Jump to content

VIRUS in 4.5


norings

Recommended Posts

My viruscanner finds virus in the latest DVBViewer 4.5 06.10.10 viruscanner F-secure IS 2011 virus found: Gen:Trojan.Heur.TP.dm0@b8NxBMF , even when I got the new key there was a warning from smartscreenfilter in the virusscanner that it wasnt secure to open the attached file. WHAT IS THIS????????????????????

Link to comment

1. don't double post.

2. use the search before making panik postings.

 

This is a false positive. Inform you antivirus program company about it, so they can fix it.

Link to comment
Gen:Trojan.Heur.TP.dm0@b8NxBMF

"Heur" means, it is a result of a "behavioural" blocking. Your scanner regards the behaviour or certain properties of the file as suspicious, without knowing exactly. A false positive.

Link to comment

I have exactly the same problem with the virus in the setup file on win 7

had to dowload and install on xp first and then copy DVBViewer folder to win7 and then it works perfectly

but why viruses! in the setup file ... HACKBART

Link to comment

There is no virus in the setup.

 

It is more like a bug in your antivirus software (false alarm).

Its not just mine virusscanner that reports virus, even win7 says so and in the german section there are same problem with other type of virusscanner so a bug is not the answer because then several virusscanners have the same bug,so is there a virus or not?

Edited by norings
Link to comment

Win7 contains windows defender,looks after unwanted programs.

 

I sent DVBViewer 4.5 pro exe to F-secure for analyse and the answer was: virus detected, they didnt say possible virus they were shure it is a virus. Can we please get a virusfree download instead.

Link to comment

I have installed 4.5 pro without any issues. I have Windows Defender, SPYBOT , AVAST anti Virus and Microsoft security essentials running.

 

No warnings what so ever.

Link to comment
Win7 contains windows defender,looks after unwanted programs.
Windows Defender detected here nothing. So what is the exact report by you?

 

I sent DVBViewer 4.5 pro exe to F-secure for analyse and the answer was: virus detected, they didnt say possible virus they were shure it is a virus.
What is the Name of the so called "virus"? An what should the virus do?

 

I'm still hold that this is a false alarm.

Link to comment

Its not me who got warning from Win7 just reported from another post, the virus is a trojan and the name is in the beginning of this posts. F-secure analysgroup is positive that this is a trojan and not a false. Is this a bad atempt to get us to install a virus or what is this?

Link to comment

I have installed 4.5 pro without any issues. I have Windows Defender, SPYBOT , AVAST anti Virus and Microsoft security essentials running.

All at the same time :blink:? Windows Defender and Avast should not be run with MSE, really not Spybot either. MSE contains Windows Defender anti-spy/adware in itself as well as an anti virus/trojan component.

Link to comment

Downloads are personalized with a kind of watermark, so security software may detect a false positive in the download of user X, but not in the download of user Y. However, the watermark is no executable code, so it can't contain a virus.

 

and in the german section there are same problem with other type of virusscanner

...there are problems, but up to now all of them turned out to be a false positive.

 

Can we please get a virusfree download instead.

No. :) There won't be a new version just for one or two users (of thousands) who got stuck on the idea of having downloaded an infected file. Wrong-way drivers, so to say.

 

Seems it's getting more and more difficult for average users to deal with anti-virus software warnings. It takes an expert to tell true from false. Looks like malware producers are close to reaching their goal. Don't forget that they are responsible for all this confusion, not the DVBViewer developers. Actually DVBViewer 4.5 contains additional measures against certain kinds of exploits (DLL hijacking, data execution), thus being safer than previous versions.

Link to comment

I'd dedected similar issues with some other SW as well.

Just block your AV SW before installing DVBViewer and report the bug to your AV SW support.

 

There is no virus in 4.5 at all.

Edited by ricabullah
Link to comment

Downloads are personalized with a kind of watermark, so security software may detect a false positive in the download of user X, but not in the download of user Y. However, the watermark is no executable code, so it can't contain a virus.

 

 

...there are problems, but up to now all of them turned out to be a false positive.

 

 

No. :) There won't be a new version just for one or two users (of thousands) who got stuck on the idea of having downloaded an infected file. Wrong-way drivers, so to say.

 

Seems it's getting more and more difficult for average users to deal with anti-virus software warnings. It takes an expert to tell true from false. Looks like malware producers are close to reaching their goal. Don't forget that they are responsible for all this confusion, not the DVBViewer developers. Actually DVBViewer 4.5 contains additional measures against certain kinds of exploits (DLL hijacking, data execution), thus being safer than previous versions.

If you want to spreed a virus/trojan this is one way how to do it, put a trojan i an exefile and when it is discoverd just say that "there is no virus, your virus scanner has a bug and all other that reports virus has allso a bug", why should we beleve this? I have been using DVBViewer for a lot of years and no problems with virus until now when we have to get new keys so what more is new? virus/trojans? You says it takes an expert to tell true from false and thats why I sent the file to F-secure analyse and thay detects it as a virus/trojan. OK lets take this question to some other HTPC forums and see what comes out of it.

Edited by norings
Link to comment

... I sent the file to F-secure analyse and thay detects it as a virus/trojan.

 

I use F-secure AV at strict settings and have had no problems whatsoever. It seems that you are making it a problem when there is none.

Link to comment

OK, I checked again. A specific stand alone scan of the downloaded file showed positive for malware. I know that it is a false positive.

 

Originally F-secure scanned the file immediately after download, as it does every file downloaded, and found no problem. F-secure uses several different means to identify malware. If it was really malware it would block that file from being written to my hard disk, as has been the case with other really bad downloaded software.

 

I was able to install DVBViewer OK. If it contained malware F-secure would block installation, as has been the case with other really bad software introduced from a memory stick.

 

F-secure would also block operation of the software, if it suspected that it was malware and altering stuff in the computer.

 

In actual operation, I have had no problems whatsoever with the final DVBViewer 4.5 and the previous release candidates.

Link to comment

Its all a matter of trust isn't it? Do we believe a program or a real life reputable company..

 

just out of interest I submitted it to virustotal.com and 3 virus scanners came up with the same result (they much use the same engine?) but the other 40 didn't :) hope that puts your mind at rest norings.

 

(hope you can read it as the formatting is a little awry)

 

Antivirus Version Last Update Result

AhnLab-V3 2010.10.11.00 2010.10.11 -

AntiVir 7.10.12.172 2010.10.11 -

Antiy-AVL 2.0.3.7 2010.10.11 -

Authentium 5.2.0.5 2010.10.10 -

Avast 4.8.1351.0 2010.10.11 -

Avast5 5.0.594.0 2010.10.11 -

AVG 9.0.0.851 2010.10.10 -

BitDefender 7.2 2010.10.11 Gen:Trojan.Heur.TP.dm0@b8NxBMF

CAT-QuickHeal 11.00 2010.10.11 -

ClamAV 0.96.2.0-git 2010.10.11 -

Comodo 6351 2010.10.11 -

DrWeb 5.0.2.03300 2010.10.11 -

Emsisoft 5.0.0.50 2010.10.11 -

eSafe 7.0.17.0 2010.10.07 -

eTrust-Vet 36.1.7904 2010.10.11 -

F-Prot 4.6.2.117 2010.10.10 -

F-Secure 9.0.15370.0 2010.10.11 Gen:Trojan.Heur.TP.dm0@b8NxBMF

Fortinet 4.2.249.0 2010.10.11 -

GData 21 2010.10.11 Gen:Trojan.Heur.TP.dm0@b8NxBMF

Ikarus T3.1.1.90.0 2010.10.11 -

Jiangmin 13.0.900 2010.10.11 -

K7AntiVirus 9.65.2713 2010.10.09 -

Kaspersky 7.0.0.125 2010.10.11 -

McAfee 5.400.0.1158 2010.10.11 -

McAfee-GW-Edition 2010.1C 2010.10.11 -

Microsoft 1.6201 2010.10.11 -

NOD32 5520 2010.10.11 -

Norman 6.06.07 2010.10.11 -

nProtect 2010-10-11.01 2010.10.11 -

Panda 10.0.2.7 2010.10.10 -

PCTools 7.0.3.5 2010.10.11 -

Prevx 3.0 2010.10.11 -

Rising 22.69.00.01 2010.10.11 -

Sophos 4.58.0 2010.10.11 -

Sunbelt 7035 2010.10.11 -

SUPERAntiSpyware 4.40.0.1006 2010.10.10 -

Symantec 20101.2.0.161 2010.10.11 -

TheHacker 6.7.0.1.054 2010.10.10 -

TrendMicro 9.120.0.1004 2010.10.11 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.11 -

VBA32 3.12.14.1 2010.10.11 -

ViRobot 2010.10.4.4074 2010.10.11 -

VirusBuster 12.67.11.0 2010.10.10 -

Link to comment

Here's a report from my anti-virus (Virgin Media Security, it's BitDefender-based software customized by ISP):

File: D:\Downloads\Installers\DVB\DVBViewer 4.5 setup.exe
Action: This file could not be disinfected. It was quarantined instead.
Virus: Gen:Trojan.Heur.TP.dm0@b8NxBMF

File: D:\Downloads\Installers\DVB\emu_plug\svc_setup_1.6.5.exe
Action: This file could not be disinfected. It was quarantined instead.
Virus: Gen:Trojan.Heur.TP.cm0@bSOu18v

as a result I can't install neither of them - I can't even download them. You should really take care of it

Link to comment
Gen:Trojan.Heur.TP.dm0@b8NxBMF

 

As already explained above, it's a result from heuristic methods, which are quite error prone. It means, no specific virus signature has been found in the file, but only certain characteristics, which may or may not indicate malware. Harmless files may have the same characteristics. The virus scanner can't know for sure.

 

Unfortunately some anti-virus software is adopting scareware methods in order to increase sales. It doesn't tell you what's really going on, it doesn't report "certain characteristics may indicate malware, but it's not sure - please check it on VirusTotal.com". Without asking they quarantine the file right away: "I've just saved your PC! Can you see how indispensable I am?" That's business nowadays - make money from fear.

Link to comment

I'm sorry Griga, but this is nonsense. Heuristics are a good, actually the *only* way to provide any useful security these days. The virusses get more and more sophisticated and at the same time less widespread, so the only way to protect PCs is to detect virus-like behaviour, and this is very apparently what happens here.

In this case here, this is most likely a combination of code encryption (to make it more difficult to crack/hack DVBViewer), and the fact that it downloads stuff in certain ways over the internet.

 

BTW, as of now, it's 4 of 41 AV-scanners at Virustotal that detect a virus here. This is actually way more than on most zero-day "real" virusses. This *is* a real concern, and you (e.g the programmers) should seriously consider doing something, instead of telling your users they're stupid. This is, stop the setup.exe from behaving like a virus.

Link to comment
you (e.g the programmers) should seriously consider doing something, instead of telling your users they're stupid.
Do you have a list which functions have to be removed so that it is 100% OK for all virus scanner for ever?
Link to comment
Heuristics are a good, actually the *only* way to provide any useful security these days.

If the police distributes "Wanted" posters in your town with a picture of a person that looks very similar to you, and many people say "It's you!", that's heuristics.

 

This *is* a real concern, and you (e.g the programmers) should seriously consider doing something, instead of telling your users they're stupid. This is, stop the setup.exe from behaving like a virus.

Back to the above example: What would you do to avoid it? Go to a surgeon an let him change your face so that it no longer looks similar to the police posters? What if the police puts new posters with a picture now similar to your new face? How often do you think you would go to the surgeon? And does it make sense at all?

 

Which fault is it, the police poster (=wrong antivirus heuristic) or your face (=innocent file)?

 

Current policy of most antivirus companies: shoot first, ask later ... :(

Edited by HaraldL
Link to comment
and you (e.g the programmers) should seriously consider doing something,

What? Do you really believe that anti-virus software companies will tell us how their heuristics work, and how it can be circumvented?

 

instead of telling your users they're stupid.

I don't regard users as stupid who are concerned (except you ATM, to be true). Stop telling us to do "something". Propose something realistic and usable, if you have an idea what can be done better, or shut up.

Link to comment
In this case here, this is most likely a combination of code encryption (to make it more difficult to crack/hack DVBViewer)..

 

What? Do you really believe that anti-virus software companies will tell us how their heuristics work, and how it can be circumvented?

 

*ROTFL* seems to be a circulus vitiosus ;)

Link to comment

I'm sorry Griga, but this is nonsense. Heuristics are a good, actually the *only* way to provide any useful security these days. The virusses get more and more sophisticated and at the same time less widespread, so the only way to protect PCs is to detect virus-like behaviour, and this is very apparently what happens here.

In this case here, this is most likely a combination of code encryption (to make it more difficult to crack/hack DVBViewer), and the fact that it downloads stuff in certain ways over the internet.

 

BTW, as of now, it's 4 of 41 AV-scanners at Virustotal that detect a virus here. This is actually way more than on most zero-day "real" virusses. This *is* a real concern, and you (e.g the programmers) should seriously consider doing something, instead of telling your users they're stupid. This is, stop the setup.exe from behaving like a virus.

Good to see that there is some more people who tries to stop virus and trojans and can stand up and say so instead of just say that its no worry mate. Dont like the answer "NO YOU CANT" when I asks for a software that is virusfree or dont triggs the virusscanner.

Link to comment

Good to see that there is some more people who tries to stop virus and trojans and can stand up and say so instead of just say that its no worry mate. Dont like the answer "NO YOU CANT" when I asks for a software that is virusfree or dont triggs the virusscanner.

 

According to Wikipedia "If the antivirus software employs heuristic detection (of any kind), success depends on achieving the right balance between false positives and false negatives. False positives can be as destructive as false negatives."

http://en.wikipedia.org/wiki/Antivirus_software

 

As I explained in an earlier post there is no virus-like behaviour after installing DVBViewer, consequently my F-secure AV has no problem with it. I have been using DVBViewer for more than three years and I trust it because it has given me no problems.

 

If you are looking for a solution, you should trust this software and install it. There is no virus.

Link to comment

Well keep in mind that heuristic algorithms cant be too heuristic. In the most cases (Avira, Kaspersky, Norton) it is "enough" to put a bigger ressource on the binary. I never been able to avoid a "its a virus" warning if a binary uses WinSock and is smaller than 40kb. If i link a 400kb bitmap on it, all scanner detect the app as harmless. I posted a sample code on one of those other "Virus False alarm" threads in the board a few weeks ago..

 

Christian

Link to comment

One thing to consider for those of you, who still think that there is a virus in DVBViewer and the Recording Service: The Recording Service has been available for 10 days, now. Security software providers claim that they can provide signatures for new viruses within less than 24 hours. So, if there really was a virus in the Recording Service, by now, you would get a signature-positive from your security software and not still a heuristics-positive. And, of course, the virus would be detected by all major security suites and not only 3 out of 42 on virus total (of which G-Data and Bitdefender are using the same engine, so actually, it is 2 out of 41).

 

Furthermore, if the developpers really wanted to spread a virus, why would they request money for their software? The virus would spread much faster, if the provided the software for free!

Link to comment

@Hackbart: So you already know at least one way (albeit a nasty one) to avoid it. Good.

 

@Dezzy: You're missing the point. It's not DVBViewer who triggers the heuristics, it's the installer (setup.exe). And just FWIW, I do *not* believe there's a real virus here. Just virus-like behaviour. What heuristics consider virus-like behaviour is pretty well known in the industry. E.G UPX code packing massively increases the likelyness. Heuristics in AV scanners work a lot like email anti-spam products. They consider certain characteristics to point to possible malware. Hackbart already has identified one: Most malware is small. It also almost always attempts a network connection to some internet resource to download additional binaries. And it's coded in a certain way to avoid easy detection (compression, encryption). If you write some application that fulfills enough of these, you'll be detected as "Spam" or here malware, just like when you write an HTML-only email that contains several typical spam phrases like --------------- ######, cheap watches and ---------------, plus some obfuscated html links or webbugs. You won't be too surprised if this mail would be blocked as spam, would you?

If *several* AV products repeatedly detect your app as a virus through heuristics, *you* have a problem, not your users or the AV soft, and it's in your own best interest to do something about it. There are millions and millions and millions of applications out there that do *not* get regularly *and* repeatedly caught by heuristics.

Link to comment
If *several* AV products repeatedly detect your app as a virus through heuristics, *you* have a problem, not your users or the AV soft, and it's in your own best interest to do something about it.

What ccdmas wants comes down to shifting the burden of proof (in juristic terms, "Beweislastumkehr" in German). Not the virus scanner has to prove that a file is malware, but the file resp. its creator has to prove that it is not.

 

Reminds me of being accused of copyright infringement in Germany, e.g. because the IP had been logged by some software searching for filesharing uploads/downloads, with time stamps that are not precise enough, as experts stated lately, thus making the identification of the IP owner error prone in case of dynamically assigned IPs. It might hit someone who got the IP right afterwards. But the laws have changed in a way that an accused has to prove his innocence in this case, which is almost impossible.

Link to comment

@Elecardfan: Your attempts to be "funny" are atrocious. I can just hope you don't have any customer contact in your job, if you have any. Or maybe you're less of an arrogant idiot when you're not hidden behind internet anonymity.

 

Oh, and just for your personal entertainment. Now look at this:

 

http://www.DVBViewer.tv/forum/topic/13944-DVBViewer-filter-35/page__pid__314331__st__30#entry314331

 

"Changed: PushSource.ax is not compressed anymore, due to increasing trouble with security software regarding it as malware characteristic."

 

Oooops....

Link to comment

 

@Dezzy: You're missing the point. It's not DVBViewer who triggers the heuristics, it's the installer (setup.exe). And just FWIW, I do *not* believe there's a real virus here. Just virus-like behaviour....

 

I think that you may have misunderstood my posts.

 

When I ran setup.exe for DVBViewer there was no problem at all. There was no virus-like behaviour to trigger the AV software, neither in installation nor in operation.

 

It was only a scan of the file sitting dead still on my hard disk that triggered the heuristic positive. I think that the wanted posters analogy would be the best fit. It thinks a still snapshot of the file somehow resembles a virus.

Edited by dezzy
Link to comment

@Griga: This isn't a trial here. It's a simple matter of if you care about being 100% trusted by your customers, or not. If you feel this isn't important, go ahead and ignore the issue. But apparently you *do* care (see your own readme for the latest pushsource.ax), so why are we still discussing?

Link to comment
Guest
This topic is now closed to further replies.
×
×
  • Create New...