Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Worm in download?

  1. #1
    Join Date
    Feb 2005
    Posts
    231

    Worm in download?

    I just tried to download the zip file for BurnDVDX2. AVG said there was a worm in the download. Has anyone else seen this?

  2. #2
    Join Date
    Feb 2005
    Posts
    231
    When I did the install, AVG narrowed the problem down to an example for dvd shrink.

  3. #3
    Join Date
    Aug 2005
    Location
    Houston
    Posts
    4,394

    false positive

    AVG has lots of false positives...so i'm not surprised.. i would try scanning it with another couple of antiviruses to be sure, tho it's most likely a false positive from AVG because of compression methods..[it flags things that look even *close* to viruses without being sure]
    1. C2D 1.6ghz XPPro, ATI HD4650lowprofile,Cat 8.11, Aver M780, KWorld PCI 120, MVP, GBpvr 1.4.7, Comm. Skin. VFD, Imon plugin w/SmartieLCD[custom]
    2. C2D 2.53, XPPro, ATI HD3450, Kworld 330U, Comm. Skin, GBpvr 1.4.7
    Author: Pvrx2 utils- Simple Archiver.bat, NTFSLinker [Junction gui]
    Universal Util: MCE Remote no-software trick and Shutdown Protector
    3. Zotac Mini ITX G41[$84] + ati 650pro pcie[$29], Celeron duo[$22] BDRom drive [$48]

  4. #4
    Join Date
    Nov 2005
    Location
    East Yorkshire, England
    Posts
    4,279
    Upload the suspect file to http://virusscan.jotti.org/ and see what it reports.

    It uses multiple scan engines and I've found it fairly useful and have junked AVG becaus eof all its false positives.


  5. #5
    Join Date
    Dec 2006
    Location
    Modesto, CA. USA
    Posts
    2,148
    I downloaded BurndDVDX2 and also triggered a virus detection with Avast: Win32:Trojan-gen {Other}.
    NPVR Server: Win8 / AMD Phenom II X4 965 / 8gRAM / ATI Radeon 7700 Series / Hauppauge 2250
    Misc: Multiple Wired-Wireless clients, XMBC Clients, rPI OpenElec client

  6. #6
    Join Date
    Aug 2005
    Location
    Houston
    Posts
    4,394
    example for dvd shrink? been a while, i wonder if it's an autoit script? [they often gave same error if certain autoit ver used] tho it's been fixed in newer versions..
    what kind of file is it in? [name]
    1. C2D 1.6ghz XPPro, ATI HD4650lowprofile,Cat 8.11, Aver M780, KWorld PCI 120, MVP, GBpvr 1.4.7, Comm. Skin. VFD, Imon plugin w/SmartieLCD[custom]
    2. C2D 2.53, XPPro, ATI HD3450, Kworld 330U, Comm. Skin, GBpvr 1.4.7
    Author: Pvrx2 utils- Simple Archiver.bat, NTFSLinker [Junction gui]
    Universal Util: MCE Remote no-software trick and Shutdown Protector
    3. Zotac Mini ITX G41[$84] + ati 650pro pcie[$29], Celeron duo[$22] BDRom drive [$48]

  7. #7
    Join Date
    Dec 2006
    Location
    Modesto, CA. USA
    Posts
    2,148
    From Avast Log:

    Code:
     
    11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "http://gbpvr.com/pmwiki/pmwiki.php/P...$INSTDIR\third party\burndvd\cmddvdshrink100.exe" file.
    NPVR Server: Win8 / AMD Phenom II X4 965 / 8gRAM / ATI Radeon 7700 Series / Hauppauge 2250
    Misc: Multiple Wired-Wireless clients, XMBC Clients, rPI OpenElec client

  8. #8
    Join Date
    Jul 2006
    Location
    Austin,TX
    Posts
    1,880
    Quote Originally Posted by JavaWiz View Post
    From Avast Log:

    Code:
     
    11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip\BurnDVDX2Install.exe\$INSTDIR\third party\burndvd\cmddvdshrink100.exe" file.

    That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.
    GBpvr PC: Intel Celeron 1.8 Ghz. 768 Mb WinXp Home Sp2
    Video: Diamond 128 Mb 9550
    Capture Cards: PVR-150 & PVR-150 MCE w/fm + 2x MVP
    Author of: BurnDVDX2 and Skiptool

  9. #9
    Join Date
    Dec 2006
    Location
    Modesto, CA. USA
    Posts
    2,148
    Quote Originally Posted by pastro View Post
    That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.
    Good to know. Should that be noted in the Wiki somewhere around the download link?
    NPVR Server: Win8 / AMD Phenom II X4 965 / 8gRAM / ATI Radeon 7700 Series / Hauppauge 2250
    Misc: Multiple Wired-Wireless clients, XMBC Clients, rPI OpenElec client

  10. #10
    Join Date
    Aug 2005
    Location
    Houston
    Posts
    4,394

    ahh,same as autoit

    ahh.those are same as autoit problem..in fact, i think that was made based on autoit..
    it's mostly the upx compression, and it actually IS a problem, because the compression in question allows other trojans to be hidden inside as well, so while it may appear to be a false positive, it doesn't mean there isn't any danger in running it...so not truly a false positive...

    [false positives have been used to get you to let your guard down, so they can get in]

    i would seriously look into replacing/rebuilding that file if possible...if you don't have the source then you really don't know what's in it...so the alerts could be warranted..

    all that file really is is a autoit style macro to control the dvdshrink window automatically...
    not that hard to reproduce from scratch....probably only needs updating, if it's decompilable..

    ****is that file even necessary?***
    1. C2D 1.6ghz XPPro, ATI HD4650lowprofile,Cat 8.11, Aver M780, KWorld PCI 120, MVP, GBpvr 1.4.7, Comm. Skin. VFD, Imon plugin w/SmartieLCD[custom]
    2. C2D 2.53, XPPro, ATI HD3450, Kworld 330U, Comm. Skin, GBpvr 1.4.7
    Author: Pvrx2 utils- Simple Archiver.bat, NTFSLinker [Junction gui]
    Universal Util: MCE Remote no-software trick and Shutdown Protector
    3. Zotac Mini ITX G41[$84] + ati 650pro pcie[$29], Celeron duo[$22] BDRom drive [$48]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •