Sign in to follow this  
spellborn-user

The Chronicles of Spellborn - Virus/Trojan

Recommended Posts

Hi

Im currently playing this free2play game called The Chronicles of Spellborn. Today i updated to Windows 7 64bit Ulti., after that i scanned with a updated asquared all hard drives.

Here is the text-log:

a-squared Free - Version 4.5

Last update: N/A

Scan settings:

Scan type: N/A

Objects: E:\The Chronicles of Spellborn

Scan archives: On

Heuristics: Off

ADS Scan: On

Scan start: 10/23/2009 8:44:05 PM

E:\The Chronicles of Spellborn\bin\client\Core.dll detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\bin\client\Engine.dll detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\bin\client\SBBase.dll detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\bin\client\SBGame.dll detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\bin\client\SBPacket.dll detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\bin\client\Sb_client.exe detected: Trojan-Downloader.Win32.Adload!IK

E:\The Chronicles of Spellborn\_patch\1.0.5.1_to_1.0.5.2.exe_ detected: Trojan.Win32.Pasta!IK

Scanned

Files: 1145

Traces: 0

Cookies: 0

Processes: 0

Found

Files: 7

Traces: 0

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 10/23/2009 8:51:21 PM

Scan time: 0:07:16

Here the image, http://pict.com/view/1825638/0/spellbornvirus

I talked with the support at acclaim about this, the guy at the online chat said i should ask the support directly[acclaim], which i did[while under Vista64bit] but until today i didnt get any information from them.

Under Vista64bit i had similar results, well only the patch.exe was detected by as2. Can someone pls confirm this as fp or threat ? The Game was/can be download thr. the mini client offered by acclaims Spellborn game site.

[3 for install. tcos_us_1.0.3.1_setup, tcos_us_1.0.3.1_setup-1a, tcos_us_1.0.3.1_setup-1b]

System

Dual Core AMD

3850HD

2Gb Ram

Thank you in advance[sfme] ;)

Share this post


Link to post
Share on other sites

Hi spellborn-user, and welcome to the forum

1) Please read Posting Rules and provide information as in # 2) about your system

2) Have a look at this thread . There are advices/references regarding submission of the flagged items and investigating.

Can someone pls confirm this as fp or threat ?

Nobody can confirm that without analyzing the code that resides on you computer.

If you are suspecting FPs you have to send items to the developers of the Software vendor that produce flaggings (a-squared in this case).

My regards

Share this post


Link to post
Share on other sites

Here as requested my system specs and add. software i use:

Avira AntiVirus Free Edition 9.xx

Spywareblaster and

Asquared 2 Free Edition 4.5

Windows 7 Build-in Firewall+W7 Firewall Control 3.0

OS: now Windows 7 Ultimae 64bit

OS: before Vista Ultimate 64bit with same add. software

System specs:

CPU Type DualCore AMD Athlon 64 X2, 2600 MHz (10 x 260) 5000+ [Toledo]

Motherboard MSI K8N Neo4-FI/Platinum (MS-7125)

Motherboard Chipset nVIDIA nForce4 Ultra, AMD Hammer

DIMM1: Kingston K 512 MB PC3200 DDR SDRAM (2.5-3-3-8 @ 200 MHz) (2.0-3-3-7 @ 166 MHz)

DIMM2: Corsair XMS CMX512-3200LL 512 MB PC3200 DDR SDRAM (2.0-3-2-6 @ 200 MHz)

DIMM3: Kingston K 512 MB PC3200 DDR SDRAM (2.5-3-3-8 @ 200 MHz) (2.0-3-3-7 @ 166 MHz)

DIMM4: Corsair XMS CMX512-3200LL 512 MB PC3200 DDR SDRAM (2.0-3-2-6 @ 200 MHz)

Video Adapter ATI Radeon HD 3800 Series (256 MB)

Audio Adapter ATI Radeon HDMI @ ATI Radeon HD 38xx - High Definition Audio Controller

Audio Adapter Realtek ALC850 @ nVIDIA nForce4 (CK8-04) - Audio Codec Interface

IDE Controller NVIDIA nForce Serial ATA Controller

Annex:

OS Name Microsoft Windows Windows 7 Ultimate

OS Service Pack - None

Winlogon Shell explorer.exe

User Account Control (UAC) Enabled

System Restore Enabled

Data Execution Prevention (DEP, NX, EDB)

Supported by Operating System Yes

Supported by CPU Yes

Active (To Protect Applications) Yes

Active (To Protect Drivers) Yes

DMI BIOS Vendor Phoenix Technologies, LTD, DMI BIOS Version 6.00 PG

Auto start apps. :

Application Description Start From Application Command

amd_dc_opt Registry\Common\Run C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

avgnt Registry\Common\Run C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min

Eraser Registry\User\Run C:\Program Files\Eraser\eraser.exe -hide

GoodSync Registry\User\Run C:\Program Files\Siber Systems\GoodSync\GoodSync.exe /min

Ralink Wireless Utility StartMenu\Common C:\Program Files (x86)\RALINK\Common\RaUI.exe -s

StartCCC Registry\Common\Run C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun

uTorrent Registry\User\Run C:\Program Files (x86)\uTorrent\uTorrent.exe

Windows7FirewallControl Registry\Common\Run C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe

About the files, well i could start uploading the whole folder. The problem is, the folder size is about 9Gb big and with my inet conn. of 20kb/s per sec[upload], that would take some days. Even the patch folder is about 1gb;

:(

As it was advised, please submit the items from the detection list.

- Select the item(s);

- Right-Click;

- Choose "Submit as false alert" from pop-up menu

Thank you.

€: im uploading a fp.

Share this post


Link to post
Share on other sites
... i could start uploading the whole folder. The problem is, the folder size is about 9Gb big... Even the patch folder is about 1gb; ...

Hi spellborn-user

Thanks for the info about the system. That's even more that enough and needed at this stage ;)

As for the "folders", you will submit the files flagged. They may not be as big (you know better)

Sure, if the file 1.0.5.1_to_1.0.5.2.exe_ inside the \_patch\ folder is a

"whole game packed & patched " as 1GB that could be problematic indeed.

In this case developers will advise. But first thing first.

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.