1 of 1 people found this helpful
I moved this to Malware Discussion > Home User Assistance and removed that attachment as it's against forums rules to post samples. Please read this as it may help: https://community.mcafee.com/thread/2016
What do you mean by moving this to Malware Discussion , i don't inderstand , are you going to test it or not !?
And please give me more details i need to play the game its been 48 hrs now and i cant play it yet . what shall i do ? and are you going to test it or not !? and where is the Mlaware discussion and what is it ?
ok sorry i found the malware discussion , i didn't know that i have to post it their my mistake , i will copy and paste this message their and thanks for guiding me .
Samples are not tested through these forums nor should they be posted here. The link I posted explains what you can do. These things take time.
I moved the thread to a different section of the forums simply because that's where these discussions belong.
That was purely for internal reasons.
OK just have the one discussion going. I locked the other one. I had already moved your original discussion.
So ... you have a game which won't work because an important file is missing. I won't ask why you didn't go to the game manufacturer or to the retailer who provided you with the game to get a refund or a replacement or at the very least an authorised copy of the missing file.
Instead .... you grabbed a file from some random place on the internet which was claimed to be a copy of the missing game file and you're surprised and indignant because McAfee (and many other anti-virus vendors) immediately detect that file as malicious and quarantine it.
Perhaps, you know, the file really is malicious. There was another user with that same problem, that same file, who asked here how to get around the quarantining. Later he came back to say that his system was massively infected with malware and he'd spent a week with Malwarebytes tech support trying to get it sorted out. Go read.
I checked out that file. Chrome allowed the download of the zip file, presumably because it doesn't unpack compressed files. When I unpacked it McAfee immediately quarantined the .exe and identified it as a "Generic Packed (Trojan)".
So I downloaded again, turned off RTS, unpacked, sent the file off to VirusTotal for checking. Out of 50 analysis tools 19 reported the file as malicious. Anything over 4 or 5 in a VirusTotal report rings alarm bells. See it here -
The Microsoft definition of this is "VirTool:Win32/Obfuscator.XZ " and the entry below says :
Malware can be obfuscated with a tool that uses a hacked license. This means non-malicious programs that use the hacked license can also be detected. If this happens you should contact support at the company that provides the non-malicious program and ask for a version that doesn't use the hacked license.
Except you can't do that because you got the file off Mediafire, where someone had posted it. Well, we both found the person who posted it - I saw your addition to the comments. In his blog entry he specifically says
make sure to exclude it from antivirus scans or add it as an exception.
He gives three reasons for problems with cryea.dll and antivirus programs, but there's another one he leaves out.