Results 1 to 6 of 6

Thread: i need help with spyware that only zonealarm finds

  1. #1
    stakerneedshelp Guest

    Default i need help with spyware that only zonealarm finds

    Hello I Need Help With Spy-Ware That Keeps Infecting a Game File On The Game Chuzzle Deluxe V1.01 It Infects The BASS.DLL File Within The Game And ZoneAlarm Seems Too Be The Only Thing That Detects It on My Computer But When It Does It Deletes It And Makes Me Install Chuzzle Again But After A While It Comes Back Again. The Spy-Ware Is Win32.Trojan.Crypt.Xpack.Gen . The BASS.DLL It Infects Is On The Game Bejeweled 2 Aswell And It Doesn't Infect That . They Are Made By PopCap.Com And Are Cd-Rom Games I Bought In A Store I Contacted Them But They Just Said That They Do Not Make Games With Spy-ware I Tried Too See It Was On The Disk And It Said Disk Clean From Spy-Ware I Want To Be Able To Play The Game Without That Spy-Ware Popping Up Can Anyone Help Me?????????????

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    findley Guest

    Default Re: i need help with spyware that only zonealarm finds


    <blockquote><hr>stakerneedshelp wrote:
    Hello I Need Help With Spy-Ware That Keeps Infecting a Game File On The Game Chuzzle Deluxe V1.01 It Infects The BASS.DLL File Within The Game And ZoneAlarm Seems Too Be The Only Thing That Detects It on My Computer But When It Does It Deletes It And Makes Me Install Chuzzle Again But After A While It Comes Back Again. The Spy-Ware Is Win32.Trojan.Crypt.Xpack.Gen . The BASS.DLL It Infects Is On The Game Bejeweled 2 Aswell And It Doesn't Infect That . They Are Made By PopCap.Com And Are Cd-Rom Games I Bought In A Store I Contacted Them But They Just Said That They Do Not Make Games With Spy-ware I Tried Too See It Was On The Disk And It Said Disk Clean From Spy-Ware I Want To Be Able To Play The Game Without That Spy-Ware Popping Up Can Anyone Help Me?????????????

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>stakerneedshelp,
    To find out if this is a false positive upload the file to http://www.virustotal.com/
    If it comes back clean add the file to the
    spyware scanner's exception list
    Findley


    Message Edited by Findley on 02-25-2009 02:23 PM

  3. #3
    naivemelody Guest

    Default Re: Win32.Trojan.Crypt.XPACK.Gen (PopCap)?

    Click here &gt; http://forum.zonealarm.org/zonelabs/...essage.id=5092
    - you can read
    the other posts.<hr>As mentioned - b'bejeweled/ popcap'
    detection; it is fairly common for these types of games to have detections by
    various scanners. If you believe the game won't inflict any serious harm - click and continue to 'ignore always or put in exceptions list'
    ; after you have it scanned by VirusTotal and/ or other scanners.

  4. #4
    stakerneedshelp Guest

    Default results on. bass.dll file scanned by virustotal


    <blockquote><hr>Findley wrote:

    <blockquote><hr>stakerneedshelp wrote:
    Hello I Need Help With Spy-Ware That Keeps Infecting a Game File On The Game Chuzzle Deluxe V1.01 It Infects The BASS.DLL File Within The Game And ZoneAlarm Seems Too Be The Only Thing That Detects It on My Computer But When It Does It Deletes It And Makes Me Install Chuzzle Again But After A While It Comes Back Again. The Spy-Ware Is Win32.Trojan.Crypt.Xpack.Gen . The BASS.DLL It Infects Is On The Game Bejeweled 2 Aswell And It Doesn't Infect That . They Are Made By PopCap.Com And Are Cd-Rom Games I Bought In A Store I Contacted Them But They Just Said That They Do Not Make Games With Spy-ware I Tried Too See It Was On The Disk And It Said Disk Clean From Spy-Ware I Want To Be Able To Play The Game Without That Spy-Ware Popping Up Can Anyone Help Me?????????????

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Internet Security Suite

    <hr></blockquote>stakerneedshelp,
    To find out if this is a false positive upload the file to http://www.virustotal.com/
    If it comes back clean add the file to the
    spyware scanner's exception list
    Findley


    Message Edited by Findley on 02-25-2009 02:23 PM
    <hr></blockquote>
    File bass.dll received on 02.26.2009 08:33:36 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
    Result: 2/39 (5.13%)
    Loading server information...
    Your file is queued in position: ___.
    Estimated start time is between ___ and ___ .
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Compact
    Print results Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click &quot;request&quot; so the system sends you a notification when the scan is finished.
    Email:

    Antivirus Version Last Update Result
    a-squared 4.0.0.93 2009.02.26 -
    AhnLab-V3 2009.2.26.0 2009.02.25 -
    AntiVir 7.9.0.88 2009.02.26 -
    Authentium 5.1.0.4 2009.02.25 -
    **bleep** 4.8.1335.0 2009.02.25 -
    AVG 8.0.0.237 2009.02.25 -
    **bleep** 7.2 2009.02.26 -
    CAT-QuickHeal 10.00 2009.02.26 -
    ClamAV 0.94.1 2009.02.25 -
    **bleep** 983 2009.02.20 -
    DrWeb 4.44.0.09170 2009.02.26 -
    eSafe 7.0.17.0 2009.02.25 Suspicious File
    eTrust-Vet 31.6.6375 2009.02.26 -
    F-Prot 4.4.4.56 2009.02.25 -
    F-Secure 8.0.14470.0 2009.02.26 -
    Fortinet 3.117.0.0 2009.02.26 -
    GData 19 2009.02.26 -
    Ikarus T3.1.1.45.0 2009.02.26 -
    K7AntiVirus 7.10.647 2009.02.25 -
    Kaspersky 7.0.0.125 2009.02.26 -
    McAfee 5536 2009.02.25 -
    McAfee+Artemis 5536 2009.02.25 -
    Microsoft 1.4306 2009.02.26 -
    NOD32 3890 2009.02.26 -
    Norman 6.00.06 2009.02.25 -
    nProtect 2009.1.8.0 2009.02.26 -
    Panda 10.0.0.10 2009.02.26 -
    PCTools 4.4.2.0 2009.02.25 -
    Prevx1 V2 2009.02.26 -
    Rising 21.18.30.00 2009.02.26 -
    SecureWeb-Gateway 6.0.0 2009.02.26 -
    Sophos 4.39.0 2009.02.26 -
    **bleep** 3.2.1858.2 2009.02.25 VIPRE.Suspicious
    Symantec 10 2009.02.26 -
    TheHacker 6.3.2.5.265 2009.02.25 -
    TrendMicro 8.700.0.1004 2009.02.26 -
    VBA32 3.12.10.0 2009.02.26 -
    ViRobot 2009.2.26.1624 2009.02.26 -
    VirusBuster 4.5.11.0 2009.02.25 -
    Additional information
    File size: 97336 bytes
    MD5...: fd5ec122f4dd201b3c3ef19e3058af81
    SHA1..: fe3f8da858846e4350ee9734da2e629760563db4
    SHA256: 11075ca0a1a3064bd971a3faa38565952441f90ed198aa624e c2ce0aab7d4b62
    SHA512: 62656626e9635c7061e713868c1dcc4bdbaa17819e7676cb1d 099c4d5a782657
    1d6b5f286af218f6251a804fcf3fa0aba2f7ebccb564262237 32d55faec8efd7
    ssdeep: 1536:cRH+iz7qF8l6UTBLZbGI6gINvhln7M/iH34IUP/3lJwOPFqU:cRH+iGUT3y
    Nvhln1LU32U
    PEiD..: Petite v1.4
    TrID..: File type identification
    Win32 Dynamic Link Library (generic) (55.7%)
    Clipper DOS Executable (14.8%)
    Generic Win/DOS Executable (14.7%)
    DOS Executable Generic (14.6%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x10059043
    timedatestamp.....: 0x40ace9e1 (Thu May 20 17:24:49 2004)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    0x1000 0x55000 0x16800 7.99 b787a0dc386b94ccec227d7293c7180c
    .rsrc 0x56000 0x1000 0x238 3.05 8c5edfaa61e905aee56b193100bf78df
    0x57000 0x2000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    0x59000 0xf3e 0x1000 5.59 557d694560ef38fbdb3b2da070222a11

    ( 6 imports )
    &gt; WINMM.dll: mixerOpen
    &gt; MSACM32.dll: acmStreamSize
    &gt; KERNEL32.dll: ExitProcess, LoadLibraryA, GetProcAddress, VirtualProtect, GlobalAlloc, GlobalFree
    &gt; USER32.dll: MessageBoxA, wsprintfA
    &gt; ole32.dll: CoInitialize
    &gt; MSVCRT.dll: -

    ( 101 exports )
    BASS_Apply3D, BASS_ChannelBytes2Seconds, BASS_ChannelGet3DAttributes, BASS_ChannelGet3DPosition, BASS_ChannelGetAttributes, BASS_ChannelGetData, BASS_ChannelGetDevice, BASS_ChannelGetEAXMix, BASS_ChannelGetInfo, BASS_ChannelGetLevel, BASS_ChannelGetPosition, BASS_ChannelIsActive, BASS_ChannelIsSliding, BASS_ChannelPause, BASS_ChannelRemoveDSP, BASS_ChannelRemoveFX, BASS_ChannelRemoveLink, BASS_ChannelRemoveSync, BASS_ChannelResume, BASS_ChannelSeconds2Bytes, BASS_ChannelSet3DAttributes, BASS_ChannelSet3DPosition, BASS_ChannelSetAttributes, BASS_ChannelSetDSP, BASS_ChannelSetEAXMix, BASS_ChannelSetFX, BASS_ChannelSetLink, BASS_ChannelSetPosition, BASS_ChannelSetSync, BASS_ChannelSlideAttributes, BASS_ChannelStop, BASS_ErrorGetCode, BASS_FXGetParameters, BASS_FXSetParameters, BASS_Free, BASS_Get3DFactors, BASS_Get3DPosition, BASS_GetCPU, BASS_GetConfig, BASS_GetDSoundObject, BASS_GetDevice, BASS_GetDeviceDescription, BASS_GetEAXParameters, BASS_GetInfo, BASS_GetVersion, BASS_GetVolume, BASS_Init, BASS_MusicFree, BASS_MusicGetLength, BASS_MusicGetName, BASS_MusicGetVolume, BASS_MusicLoad, BASS_MusicPlay, BASS_MusicPlayEx, BASS_MusicPreBuf, BASS_MusicSetAmplify, BASS_MusicSetPanSep, BASS_MusicSetPositionScaler, BASS_MusicSetVolume, BASS_Pause, BASS_RecordFree, BASS_RecordGetDevice, BASS_RecordGetDeviceDescription, BASS_RecordGetInfo, BASS_RecordGetInput, BASS_RecordGetInputName, BASS_RecordInit, BASS_RecordSetDevice, BASS_RecordSetInput, BASS_RecordStart, BASS_SampleCreate, BASS_SampleCreateDone, BASS_SampleFree, BASS_SampleGetInfo, BASS_SampleLoad, BASS_SamplePlay, BASS_SamplePlay3D, BASS_SamplePlay3DEx, BASS_SamplePlayEx, BASS_SampleSetInfo, BASS_SampleStop, BASS_Set3DFactors, BASS_Set3DPosition, BASS_SetConfig, BASS_SetDevice, BASS_SetEAXParameters, BASS_SetVolume, BASS_Start, BASS_Stop, BASS_StreamCreate, BASS_StreamCreateFile, BASS_StreamCreateFileUser, BASS_StreamCreateURL, BASS_StreamFree, BASS_StreamGetFilePosition, BASS_StreamGetLength, BASS_StreamGetTags, BASS_StreamPlay, BASS_StreamPreBuf, BASS_Update, _
    CWSandbox info: http://research.**bleep**-software.c...3ef19e3058af81

    ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

  5. #5
    findley Guest

    Default Re: results on. bass.dll file scanned by virustotal

    stakerneedshelp,
    This is your call on how you want to handle:
    .Ignore, add to exceptions or delete.Scanners classify this as adware/malware.

    Interesting
    read
    about popcap games http://www.malwarebytes.org/forums/i...showtopic=9506
    Findley

  6. #6
    garywa Guest

    Default Re: Win32.Trojan.Crypt.XPACK.Gen (PopCap)?

    I too, have several PopCap games installed on my PCs.
    They are either retail boxed CD purchases or purchased and downloaded from their website.
    I have not used any of their online games.
    Like you, ZA detected the same malware on my systems.
    As NaiveMelody and others have already stated, its up to you to decide.
    Searching the web is frustrating because there is no definitive answer.
    All I can tell you is these games were on my systems long before ZA started to detect them and caused me no problems.
    So when the detections first started showing up, I did a little investigating and finally decided to &quot;Allow Always.&quot;
    I've had no problem.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •