Jump to content


Photo

Crazy Drake Possible False Positive

egames trojan trojan.win32.generic!bt adware general false positive possibly

  • Please log in to reply
6 replies to this topic

#1 GettingtotheBottom

GettingtotheBottom

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 06 February 2013 - 04:36 AM

I recently downloaded a PC game called Crazy Drake from eGames, but Ad-Aware came up with a Trojan (Trojan.Win32.Generic!BT to be exact) and some Conducent/Timesink Adware. Since it wasn't the official eGames website, I thought I might have gotten a purposely infected file. I then decided to buy the actual game new from eBay. When I installed it, Adaware STILL came up with the same stuff. This makes me believe that it could be something from the game that it thinks is malicious, but really isn't.

Here is the website I got it from:
http://egames2.blogs...razy-drake.html

Here's another link in case the first doesn't work:
http://www.mediafire...lmlxlhrwi6ndedr

Thanks in advance!

#2 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1529 posts

Posted 06 February 2013 - 11:07 AM

Hi GettingtotheBottom,

Thanks for your report. I'll investigate and let you know what's happening.

Regards,

Andy
Lavasoft Malware Lab
unsolicited@tenalia.com

#3 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1529 posts

Posted 06 February 2013 - 01:02 PM

The free game is ad supported by the Conducent TimeSink ad gateway, hence the various detections. I don't have access to the non-free version of the game, but it appears that the adware elements are part of this version too.

I suggest the removing the TimeSink elements and adding the actual game file to the ignore list. Try the following:

1. Uninstall the game completely & reboot
2. After reboot, disable Real Time Protection on Ad-Aware
3. Install the game
4. Run a full scan
5. After the scan, click on the Infected Files tab
6. For Trojan-Dropper.Win32.Agent (aka c:\Program Files\eGames\Crazy Drake Game\egames.exe), select Ignore in the Action column
7. Click Clean
8. On the Ad-Aware Home screen, click Settings (top right, second from the bottom of the list that starts "Scan..")
9. Click on Ignore List on the left side of the screen & add c:\Program Files\eGames\Crazy Drake Game\egames.exe to the ignore list
10. Enable Real Time Protection
11. Done

Let me know how you get on.

Andy
Lavasoft Malware Lab
unsolicited@tenalia.com

#4 GettingtotheBottom

GettingtotheBottom

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 06 February 2013 - 05:37 PM

Thanks for the help. Unfortunately it says that I need addon2VB.dll to run the program (even though I checked and I have it), so I'll have to see if I can fix that.

#5 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7238 posts

Posted 06 February 2013 - 05:44 PM

Hi,

Sometimes it helps to copy the file, that the program can't find, to the folder of the program.

#6 GettingtotheBottom

GettingtotheBottom

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 07 February 2013 - 04:08 AM

It doesn't work. I already tried that. You apparently have to keep the Timesink adware because I turned off real-time protection and it was able to find the .dll file. However, when I turned on real-time protection and tried to run it and Adaware Quarantined the Timesink and it immediately couldn't find the .dll. Also, were you able to run the program? I tried a whole bunch of compatibility modes for it on Windows 7 but none I tried worked (unless you were using Vista or XP).

#7 Lorenzo The Comic

Lorenzo The Comic

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 February 2013 - 07:45 PM

Which of the links did you download? You could simply try running Crazy Drake in DOSBox. I'd suggest either one of the DOS downloads or the Entertainment Suite 2 setup. The blog also has a link to these instructions on removing Conducent TimeSink.

Edited by Lorenzo The Comic, 14 February 2013 - 08:22 PM.






Also tagged with one or more of these keywords: egames, trojan, trojan.win32.generic!bt, adware, general, false, positive, possibly

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users