TechSpot

[Info] AvG: Win32/Heur on The Sims 1 Livin' it Up expansion pack

By FuzzyCakes
Dec 23, 2011
  1. Hello there
    Recently, I installed The Sims 1, and I decided to install the Livin' it up EP, the problem is
    When I was installing it, AvG popped up saying that there was a Win32/Heur virus while installing on a file called like TFT448157, is a guess of the name of the file, since I can't really remember, I didn't managed to stop it in time and it finished the installation, clicked remove the virus and it couldn't it said that it was moved or not there, when I started the game, it started like if the game was without the expansion, unninstalled everything, couldn't remove the maxis folder, it didn't let me remove the folder, like if it was busy, opened up task manager and found a task called like <space>wow<name>
    Terminated it, and I could remove the folder.

    Now, I decided to scan the cd with avg, and it detected the virus again, but on another file? called: E:\Patches\res\Sims.icd, of course, it couldn't get removed.

    Can someone help me with this? I Really want to play the game with the EP, but I'm not sure if it's a real virus or not, since I saw many topics in this forum regarding the same problem with the sims 2 game (My case is the sims 1 though).
     
  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

  3. FuzzyCakes

    FuzzyCakes TS Rookie Topic Starter

    Well, I sended the file, and after a while this came up:

    "File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
    MD5: 299136638464c440860433fbfc8cdfb7
    Date first seen: 2011-04-13 17:27:30 (UTC)
    Date last seen: 2011-04-13 18:04:03 (UTC)
    Detection ratio: 1/41
    What do you wish to do?"

    There are 2 options: Reanalyze and View Last Report

    Reanalyze shows this:

    File name:
    Sims.icd
    Submission date:
    2011-12-23 20:42:09 (UTC)
    Current status:
    finished
    Result:
    3/ 43 (7.0%)

    Antivirus Version Last Update Result
    AhnLab-V3 2011.12.23.00 2011.12.23 -
    AntiVir 7.11.19.252 2011.12.23 -
    Antiy-AVL 2.0.3.7 2011.12.23 -
    Avast 6.0.1289.0 2011.12.23 -
    AVG 10.0.0.1190 2011.12.23 Win32/Heur
    BitDefender 7.2 2011.12.23 -
    ByteHero 1.0.0.1 2011.12.07 -
    CAT-QuickHeal 12.00 2011.12.23 -
    ClamAV 0.97.3.0 2011.12.23 -
    Commtouch 5.3.2.6 2011.12.23 -
    Comodo 11064 2011.12.23 -
    DrWeb 5.0.2.03300 2011.12.23 -
    Emsisoft 5.1.0.11 2011.12.23 Virus.Win32.Heur!IK
    eSafe 7.0.17.0 2011.12.22 -
    eTrust-Vet 37.0.9642 2011.12.23 -
    F-Prot 4.6.5.141 2011.12.23 -
    F-Secure 9.0.16440.0 2011.12.23 -
    Fortinet 4.3.388.0 2011.12.23 -
    GData 22 2011.12.23 -
    Ikarus T3.1.1.109.0 2011.12.23 Virus.Win32.Heur
    Jiangmin 13.0.900 2011.12.23 -
    K7AntiVirus 9.120.5757 2011.12.23 -
    Kaspersky 9.0.0.837 2011.12.23 -
    McAfee 5.400.0.1158 2011.12.23 -
    McAfee-GW-Edition 2010.1E 2011.12.23 -
    Microsoft 1.7903 2011.12.23 -
    NOD32 6738 2011.12.23 -
    Norman 6.07.13 2011.12.23 -
    nProtect 2011-12-22.01 2011.12.22 -
    Panda 10.0.3.5 2011.12.23 -
    PCTools 8.0.0.5 2011.12.23 -
    Prevx 3.0 2011.12.23 -
    Rising 23.89.04.02 2011.12.23 -
    Sophos 4.72.0 2011.12.23 -
    SUPERAntiSpyware 4.40.0.1006 2011.12.23 -
    Symantec 20111.2.0.82 2011.12.23 -
    TheHacker 6.7.0.1.362 2011.12.22 -
    TrendMicro 9.500.0.1008 2011.12.23 -
    TrendMicro-HouseCall 9.500.0.1008 2011.12.23 -
    VBA32 3.12.16.4 2011.12.22 -
    VIPRE 11294 2011.12.23 -
    ViRobot 2011.12.23.4843 2011.12.23 -
    VirusBuster 14.1.131.0 2011.12.23 -

    Additional Information:

    MD5 : 299136638464c440860433fbfc8cdfb7
    SHA1 : 45c4146294e8a2c58f09792f8793217163cf84ac
    SHA256: fcf8317ade035e6791911d2c851b17974ed7f5f56c15e3168c282138a9989fe2
    ssdeep: 49152:aomvj7MUHQSSCASqamErSwo5M1unfCJgIl5p+X7J:5mLQUHQSSLS6Eru5M1ufCJBjp+t
    File size : 2170925 bytes
    First seen: 2011-04-13 17:27:30
    Last seen : 2011-12-23 20:42:09
    TrID:
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Maxis, a division of Electronic Arts
    copyright....: Copyright (c) 2000 Electronic Arts
    product......: Maxis The Sims
    description..: The Sims
    original name: Sims.exe
    internal name: The Sims
    file version.: 1.0
    comments.....: From Will Wright
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1866C4
    timedatestamp....: 0x38C072E4 (Sat Mar 04 02:20:20 2000)
    machinetype......: 0x14c (I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x1B40AD, 0x1B5000, 8.00, ade70940a6121bcf78b3bcbaf3f29277
    PACODE, 0x1B6000, 0x1532, 0x2000, 6.16, 2a58626be55c9b0b7abc406c38882901
    .rdata, 0x1B8000, 0x32513, 0x33000, 4.48, e29e966217fe56f35580d8fa34f14772
    .data, 0x1EB000, 0xBDDC0, 0x19000, 7.95, 3379f9ea4a8787d77a35b4b7fa789684
    Shared, 0x2A9000, 0x4, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
    UVA_DATA, 0x2AA000, 0x4ACC, 0x5000, 3.78, 55e3e89700b96c46bf63fd179690cab9
    IDCT_DAT, 0x2AF000, 0x1658, 0x2000, 3.59, cfb43d9cb88f6ec027c23cb5f17a4a88
    .rsrc, 0x2B1000, 0x51A6, 0x6000, 3.72, 935ef8f2191a81062cf5a3eae73a1221
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 1798144
    Comments: From Will Wright
    CompanyName: Maxis, a division of Electronic Arts
    EntryPoint: 0x1866c4
    FileDescription: The Sims
    FileFlagsMask: 0x003f
    FileOS: Win32
    FileSize: 2.1 MB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 1.0
    FileVersionNumber: 1.0.0.0
    ImageVersion: 0.0
    InitializedDataSize: 1044480
    InternalName: The Sims
    LanguageCode: English (U.S.)
    LegalCopyright: Copyright 2000 Electronic Arts
    LegalTrademarks: The Sims
    LinkerVersion: 6.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Executable application
    OriginalFilename: Sims.exe
    PEType: PE32
    PrivateBuild: Release
    ProductName: Maxis The Sims
    ProductVersion: 1.0
    ProductVersionNumber: 1.0.0.0
    SpecialBuild: Release
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2000:03:04 03:20:20+01:00
    UninitializedDataSize: 0

    Symantec reputation:Suspicious.Insight

    Note: Interesting enough, when I went back to View Last report, the file was different, I think it's the same I said before and I couldn't remember the name, however on the report only AvG said it's a virus.

    File name:
    file-2101330_ICD
    Submission date:
    2011-04-13 18:04:03 (UTC)
    Current status:
    finished
    Result:
    1 /41 (2.4%)

    Antivirus Version Last Update Result
    AhnLab-V3 2011.04.13.01 2011.04.13 -
    AntiVir 7.11.6.99 2011.04.13 -
    Antiy-AVL 2.0.3.7 2011.04.13 -
    Avast 4.8.1351.0 2011.04.13 -
    Avast5 5.0.677.0 2011.04.13 -
    AVG 10.0.0.1190 2011.04.13 Win32/Heur
    BitDefender 7.2 2011.04.13 -
    CAT-QuickHeal 11.00 2011.04.13 -
    ClamAV 0.97.0.0 2011.04.13 -
    Commtouch 5.2.11.5 2011.04.13 -
    Comodo 8327 2011.04.13 -
    DrWeb 5.0.2.03300 2011.04.13 -
    eSafe 7.0.17.0 2011.04.13 -
    eTrust-Vet 36.1.8269 2011.04.13 -
    F-Prot 4.6.2.117 2011.04.13 -
    F-Secure 9.0.16440.0 2011.04.13 -
    Fortinet 4.2.257.0 2011.04.13 -
    GData 22 2011.04.13 -
    Ikarus T3.1.1.103.0 2011.04.13 -
    Jiangmin 13.0.900 2011.04.13 -
    K7AntiVirus 9.96.4382 2011.04.13 -
    Kaspersky 7.0.0.125 2011.04.13 -
    McAfee 5.400.0.1158 2011.04.13 -
    McAfee-GW-Edition 2010.1C 2011.04.13 -
    Microsoft 1.6702 2011.04.11 -
    NOD32 6038 2011.04.13 -
    Norman 6.07.07 2011.04.13 -
    Panda 10.0.3.5 2011.04.13 -
    PCTools 7.0.3.5 2011.04.13 -
    Prevx 3.0 2011.04.13 -
    Rising 23.53.02.06 2011.04.13 -
    Sophos 4.64.0 2011.04.13 -
    SUPERAntiSpyware 4.40.0.1006 2011.04.12 -
    Symantec 20101.3.2.89 2011.04.13 -
    TheHacker 6.7.0.1.173 2011.04.13 -
    TrendMicro 9.200.0.1012 2011.04.13 -
    TrendMicro-HouseCall 9.200.0.1012 2011.04.13 -
    VBA32 3.12.16.0 2011.04.13 -
    VIPRE 9007 2011.04.13 -
    ViRobot 2011.4.13.4408 2011.04.13 -
    VirusBuster 13.6.303.0 2011.04.13 -

    MD5 : 299136638464c440860433fbfc8cdfb7
    SHA1 : 45c4146294e8a2c58f09792f8793217163cf84ac
    SHA256: fcf8317ade035e6791911d2c851b17974ed7f5f56c15e3168c282138a9989fe2
    ssdeep: 49152:aomvj7MUHQSSCASqamErSwo5M1unfCJgIl5p+X7J:5mLQUHQSSLS6Eru5M1ufCJBjp+t
    File size : 2170925 bytes
    First seen: 2011-04-13 17:27:30
    Last seen : 2011-04-13 18:04:03
    Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    TrID:
    Win32 Executable Generic (42.3%)
    Win32 Dynamic Link Library (generic) (37.6%)
    Generic Win/DOS Executable (9.9%)
    DOS Executable Generic (9.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: Maxis, a division of Electronic Arts
    copyright....: Copyright (c) 2000 Electronic Arts
    product......: Maxis The Sims
    description..: The Sims
    original name: Sims.exe
    internal name: The Sims
    file version.: 1.0
    comments.....: From Will Wright
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEiD: -
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1866C4
    timedatestamp....: 0x38C072E4 (Sat Mar 04 02:20:20 2000)
    machinetype......: 0x14C (Intel I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x1B40AD, 0x1B5000, 8.0, ade70940a6121bcf78b3bcbaf3f29277
    PACODE, 0x1B6000, 0x1532, 0x2000, 6.16, 2a58626be55c9b0b7abc406c38882901
    .rdata, 0x1B8000, 0x32513, 0x33000, 4.48, e29e966217fe56f35580d8fa34f14772
    .data, 0x1EB000, 0xBDDC0, 0x19000, 7.95, 3379f9ea4a8787d77a35b4b7fa789684
    Shared, 0x2A9000, 0x4, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110
    UVA_DATA, 0x2AA000, 0x4ACC, 0x5000, 3.78, 55e3e89700b96c46bf63fd179690cab9
    IDCT_DAT, 0x2AF000, 0x1658, 0x2000, 3.59, cfb43d9cb88f6ec027c23cb5f17a4a88
    .rsrc, 0x2B1000, 0x51A6, 0x6000, 3.72, 935ef8f2191a81062cf5a3eae73a1221
    ExifTool:
    -
     
  4. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    The file is safe.
    "heur" in layman terms means "probably", so you're fine.
     
  5. FuzzyCakes

    FuzzyCakes TS Rookie Topic Starter

    Okay then! thanks for the help!
     
  6. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.