The file was just uploaded and the ID number is 6423034.
Just got the report. Of course , it said the file was infected with the trojan. Still makes no sense that a file on a commercial CD (read only) purchased 6+ years ago is found to be infected with a just discovered trojan. The game has been on my system (purchased in 11/05) all along.
Has anything been determined as to why this is happening?
I will flag this off to some one from the labs to take a look at it.
In the meantime you could reply to the automated mail refuting the automated detection ( this should trip the detection to researcher by default)
Could you able to attach the samples here, so that i can just make a try on it.
I just anlayzed the binary which you have attached. It need some dependency to anlayze dynamically so i did static analysis to the best of my knowledge.Actually the binary will try to connect with follwing servers below
when i google it about the above servers and i found that they are only the game servers and not malicious.
so that is the reason they are flagging it is a malware.I think it is a false positive and has to be fixed.
Thank you for tracking down the problem! I knew it had to be a false positive since the CD is read only and has not even been in used in 5 years (since the game was installed). Please let me know when the problem is fixed.
Propably you have to follow these gudelines below to for report false positive.
If you have followed then we have to wait till Vinod help us.