NextPVR Forums

NextPVR Forums > Public > Add-ons (3rd party plugins, utilities and skins) > Old Stuff (Legacy) > Burndvdx2 and Skiptool > Worm in download?
Full Version: Worm in download?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

pbb

2008-11-04, 08:25 PM
I just tried to download the zip file for BurnDVDX2. AVG said there was a worm in the download. Has anyone else seen this?

pbb

2008-11-04, 09:06 PM
When I did the install, AVG narrowed the problem down to an example for dvd shrink.

pBS

2008-11-04, 09:25 PM
AVG has lots of false positives...so i'm not surprised.. i would try scanning it with another couple of antiviruses to be sure, tho it's most likely a false positive from AVG because of compression methods..[it flags things that look even *close* to viruses without being sure]

martint123

2008-11-04, 10:27 PM
Upload the suspect file to http://virusscan.jotti.org/ and see what it reports.

It uses multiple scan engines and I've found it fairly useful and have junked AVG becaus eof all its false positives.

JavaWiz

2008-11-05, 12:26 AM
I downloaded BurndDVDX2 and also triggered a virus detection with Avast: Win32:Trojan-gen {Other}.

pBS

2008-11-05, 12:43 AM
example for dvd shrink? been a while, i wonder if it's an autoit script? [they often gave same error if certain autoit ver used] tho it's been fixed in newer versions..
what kind of file is it in? [name]

JavaWiz

2008-11-05, 12:48 AM
From Avast Log:

Code:
11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "[URL]http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip\BurnDVDX2Install.exe\$INSTDIR\third[/URL] party\burndvd\cmddvdshrink100.exe" file.

pastro

2008-11-05, 05:52 AM
JavaWiz Wrote:From Avast Log:

Code:
11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "[url=http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip%5CBurnDVDX2Install.exe%5C$INSTDIR%5Cthird]http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip\BurnDVDX2Install.exe\$INSTDIR\third[/url] party\burndvd\cmddvdshrink100.exe" file.


That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.

JavaWiz

2008-11-05, 06:42 AM
pastro Wrote:That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.
Good to know. Should that be noted in the Wiki somewhere around the download link?

pBS

2008-11-05, 08:58 PM
ahh.those are same as autoit problem..in fact, i think that was made based on autoit..
it's mostly the upx compression, and it actually IS a problem, because the compression in question allows other trojans to be hidden inside as well, so while it may appear to be a false positive, it doesn't mean there isn't any danger in running it...so not truly a false positive...Sad

[false positives have been used to get you to let your guard down, so they can get in]

i would seriously look into replacing/rebuilding that file if possible...if you don't have the source then you really don't know what's in it...so the alerts could be warranted..

all that file really is is a autoit style macro to control the dvdshrink window automatically...
not that hard to reproduce from scratch....probably only needs updating, if it's decompilable..

****is that file even necessary?***
Pages: 1 2
NextPVR Forums > Public > Add-ons (3rd party plugins, utilities and skins) > Old Stuff (Legacy) > Burndvdx2 and Skiptool > Worm in download?