Jump to content

A false positive DVB Viewer Pro v4.9.6.20's Plugins\ImportTSP


Recommended Posts

Hi!

 

Overnight, I did a full/complete scan with SUPERAntiSpyware (free edition) v5.5.1016 on my very old, updated Windows XP Pro. SP3 machine. It found my D:\winstuff\DVBViewerPro\Plugins\ImportTSP.dll possibly infected. I checked this file with the online scanners and got a few hits:

 

http://virusscan.jotti.org/en/scanresult/755c2ce89647f2b723b69668c595e8bb9a518ef2 (ClamAV)

http://r.virscan.org/report/a503683f64380937f5b0fcae027020eb.html (ClamAV and Quick Heal)

http://vscan.novirusthanks.org/analysis/3ebdc7637bccded62ffa4a2748513080/aW1wb3J0dHNwLWRsbA==/ (Comodo and TrendMicro)

https://www.virustotal.com/file/8670f85e989e2bc330e408da6a66cdcf0f24b2345caf9c520f54649ab26f10af/analysis/1347205299/ (TrendMicro and TrendMicro-HouseCall with latest results)

 

I don't know if this plugin is very old and I don't think I use it? Here is what my directory listing looks like:

 

dir.exe /o:n /s D:\winstuff\DVBViewerPro\Plugins

Volume in drive D is d

Volume Serial Number is ...

 

Directory of D:\winstuff\DVBViewerPro\Plugins

 

06/02/2012 08:01 PM <DIR> .

06/02/2012 08:01 PM <DIR> ..

09/24/2006 12:13 AM 0 DVBSource.ini

03/02/2012 01:49 AM 100,352 ImportCSV.dll

12/08/2002 10:39 AM 185,344 ImportMDB.dll

06/19/2003 01:13 AM 12,288 ImportSDX.dll

09/29/2003 02:35 PM 24,064 ImportTSP.dll

07/24/2009 08:48 AM 215,552 NetStreaming.dll

01/22/2009 02:19 AM 60,928 PostProcessor.dll

03/02/2011 03:15 AM 873 PostProcessor.ini

03/02/2011 03:22 AM 18,533 PostProcessor_ReadMe.rtf

11/05/2010 01:08 AM 556,032 PreviewW.exe

12/11/2010 08:45 PM 800,256 TSPlayer.exe

11/05/2010 01:00 AM 4,794 TSPlayer_ReadMe.rtf

06/25/2008 07:22 AM 89,600 UniStreaming.dll

03/23/2006 10:08 PM 147 unregisterASF.bat

09/24/2006 12:55 AM 283 VRPlugin.ini

15 File(s) 2,069,046 bytes

 

Total Files Listed:

15 File(s) 2,069,046 bytes

2 Dir(s) 187,819,069,440 bytes free

 

Is this a real infection or a false positive? Is mine outdated? If it is, then where can I get updated ones?

 

Thank you in advance. :)

Edited by antdude
Link to comment

It's a very old and out-dated plugin for importing TechniSat channellists. You won't need it.

Thanks. Do I only delete that file only? All of Import*.dll? It would be nice to clean this old mess up. :)
Link to comment

Only ImportCSV.dll (for importing and exporting channel lists as *.csv [Comma-separated values]) comes with the current DVBViewer Version.

You can delete all Import*.dll

I am confused. You said delete import*.dll, but the latest DVBViewer Pro has ImportCSV.dll file.
Link to comment

You can delete all Import*.dll. They are not mandatory. However, ImportCSV.dll might be useful if you want to rework your channellist with database software.

Ah OK. I will keep ImportCSV.dll file just in case. Thanks! :)
Link to comment
  • 1 month later...

I found another possible false positive, but I don't think this file is part of Pro. Several anti-malware/AV programs say DVBViewer Technisat Edition v4.5.1.28's SkystarIR.exe has an infection:

http://vscan.novirusthanks.org/analysis/1ec64621d6ef0be87fa4dc09a64c9ea3/c2t5c3RhcmlyLWV4ZQ==/

https://www.virustotal.com/file/e33d469de468e2480e2e6a9c1fa415b1818bf2f171eb155824bcf5b8d100438f/analysis/1350663266/

http://r.virscan.org/report/6d9fc1adc42d6ca9c1302c5af2261778.html

http://virusscan.jotti.org/en/scanresult/c3e68629b3849ab4a326ddb89204140cad7c5c34

Malwarebytes Anti-Malware v1.65.1.1000 says it is a Spyware.Zbot.


I e-mailed hackbart DVBViewer.com and support@technisat.de about it. smile.gif

Link to comment

Yes and i already answered you:

Hi,

this is a classic false alarm, probably caused by thefact that the binary is upx-compressed. You do not the binary in general, sincethe infrared control is handled via the ir dll's inside the DVBViewer-pluginfolders.

Christian

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...