TechSpot

Help with reoccurring Trojan

By Chocobuny
Sep 7, 2010
  1. Hey I'm having a problem with a game called Diablo 2.

    I wake up this morning and I find that it has a trojan on it. Specifically this is what AVG said:

    "Infection";"Trojan horse PSW.OnlineGames3.AUEH";"c:\Program Files\Diablo II\D2Win.dll";"";"8/09/2010, 12:08:29 p.m."

    So of course I just uninstall the game. Then I tried reinstalling it (Yeah bad idea) and it installs fine, but as soon as I try update the game online AVG goes ballistic about the trojan. So Obviously something is lingering on my comp causing this. I've run the 3 log things at the top so hopefully you guys can help. I'll attach them at the bottom.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    If this is legit copy of the game, it may be false positive.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\Program Files\Diablo II\D2Win.dll
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  3. Chocobuny

    Chocobuny TS Rookie Topic Starter

    The game is totally legit, valid CD key and all.

    Um I actually uninstalled the game because I was a little paranoid. I could probably restore the copy of it thats in the AVG Virus Vault if you want?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Unfortunately, AVG produces a lot of false positives, which probably is the case here.
    Yeah, restore the file and scan it at my link.
     
  5. Chocobuny

    Chocobuny TS Rookie Topic Starter

    Nevermind this post just had to close AVG
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    See, if you can copy the file to some other location, like your desktop and upload it from there.
     
  7. Chocobuny

    Chocobuny TS Rookie Topic Starter

    Antivirus Version Last Update Result
    AhnLab-V3 2010.09.08.00 2010.09.08 -
    AntiVir 8.2.4.50 2010.09.07 -
    Antiy-AVL 2.0.3.7 2010.09.07 -
    Authentium 5.2.0.5 2010.09.08 -
    Avast 4.8.1351.0 2010.09.07 -
    Avast5 5.0.594.0 2010.09.07 -
    AVG 9.0.0.851 2010.09.07 PSW.OnlineGames3.AUEH
    BitDefender 7.2 2010.09.07 -
    CAT-QuickHeal 11.00 2010.09.07 -
    ClamAV 0.96.2.0-git 2010.09.07 -
    Comodo 6006 2010.09.08 -
    DrWeb 5.0.2.03300 2010.09.08 -
    Emsisoft 5.0.0.37 2010.09.08 -
    eSafe 7.0.17.0 2010.09.07 -
    eTrust-Vet 36.1.7839 2010.09.06 -
    F-Prot 4.6.1.107 2010.09.01 -
    F-Secure 9.0.15370.0 2010.09.08 -
    Fortinet 4.1.143.0 2010.09.07 -
    GData 21 2010.09.08 -
    Ikarus T3.1.1.88.0 2010.09.08 -
    Jiangmin 13.0.900 2010.09.07 -
    K7AntiVirus 9.63.2463 2010.09.07 -
    Kaspersky 7.0.0.125 2010.09.08 -
    McAfee 5.400.0.1158 2010.09.08 -
    McAfee-GW-Edition 2010.1B 2010.09.08 -
    Microsoft 1.6103 2010.09.08 -
    NOD32 5432 2010.09.07 -
    Norman 6.06.05 2010.09.07 -
    nProtect 2010-09-07.02 2010.09.07 -
    Panda 10.0.2.7 2010.09.07 -
    PCTools 7.0.3.5 2010.09.08 -
    Prevx 3.0 2010.09.08 -
    Rising 22.64.01.04 2010.09.07 -
    Sophos 4.57.0 2010.09.08 -
    Sunbelt 6844 2010.09.08 -
    SUPERAntiSpyware 4.40.0.1006 2010.09.08 -
    Symantec 20101.1.1.7 2010.09.07 -
    TheHacker 6.7.0.0.010 2010.09.08 -
    TrendMicro 9.120.0.1004 2010.09.07 -
    TrendMicro-HouseCall 9.120.0.1004 2010.09.08 -
    VBA32 3.12.14.0 2010.09.07 -
    ViRobot 2010.8.25.4006 2010.09.07 -
    VirusBuster 12.64.22.0 2010.09.07 -
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Reinstall the game and put that file into AVG exception list.
    You'll be fine.
     
  9. Chocobuny

    Chocobuny TS Rookie Topic Starter

    Cheers, thanks heeps I really appreciate the quick help. Keep up the good work : ).
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...