[Info] AvG: Win32/Heur on The Sims 1 Livin' it Up expansion pack

Hello there
Recently, I installed The Sims 1, and I decided to install the Livin' it up EP, the problem is
When I was installing it, AvG popped up saying that there was a Win32/Heur virus while installing on a file called like TFT448157, is a guess of the name of the file, since I can't really remember, I didn't managed to stop it in time and it finished the installation, clicked remove the virus and it couldn't it said that it was moved or not there, when I started the game, it started like if the game was without the expansion, unninstalled everything, couldn't remove the maxis folder, it didn't let me remove the folder, like if it was busy, opened up task manager and found a task called like <space>wow<name>
Terminated it, and I could remove the folder.

Now, I decided to scan the cd with avg, and it detected the virus again, but on another file? called: E:\Patches\res\Sims.icd, of course, it couldn't get removed.

Can someone help me with this? I Really want to play the game with the EP, but I'm not sure if it's a real virus or not, since I saw many topics in this forum regarding the same problem with the sims 2 game (My case is the sims 1 though).
 
Welcome aboard
yahooo.gif


Probably false positive.
Upload file in question to here: http://www.virustotal.com/ for security check.
 
Well, I sended the file, and after a while this came up:

"File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 299136638464c440860433fbfc8cdfb7
Date first seen: 2011-04-13 17:27:30 (UTC)
Date last seen: 2011-04-13 18:04:03 (UTC)
Detection ratio: 1/41
What do you wish to do?"

There are 2 options: Reanalyze and View Last Report

Reanalyze shows this:

File name:
Sims.icd
Submission date:
2011-12-23 20:42:09 (UTC)
Current status:
finished
Result:
3/ 43 (7.0%)

Antivirus Version Last Update Result
AhnLab-V3 2011.12.23.00 2011.12.23 -
AntiVir 7.11.19.252 2011.12.23 -
Antiy-AVL 2.0.3.7 2011.12.23 -
Avast 6.0.1289.0 2011.12.23 -
AVG 10.0.0.1190 2011.12.23 Win32/Heur
BitDefender 7.2 2011.12.23 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.23 -
ClamAV 0.97.3.0 2011.12.23 -
Commtouch 5.3.2.6 2011.12.23 -
Comodo 11064 2011.12.23 -
DrWeb 5.0.2.03300 2011.12.23 -
Emsisoft 5.1.0.11 2011.12.23 Virus.Win32.Heur!IK
eSafe 7.0.17.0 2011.12.22 -
eTrust-Vet 37.0.9642 2011.12.23 -
F-Prot 4.6.5.141 2011.12.23 -
F-Secure 9.0.16440.0 2011.12.23 -
Fortinet 4.3.388.0 2011.12.23 -
GData 22 2011.12.23 -
Ikarus T3.1.1.109.0 2011.12.23 Virus.Win32.Heur
Jiangmin 13.0.900 2011.12.23 -
K7AntiVirus 9.120.5757 2011.12.23 -
Kaspersky 9.0.0.837 2011.12.23 -
McAfee 5.400.0.1158 2011.12.23 -
McAfee-GW-Edition 2010.1E 2011.12.23 -
Microsoft 1.7903 2011.12.23 -
NOD32 6738 2011.12.23 -
Norman 6.07.13 2011.12.23 -
nProtect 2011-12-22.01 2011.12.22 -
Panda 10.0.3.5 2011.12.23 -
PCTools 8.0.0.5 2011.12.23 -
Prevx 3.0 2011.12.23 -
Rising 23.89.04.02 2011.12.23 -
Sophos 4.72.0 2011.12.23 -
SUPERAntiSpyware 4.40.0.1006 2011.12.23 -
Symantec 20111.2.0.82 2011.12.23 -
TheHacker 6.7.0.1.362 2011.12.22 -
TrendMicro 9.500.0.1008 2011.12.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.23 -
VBA32 3.12.16.4 2011.12.22 -
VIPRE 11294 2011.12.23 -
ViRobot 2011.12.23.4843 2011.12.23 -
VirusBuster 14.1.131.0 2011.12.23 -

Additional Information:

MD5 : 299136638464c440860433fbfc8cdfb7
SHA1 : 45c4146294e8a2c58f09792f8793217163cf84ac
SHA256: fcf8317ade035e6791911d2c851b17974ed7f5f56c15e3168c282138a9989fe2
ssdeep: 49152:aomvj7MUHQSSCASqamErSwo5M1unfCJgIl5p+X7J:5mLQUHQSSLS6Eru5M1ufCJBjp+t
File size : 2170925 bytes
First seen: 2011-04-13 17:27:30
Last seen : 2011-12-23 20:42:09
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Maxis, a division of Electronic Arts
copyright....: Copyright (c) 2000 Electronic Arts
product......: Maxis The Sims
description..: The Sims
original name: Sims.exe
internal name: The Sims
file version.: 1.0
comments.....: From Will Wright
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1866C4
timedatestamp....: 0x38C072E4 (Sat Mar 04 02:20:20 2000)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1B40AD, 0x1B5000, 8.00, ade70940a6121bcf78b3bcbaf3f29277
PACODE, 0x1B6000, 0x1532, 0x2000, 6.16, 2a58626be55c9b0b7abc406c38882901
.rdata, 0x1B8000, 0x32513, 0x33000, 4.48, e29e966217fe56f35580d8fa34f14772
.data, 0x1EB000, 0xBDDC0, 0x19000, 7.95, 3379f9ea4a8787d77a35b4b7fa789684
Shared, 0x2A9000, 0x4, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
UVA_DATA, 0x2AA000, 0x4ACC, 0x5000, 3.78, 55e3e89700b96c46bf63fd179690cab9
IDCT_DAT, 0x2AF000, 0x1658, 0x2000, 3.59, cfb43d9cb88f6ec027c23cb5f17a4a88
.rsrc, 0x2B1000, 0x51A6, 0x6000, 3.72, 935ef8f2191a81062cf5a3eae73a1221
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 1798144
Comments: From Will Wright
CompanyName: Maxis, a division of Electronic Arts
EntryPoint: 0x1866c4
FileDescription: The Sims
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 2.1 MB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1.0
FileVersionNumber: 1.0.0.0
ImageVersion: 0.0
InitializedDataSize: 1044480
InternalName: The Sims
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2000 Electronic Arts
LegalTrademarks: The Sims
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: Sims.exe
PEType: PE32
PrivateBuild: Release
ProductName: Maxis The Sims
ProductVersion: 1.0
ProductVersionNumber: 1.0.0.0
SpecialBuild: Release
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2000:03:04 03:20:20+01:00
UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

Note: Interesting enough, when I went back to View Last report, the file was different, I think it's the same I said before and I couldn't remember the name, however on the report only AvG said it's a virus.

File name:
file-2101330_ICD
Submission date:
2011-04-13 18:04:03 (UTC)
Current status:
finished
Result:
1 /41 (2.4%)

Antivirus Version Last Update Result
AhnLab-V3 2011.04.13.01 2011.04.13 -
AntiVir 7.11.6.99 2011.04.13 -
Antiy-AVL 2.0.3.7 2011.04.13 -
Avast 4.8.1351.0 2011.04.13 -
Avast5 5.0.677.0 2011.04.13 -
AVG 10.0.0.1190 2011.04.13 Win32/Heur
BitDefender 7.2 2011.04.13 -
CAT-QuickHeal 11.00 2011.04.13 -
ClamAV 0.97.0.0 2011.04.13 -
Commtouch 5.2.11.5 2011.04.13 -
Comodo 8327 2011.04.13 -
DrWeb 5.0.2.03300 2011.04.13 -
eSafe 7.0.17.0 2011.04.13 -
eTrust-Vet 36.1.8269 2011.04.13 -
F-Prot 4.6.2.117 2011.04.13 -
F-Secure 9.0.16440.0 2011.04.13 -
Fortinet 4.2.257.0 2011.04.13 -
GData 22 2011.04.13 -
Ikarus T3.1.1.103.0 2011.04.13 -
Jiangmin 13.0.900 2011.04.13 -
K7AntiVirus 9.96.4382 2011.04.13 -
Kaspersky 7.0.0.125 2011.04.13 -
McAfee 5.400.0.1158 2011.04.13 -
McAfee-GW-Edition 2010.1C 2011.04.13 -
Microsoft 1.6702 2011.04.11 -
NOD32 6038 2011.04.13 -
Norman 6.07.07 2011.04.13 -
Panda 10.0.3.5 2011.04.13 -
PCTools 7.0.3.5 2011.04.13 -
Prevx 3.0 2011.04.13 -
Rising 23.53.02.06 2011.04.13 -
Sophos 4.64.0 2011.04.13 -
SUPERAntiSpyware 4.40.0.1006 2011.04.12 -
Symantec 20101.3.2.89 2011.04.13 -
TheHacker 6.7.0.1.173 2011.04.13 -
TrendMicro 9.200.0.1012 2011.04.13 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.13 -
VBA32 3.12.16.0 2011.04.13 -
VIPRE 9007 2011.04.13 -
ViRobot 2011.4.13.4408 2011.04.13 -
VirusBuster 13.6.303.0 2011.04.13 -

MD5 : 299136638464c440860433fbfc8cdfb7
SHA1 : 45c4146294e8a2c58f09792f8793217163cf84ac
SHA256: fcf8317ade035e6791911d2c851b17974ed7f5f56c15e3168c282138a9989fe2
ssdeep: 49152:aomvj7MUHQSSCASqamErSwo5M1unfCJgIl5p+X7J:5mLQUHQSSLS6Eru5M1ufCJBjp+t
File size : 2170925 bytes
First seen: 2011-04-13 17:27:30
Last seen : 2011-04-13 18:04:03
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Maxis, a division of Electronic Arts
copyright....: Copyright (c) 2000 Electronic Arts
product......: Maxis The Sims
description..: The Sims
original name: Sims.exe
internal name: The Sims
file version.: 1.0
comments.....: From Will Wright
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1866C4
timedatestamp....: 0x38C072E4 (Sat Mar 04 02:20:20 2000)
machinetype......: 0x14C (Intel I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1B40AD, 0x1B5000, 8.0, ade70940a6121bcf78b3bcbaf3f29277
PACODE, 0x1B6000, 0x1532, 0x2000, 6.16, 2a58626be55c9b0b7abc406c38882901
.rdata, 0x1B8000, 0x32513, 0x33000, 4.48, e29e966217fe56f35580d8fa34f14772
.data, 0x1EB000, 0xBDDC0, 0x19000, 7.95, 3379f9ea4a8787d77a35b4b7fa789684
Shared, 0x2A9000, 0x4, 0x1000, 0.0, 620f0b67a91f7f74151bc5be745b7110
UVA_DATA, 0x2AA000, 0x4ACC, 0x5000, 3.78, 55e3e89700b96c46bf63fd179690cab9
IDCT_DAT, 0x2AF000, 0x1658, 0x2000, 3.59, cfb43d9cb88f6ec027c23cb5f17a4a88
.rsrc, 0x2B1000, 0x51A6, 0x6000, 3.72, 935ef8f2191a81062cf5a3eae73a1221
ExifTool:
-
 
Back