Gamespy Arcade Win32/TrojanDownloader.SpyGame.A

Help!

I am a registered GameSpy Arcade user and am happy with them gathering summary stats on my gaming. However when trying to use their Arena service for counterstrike:

http://www.liquidizer.net/GSA0.png

I get this virus warning:

http://www.liquidizer.net/GSA.png

Is it a real threat? What does Win32/TrojanDownloader.SpyGame.A do?

Thanks,
Fairy

 

anyone know?

 

Looks like a pest...

http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453073352

Glad NOD32 caught it myself Not sure how you would exclude it through IMON, though if you disable IMON you could probably exlcude it through AMON........... Though as a trojan dowloader you'll likely (ok, I suspect) get more than you bargained for in the user agreement.

I don't know much about Gamespy... Did you pay for the honor of being spied on and having statistics gathered or is this a free option and how they make their money back?

 

I too am a registered GSA user, and have the latest NOD32 with AH and all the other bells and whistles turned on.

A little while ago, NOD32 would flag Aphex.exe as a trojan, but this is obviously not so. A few updates later, it stopped. I would not be surprised if this is another false positive.

What I would do is submit the file NOD32 is picking up to something like Jotti's malware scanner to confirm that it is indeed clean. If it checks out, submit the file to Eset as a false positive, and see if they correct it from there.

If all else fails, use The All-Seeing Eye

EDIT: I scanned the GSA directory and it came up clean.

 

I'll try submitting it I've got it in Quarentine.

There is a free version of GSA, I subscribe to get member benefits. I reckon this trojan was just a script that would launch GSA. This I reckon confused NOD32. I have read the CA thing before but to be honest displaying banner ads and gathering stats on the most played games (which they only use at a summary level) is not something I find worrying. One of the problems with this Spyware thing is that the boundaries are blurry and debatable. I reckon the tools should focus where possible on the seriously troublesome stuff.

Fairy

 

File: alaunch.cab
Status:
INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain in the ass -, results will not be stored in the database.)
Packers detected:
None

AntiVir
No viruses found (0.15 seconds taken)
Avast
No viruses found (1.51 seconds taken)
BitDefender
No viruses found (0.34 seconds taken)
ClamAV
No viruses found (0.43 seconds taken)
Dr.Web
No viruses found (0.54 seconds taken)
F-Prot Antivirus
No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus
not-a-virus:RiskWare.Downloader.SpyGame (0.65 seconds taken)
mks_vir
No viruses found (0.20 seconds taken)
NOD32
Win32/TrojanDownloader.SpyGame.A (0.38 seconds taken)
Norman Virus Control
No viruses found (0.13 seconds taken)

Kapersky says this:

not-a-virus:RiskWare.Downloader.SpyGame

"Currently there is no description available for this malicious program."

(ESET are no more informative)
in general for this type of riskware they say:
"Downloaders

Even legal downloading utilities can be dangerous, since they are usually programmed to function in background regime, without direct intervention from the user. It is easy for a hacker to substitute links to infected resources for safe download sites, leading to malware being downloaded to the victim machine without the user's knowledge."

I guess this thing is probably not very dangerous but not 100% risk free as it doesn't give me any additional functionality I just terminated it.

Fairy

 

Extract the file in question, because there're some AV that aren't able to scan within CAB packages. So, extract the file in question and submit it again. Maybe more AV will detect that. Please, post the results.