Forum

ASSIST, AMERICA'S ARMY COMMUNITY - RELIVE THE GLORY DAYS OF AMERICA'S ARMY 2.5

Author Topic: 25Assist v7.32 - AVG Detection  (Read 14072 times)

0 Members and 1 Guest are viewing this topic.

Offline OICURMT2!

25Assist v7.32 - AVG Detection
« on: Sunday, July 14, 2013, 04:20:01 AM »

25Assist v7.32 - AVG Threat Detection.

Screenshot enclosed.


--
Oh, I See You Are Empty Too !

Offline Possessed

  • bWpnRecoil == False;
  • Administrator
  • Epic Poster
  • *
  • Posts: 3,620
  • You suffer, but why?!
    • View Profile
  • AA: Possessed
Re: 25Assist v7.32 - AVG Detection
« Reply #1 on: Sunday, July 14, 2013, 04:34:31 AM »
These things I have spoken unto you, that in me ye might have peace. In the world ye shall have tribulation: but be of good cheer; I have overcome the world.
John 16:33


Offline OICURMT2!

Re: 25Assist v7.32 - AVG Detection
« Reply #2 on: Sunday, July 14, 2013, 04:44:44 AM »
Interesting v7.31 didn't do this...

v7.32 spawns an executable in the 25Assist (under roaming) area and then tries to execute it...

I'll check for Malware, I'm very careful about running software/programs.

OIC!
--
Oh, I See You Are Empty Too !

Offline OICURMT2!

Re: 25Assist v7.32 - AVG Detection
« Reply #3 on: Sunday, July 14, 2013, 04:57:06 AM »
I don't think it has to do with assist, but: http://www.bleepingcomputer.com/forums/t/176761/virus-found-win32cryptor/

The plot thickens... Malwarebyte detected nothing...  and we have another Aussie player who is in the same situation.

What is interesting is that the executable that 25Assist creates differs in name every time.  It is only created when you click on "Join Server".

I've never been able to use 25Assist to update, so I generally download the zipfile via a mirror.  I'll try a different mirror to see if the malware was put in the zipfile at the mirror repo.

OIC!
--
Oh, I See You Are Empty Too !

Offline Mixk

Re: 25Assist v7.32 - AVG Detection
« Reply #4 on: Sunday, July 14, 2013, 05:01:13 AM »
Avast also says there is problem for me when I let assist update. I just told Avast to ignore it for now.
I won't be wronged. I won't be insulted. I won't be laid a-hand on. I don't do these things to other people, and I require the same from them.

Offline Possessed

  • bWpnRecoil == False;
  • Administrator
  • Epic Poster
  • *
  • Posts: 3,620
  • You suffer, but why?!
    • View Profile
  • AA: Possessed
Re: 25Assist v7.32 - AVG Detection
« Reply #5 on: Sunday, July 14, 2013, 05:02:45 AM »
hmm
I packed my 25Assist.exe and uploaded the file to Jotti
http://virusscan.jotti.org/pt-br/scanresult/1290ab3ba4f4379cb456755c43544b8fed0a70b0
« Last Edit: Sunday, July 14, 2013, 05:04:39 AM by Possessed »
These things I have spoken unto you, that in me ye might have peace. In the world ye shall have tribulation: but be of good cheer; I have overcome the world.
John 16:33


Offline IGC Wolf^

  • Full Member
  • ***
  • Posts: 208
  • Banned
    • View Profile
    • ...
  • AA: Banned
Re: 25Assist v7.32 - AVG Detection
« Reply #6 on: Sunday, July 14, 2013, 05:06:32 AM »
i use avg too but didn't have any issues, no threats found on the latest update or any update at all.

Offline Rob_LD

Re: 25Assist v7.32 - AVG Detection
« Reply #7 on: Sunday, July 14, 2013, 05:09:51 AM »
@OICURMT2!

You should quarantine the file and send it over to the lab for review.
It maybe a false positive.

For more information see:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=395
or
http://samplesubmit.avg.com/de-de/false-detection



You might as well send it to me to have it checked:
newmal (at) arcor (dot) de


@Possessed
Already done:
https://www.virustotal.com/de/file/b92071cb71ea66aac39a428ab83810145aa3d907d1482a66c13fcbfec6c166cb/analysis/
« Last Edit: Sunday, July 14, 2013, 05:11:24 AM by Rob_LD »

Offline OICURMT2!

Re: 25Assist v7.32 - AVG Detection
« Reply #8 on: Sunday, July 14, 2013, 05:21:29 AM »
@OICURMT2!

You should quarantine the file and send it over to the lab for review.
It maybe a false positive.

For more information see:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=395
or
http://samplesubmit.avg.com/de-de/false-detection



You might as well send it to me to have it checked:
newmal (at) arcor (dot) de


@Possessed
Already done:
https://www.virustotal.com/de/file/b92071cb71ea66aac39a428ab83810145aa3d907d1482a66c13fcbfec6c166cb/analysis/

I've never known 25Assist to spawn randomly named executables.  Therefore, I have to conclude that either 25Assist was infected when zipped up or that somehow I have acquired malware.  I highly doubt if it is a false positive on a randomly named spawned exe file.

Looks like I'm in for the long haul to track this problem down...
--
Oh, I See You Are Empty Too !

Offline Possessed

  • bWpnRecoil == False;
  • Administrator
  • Epic Poster
  • *
  • Posts: 3,620
  • You suffer, but why?!
    • View Profile
  • AA: Possessed
Re: 25Assist v7.32 - AVG Detection
« Reply #9 on: Sunday, July 14, 2013, 05:21:35 AM »
http://virusscan.jotti.org/pt-br/scanresult/cba6194006ba06f2559ea5225540b31f6309cafd
must be false a  positive, win 32 crypto is in the family http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sefnit for other AV's, only 2 have triggered it and I checked for possible left dlls etc etc, found nothing,I checked msconfig and it has no new entries.
« Last Edit: Sunday, July 14, 2013, 05:31:21 AM by Possessed »
These things I have spoken unto you, that in me ye might have peace. In the world ye shall have tribulation: but be of good cheer; I have overcome the world.
John 16:33


Offline OICURMT2!

Re: 25Assist v7.32 - AVG Detection
« Reply #10 on: Sunday, July 14, 2013, 05:22:30 AM »
Avast also says there is problem for me when I let assist update. I just told Avast to ignore it for now.

Now there's a person willing to take a chance... lol
--
Oh, I See You Are Empty Too !

Offline Rob_LD

Re: 25Assist v7.32 - AVG Detection
« Reply #11 on: Sunday, July 14, 2013, 05:33:38 AM »
@OICURMT2!

Quote
I've never known 25Assist to spawn randomly named executables.
It's not a randomly named file but the mutex of 25Asssist.exe.

While 25Assist.exe is the hard disk file, "vfcnp2v0.exe" is loaded to memory.

Offline OICURMT2!

Re: 25Assist v7.32 - AVG Detection
« Reply #12 on: Sunday, July 14, 2013, 05:34:24 AM »
http://virusscan.jotti.org/pt-br/scanresult/cba6194006ba06f2559ea5225540b31f6309cafd
must be false a  positive, win 32 crypto is in the family http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sefnit for other AV's, only 2 have triggered it and I checked for possible left dlls etc etc, found nothing,I checked msconfig and it has no new entries.

Your first link... does 25Assist spawn a randomly named executable? (gReUUMjG.exe  in this case)...
--
Oh, I See You Are Empty Too !

Offline Speedluke

  • Jr. Member
  • **
  • Posts: 9
    • View Profile
Re: 25Assist v7.32 - AVG Detection
« Reply #13 on: Sunday, July 14, 2013, 05:35:40 AM »
I have the same problem..Virus was found by AVG 2013.The name of virus is Win32/cryptor.I tried to check my aa pack by http://virusscan.jotti.org/en but it did not find anything.The virus is always opened by pressing "Join Game".

JonnyM

  • Guest
Re: 25Assist v7.32 - AVG Detection
« Reply #14 on: Sunday, July 14, 2013, 05:36:52 AM »
Don't worry guys, that exe spawns everytime with a different file name to stop people tampering with it and preventing assist getting your hardware ID. Its about making life more difficult for hackers and thats always a good thing, shame its cauing false detections though.

 

Download Assist

×

Download Game Client

Important: Battletracker no longer exists. However, old Battletracker accounts may still work. You can create a new 25Assist account here

Download Server Manager