Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojans from 2 game executables?


  • Please log in to reply
5 replies to this topic

#1 DisillusionedShade

DisillusionedShade

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 04 September 2016 - 05:28 PM

Hi, my antimalware emsisoft quarantined the following 2 files whilst executing them:

Dark Reign - Original Game.exe
https://www.virustotal.com/en/file/966c94b84a92c12aa143d912f0e75217208839590b53647496ea70f9ab820277/analysis/1473026770/

Dark Reign - Expansion.exe
https://www.virustotal.com/en/file/0729d9d8225477291cd0ef94d07a1e9fc14ea42a33c0999732d6949b0fe5f428/analysis/1473026778/

The game in question is this: https://www.gog.com/game/dark_reign_expansion
It possibly emulates the behavior of  Trojan.KillProc.36323

I was wondering if a legitimate software from GOG can be malicious?



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 04 September 2016 - 06:59 PM

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

http://ccm.net/download/download-24750-zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 DisillusionedShade

DisillusionedShade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 04 September 2016 - 10:12 PM

No threats detected from all scans.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 05 September 2016 - 03:33 AM

logs?



#5 DisillusionedShade

DisillusionedShade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 06 September 2016 - 11:10 AM

# AdwCleaner v6.010 - Logfile created  at
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-03.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : UserX - UserX
# Running from : adwcleaner_6.010.exe
# Mode: Scan
# Support :



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1154 Bytes] - [04/09/2016 18:43:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [1227 Bytes] - [04/09/2016 19:02:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [1300 Bytes] - [04/09/2016 19:11:17]
C:\AdwCleaner\AdwCleaner[S3].txt - [1221 Bytes] - [05/09/2016 10:21:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1294 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by UserX (Administrator) on  at
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\Users\UserX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\UserX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\UserX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKWW8ZTX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKWW8ZTX (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/09/2016 at 10:23:20.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time:
OS: Windows 7 Home Premium - x64 Bit
Account Name: UserX
Adware Definition: 09022016
Elapsed time: 07:37
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\


No results found


I reformatted my laptop, so couldn't get the ZHP & Zemana logs


Edited by DisillusionedShade, 06 September 2016 - 11:12 AM.


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:55 AM

Posted 06 September 2016 - 01:05 PM

Ok, Thanks for letting us know your reformatted.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users