RSK-CASINO.A.002 MALWARE found by BOclean in paddypower.com's poker software

RSK-CASINO.A.002 MALWARE found by BOclean when opening install file for paddypower.com poker software.
Boclean reported trojan was deleted and do i still want to install file.any one know of this thanks and should program be ok

Hi frank t, welcome to the forum :slight_smile:

Can you upload the specific file that is flagged by BOClean to the online scanners :

http://virusscan.jotti.org/

… and post the results back here please :slight_smile:

Greetz, Red.

(CNY) thanks rednose hope this what you want.

File SetupCasino.exe received on 02.16.2008 17:12:29 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.15 -
Avast 4.7.1098.0 2008.02.15 -
AVG 7.5.0.516 2008.02.16 -
BitDefender 7.2 2008.02.16 -
CAT-QuickHeal None 2008.02.16 (Suspicious) - DNAScan
ClamAV None 2008.02.16 -
DrWeb 4.44.0.09170 2008.02.16 -
eSafe 7.0.15.0 2008.02.14 Suspicious File
eTrust-Vet 31.3.5541 2008.02.15 -
Ewido 4.0 2008.02.16 -
FileAdvisor 1 2008.02.16 -
Fortinet 3.14.0.0 2008.02.16 -
F-Prot 4.4.2.54 2008.02.15 -
F-Secure 6.70.13260.0 2008.02.15 -
Ikarus T3.1.1.20 2008.02.16 -
Kaspersky 7.0.0.125 2008.02.16 -
McAfee 5231 2008.02.15 potentially unwanted program CasOnline
Microsoft 1.3204 2008.02.16 -
NOD32v2 2880 2008.02.15 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.16 Suspicious file
Prevx1 V2 2008.02.16 Heuristic: Suspicious Self Modifying EXE
Rising 20.31.50.00 2008.02.16 -
Sophos 4.26.0 2008.02.16 Casino
Sunbelt 2.2.907.0 2008.02.14 VIPRE.Suspicious
Symantec 10 2008.02.16 -
TheHacker 6.2.9.221 2008.02.15 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.15 -
Webwasher-Gateway 6.6.2 2008.02.15 Win32.Malware.gen#PECompact!94 (suspicious)
Additional information
File size: 217117 bytes
MD5: 045e8f2b7a71fa5e21eeeef3556a0ae6
SHA1: e8b9ffb622439e12bea4d38cc871b80b9cade121
PEiD: PECompact 2.xx –> BitSum Technologies
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=D544FD1A1D63789E5003037D22B5EA00B68151B3
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Hey frank t :slight_smile:

I don’t know what to think. As you can see McAfee and Sophos seem to recognise the file and the heuristics of some scanners flag the file as suspicious. That doesn’t mean that it is a bad file ( it could still be a false positive ) but it should be investigated.

Please email the file to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “False Positive?”.
Zip and password protect it with “infected” and include that information in the body.

Greetz, Red.