your file and see what they say.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users