Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > General Computer Support

Reply
 
Thread Tools Display Modes
Old 13. Apr 2015, 07:53 PM   #1 (permalink)
Member
 
Join Date: Jun 2008
Posts: 1
Cool Saurbraten Virus found

When attempting to run the free 1st person shooter, Saurbraten, my 360 Total Security software identified and quarantined a Trojan file: DriverSupport.exe. Trojan(Heur/QVM42.0.MalwareGen.
BearsPaw is offline   Reply With Quote
Old 14. Apr 2015, 04:58 PM   #2 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,481
Default

Dunno what 1st person shooter is - is it a game? It could be a false positive. If 360 has quarantined the file it's safe where it is, you can restore it if you think it's a FP. Then re-scan your system with MBAM, HitManPro. See if they detect it.

It's not uncommon for 360 to throw up false positives. But it won't delete the file, it'll keep it in quarantine until you decide what to do with it. If you're not sure, and everything is working ok with your machine then just leave it where it is - quarantined.
deya is offline   Reply With Quote
Old 15. Apr 2015, 03:16 PM   #3 (permalink)
Senior Member
 
Join Date: May 2010
Posts: 549
Default

It wouldn't surprise me at all if it was reporting correctly, so you do need to check it carefully.

Being cross platform, and using low level commands, it is possible that it IS a false positive, but again it needs further checking.
Personally, I would try to check a copy from another source and see if that also shows the Trojan.
Burn-IT is online now   Reply With Quote
Old 16. Apr 2015, 01:04 AM   #4 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

This is a heuristic (hence "heur") detection so it is a "looks like" or "maybe" risk as opposed to being a direct "hit". That said, Qihoo use the same tag for other sources that are also flagged by other vendors.

https://www.virustotal.com/en/file/5...2d2e/analysis/

This looks like it could be a wrapped installer component. It depends on where you got the download from as to how likely this is.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 16. Apr 2015, 06:34 PM   #5 (permalink)
Senior Member
 
deya's Avatar
 
Join Date: Oct 2009
Location: UK
Posts: 1,481
Default

Funnily enough, same thing happened for me this afternoon. Downloaded a file, scanned it with 360 which flagged and quarantined it - Trojan.Generic: HEUR/QVM10.1.Malware.Gen

The file is citriosetup.exe - a Web browser. Bit of a search and came up with this;

http://www.herdprotect.com/citrioset...5163f7a2c.aspx

I'd downloaded the file directly from the Citrio site. So went and downloaded the offline installer from Softpedia, scanned it with 360, HMP and MBAM. Clean. Uploaded it to VirusTotal and got this;

https://www.virustotal.com/en/file/3...is/1429199341/

Then another search and this;

https://www.virustotal.com/en/file/b...f9cd/analysis/

Clouds the water a bit, doesn't it? There's no way I was going to install the browser after the initial detection, but tried a different source just out of curiosity, and with this thread in mind.

I attempted to restore the quarantined file, overrode the warning and restored it to the desktop but 360 flagged it again, immediately, so straight back in quarantine it went where it's safe. I'll delete it later.
deya is offline   Reply With Quote
Old 17. Apr 2015, 08:19 AM   #6 (permalink)
Editor
 
George.J's Avatar
 
Join Date: Oct 2010
Posts: 1,927
Default

This is very strange. I download the Windows installer from the official website. I didnt get any alarms during install or while playing. Did you download it from the same place?

I've 360 Total Security Essentials installed with Avira engine enabled. If you have BitDefender engine enabled I suggest you to switch to Avira. Although in this case from your first post, I can see that it's the QVM2 AI engine that caught the malware, which is one of the 5 engines in 360 Total Security, and I've enabled it too but no detection.

Sourceforge is known to bundle adware, however the download I got was direct.
__________________
If you seek for attention, do common things in life in an uncommon way!
George.J is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 01:58 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.