I would be interested to know the particular source and details of this file:
torrents, private FTP, usenet, DDL, etc.
From a public file sharing site, not from a usual site. I won't give the link out for safety, but it was not from:
- Rapid share
- File dropper
- Mega upload
Now, I have not looked further as I will be doing server things today. It might be rooted in multiple places.
was its title name spoofed?
eg; was it labeled with some well known release group's titleling format (like using Razor1911 in the filename to convince people its legit?)
or on usenet, using the poster handle yenc, posting a.b.mom, or a.b.worms or a.b.u4all
people who do this piss me off immensely.
Not a faked author, there was no group related to this file.
I believed since it was an exe file, it was an self extracting archive. However the file size made me think twice, as it was under 1Gb, and most games are quite large these days.
I typically just use 3 virus scanners (I run windows, inb4 someone comes down on me for not using linux), followed by a supplement with Jotti, Virscan, and a few other muli-scanners based online.
typically the only things that come up dirty are keygens and that is mostly because security companies have usually just assigned ALL keygens to the category of "malware" even though they may be clean.
i assume a benign purpose behind this: I seriously doubt there is collusion between the game/software developers and the security companies, but rather its just easier to say that ALL keygens are malware since its a good chance they are (given the fact that 99% of people are going to download it from a suspect source without good background checks anyway).
I believe there is no connection to anything really, just an independent author used a kit, compiled it, changed the name and shipped it off. The file is packaged claiming to give a copy of a leaked closed beta game. There would be no keygen for this product, it just entices the user to run it.
On the Anti Virus subject, here's a scan:http://www.virustotal.com/file-scan/report.html?id=87a2f697ec54e72bc9aae6ad5206900f44ebd6c36dbe6a8ed224ff014ee15494-1322931296
It was already scanned before, not surprised. However, they are all giving generic (a.k.a heuristic) responses to it. Many users would just blow this off.
Thanks for the info.
No probs. I like to keep people informed.