Jump to content

I've a problem with a "Generic.Malware.Suspicius" program.


zaptor
 Share

Recommended Posts

(Before starting, I apologize if this post doesn't correspond to this category, I've been looking and I think it's the right one, but I'm not sure).

Good evening,

My problem starts when I downloaded a "modmenu" program for Assassin's Creed Valhalla. I know that many of these programs contain malicious software so I always try to be informed before using it.

I was talking with the creator and the only solution he gives me is to update my antivirus (malwarebytes) or post the problem as a false positive, I lack knowledge in programming and computing so I would be very grateful if some expert in this field could analyze the file and and determine if it is really malware or not.

I'll attach the file, the only thing the antivirus tells me is "Generic.Malware.Suspicius".

Thanks in advance for your help.

Assassins.Creed.Valhalla.v1.0.2-v1.2.0.Plus.19.Trainer-FLiNG.zip

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/21
Scan Time: 9:14 PM
Log File: aa45203e-9287-11eb-887a-3c2c30e5a972.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38954
License: Premium

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: DESKTOP-DELL\bjm

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 0 min, 21 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, Quarantined, 0, 392686, 1.0.38954, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/21
Scan Time: 9:24 PM
Log File: 57eaf494-9291-11eb-8b5b-001a7dda7102.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38958
License: Premium

-System Information-
OS: Windows 10 (Build 19042.906)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 2 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Edited by Porthos
Link to post
Share on other sites

5 minutes ago, Porthos said:

File: 0
(No malicious items detected)

Same version, same file and different results... What?

----------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 1/4/21
Hora del análisis: 4:14
Archivo de registro: f4845e3c-928f-11eb-ac21-244bfe59fee7.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1236
Versión del paquete de actualización: 1.0.38958
Licencia: Premium

-Información del sistema-
SO: Windows 10 (Build 19042.867)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-AOP3QBB

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 1
Amenazas detectadas: 2
Amenazas en cuarentena: 0
Tiempo transcurrido: 0 min, 1 seg

-Opciones de análisis-
Memoria: Desactivado
Inicio: Desactivado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 2
Generic.Malware/Suspicious, C:\USERS\ALE\APPDATA\ROAMING\Microsoft\Windows\Recent\Assassins.Creed.Valhalla.v1.0.2-v1.2.0.Plus.19.Trainer-FLiNG.zip.lnk, Sin acciones por parte del usuario, 0, 392686, , , , , 9715260A43C1E6BEE96CB465007BFD69, D79D9B44C762EAF4A76823FCED5C637142207885082B790B60143C9527B2DCC6
Generic.Malware/Suspicious, C:\USERS\ALE\DOWNLOADS\ASSASSINS.CREED.VALHALLA.V1.0.2-V1.2.0.PLUS.19.TRAINER-FLING.ZIP, Sin acciones por parte del usuario, 0, 392686, 1.0.38958, , shuriken, , 16AFF4E61BDD648DA01DF3A3C03C7479, 3B6CA12F75F88B8EA8AB32B5FF22A73BC7145F27263AD21E973243F656FC5EA3

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/21
Scan Time: 1:16 AM
Log File: 5d58815e-92a9-11eb-b05d-3c2c30e5a972.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38962
License: Premium

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: DESKTOP-DELL\bjm

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 25 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, No Action By User, 0, 392686, 1.0.38962, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

@bjm Do you have the following setting enabled? If so it should be off. See screenshot.

Also,

Please clear your hubble cache by doing the following:

  1. Click on the Malwarebytes icon in the system tray
  2. Select "Quit Malwarebytes"
  3. Navigate to %PROGRAMDATA%\Malwarebytes\MBAMService
  4. Delete the file HubbleCache
  5. Open Malwarebytes and scan again.

2021-04-01_00h27_00.png

Edited by Porthos
Link to post
Share on other sites

Yes, I had "expert system algorithms" On.

Now, with "expert system algorithms" Off.
png_9919.png.0c34e0d2aa0d45e39819ce6c288633b2.png

786031447_HubbleRecycle.thumb.png.8bcfd06c0c2862781d2adfd70a376de9.png

png_9917.png.4b9603d1b226989c074b48d653493aef.png

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/21
Scan Time: 1:45 AM
Log File: 7e7af03e-92ad-11eb-b6e7-3c2c30e5a972.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38962
License: Premium

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: DESKTOP-DELL\bjm

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344915
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

File: 2
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS.CREED.VALHALLA_V1.0.2-V1.2.0_PLUS_19.TRAINER-FLING.ZIP, Quarantined, 0, 392686, 1.0.38962, , shuriken, , 16AFF4E61BDD648DA01DF3A3C03C7479, 3B6CA12F75F88B8EA8AB32B5FF22A73BC7145F27263AD21E973243F656FC5EA3
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, Quarantined, 0, 392686, 1.0.38962, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648

(end)

Link to post
Share on other sites

png_9923.thumb.png.c250b54947150b579f6566b362afd3fb.png

png_9924.png.9e32168f3c5ad086a4f79e28573115c4.png

png_9925.png.a4b042978e480b9eac327692d5e13ec5.png

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/1/21
Scan Time: 2:34 PM
Log File: efe1802e-9318-11eb-863c-3c2c30e5a972.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38982
License: Premium

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: DESKTOP-DELL\bjm

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344869
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 1 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS.CREED.VALHALLA_V1.0.2-V1.2.0_PLUS_19.TRAINER-FLING.ZIP, No Action By User, 0, 392686, 1.0.38982, , shuriken, , 16AFF4E61BDD648DA01DF3A3C03C7479, 3B6CA12F75F88B8EA8AB32B5FF22A73BC7145F27263AD21E973243F656FC5EA3
Generic.Malware/Suspicious, C:\USERS\BJM\DESKTOP\ASSASSINS CREED VALHALLA V1.0.2-V1.2.0 PLUS 19 TRAINER.EXE, No Action By User, 0, 392686, 1.0.38982, , shuriken, , 73B81E1864C485FCF12BD1648BBEC00A, C2D011739B7DD167D983B572E63F05A0C0E0456BCAA1B08E922D6339AACB2648

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

png_9930.png.d7009b832083c70e6c1ebaa7241f1d09.png

-Log Details-
Scan Date: 4/1/21
Scan Time: 8:10 PM
Log File: e2f7f396-9347-11eb-b849-3c2c30e5a972.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1236
Update Package Version: 1.0.38996
License: Premium

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: DESKTOP-DELL\bjm

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344653
Threats Detected: 0
Threats Quarantined: 0

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.