Mr_llama
Newbie
 Offline
Posts: 8
I'm a llama!
|
 |
« on: December 10, 2008, 07:35:48 AM » |
|
Hey all.. Hope someone can help me with an answer.. I just installed the new version of BS-Player Free edition 2.33 http://bsplayer.comNow my Avast Home edition comes up with an Virus detection - installdata358.tmp.exe infected - Win32:Trojan-gen {Other} To explain the installation.. I installed BS-Player free edition, Deselected everything from the install except the program itself and the shortcut to menu start.. at the auto codecs download/install i cancelled. an thats it.. Avast detected a Virus in C:\Windows\System32\installdata358.tmp.exe.. i can see installdata358.tmp.exe in the task manager, terminated it an found the file in system32, the file is hidden.. (nothing happens when i click the .exe, other than it places itself in the taskmanager again.. Does anyone know what the file does, ? Hope someone can give me an answer... thanks allot. |
|
|
|
|
Logged
|
|
|
|
|
|
Mr_llama
Newbie
Offline
Posts: 8
I'm a llama!
|
|
« Reply #2 on: December 10, 2008, 09:12:22 AM » |
|
yea so far so good, but i deselected all the files which should make it a clean media player..
anyways Avast detects it as Win32:Trojan-gen ? ? that doesn't seem like ad-aware more like a virus ? or am i wrong ?
|
|
|
|
|
Logged
|
|
|
|
|
|
|
Maxx_original
|
|
« Reply #4 on: December 10, 2008, 09:45:55 AM » |
|
C:\Windows\System32\installdata358.tmp.exe looks quite fishy... it is autorunned, contains encrypted data, refers to C:\Log.log.. we'll do further analysis...
|
|
|
|
|
Logged
|
|
|
|
Mr_llama
Newbie
Offline
Posts: 8
I'm a llama!
|
|
« Reply #5 on: December 10, 2008, 10:02:27 AM » |
|
Maxx_original.. where did u get the installdata358.tmp.exe from ? the BS.Player installation ? i posted on BS.Players Official Forum, and send them the file to, but they deny that it should come from their installer.. this is their reply Ok, you sent us the infected file itself and not the BS.Player installation file (btw. our antivirus reports it as WORM/Kolabc.fat), but the problem is that BS.Player does not have anything to do with this infected file. Like stated before - BS.Player does not write anything in System32 folder.
BS.Player installation does not include any viruses, worms, trojans...
Your entire system may be infected (but not because of BS.Player) and now with every installation, virus copies itself over and over again. I suggest you run full computer antivirus scan and delete/quarantine all infected files and then install BS.Player. |
|
|
|
|
Logged
|
|
|
|
|
Maxx_original
|
|
« Reply #6 on: December 10, 2008, 11:48:30 AM » |
|
the file from european mirror is hijacked by a virus... its size is bigger than the file downloaded from US mirror.. also the original file is Nullsoft installer, the hijacked is CAB self-extract with the virus and the original installer included..
|
|
|
|
|
Logged
|
|
|
|
Mr_llama
Newbie
Offline
Posts: 8
I'm a llama!
|
|
« Reply #7 on: December 10, 2008, 12:10:12 PM » |
|
ok thanks alot..
Can u tell me exactly what the virus does ?
I deleted the file as soon as i noticed it, running comodo firewall and defense+ (HIPS) could see the file tried to do some DNS lookups or something like that..
|
|
|
|
|
Logged
|
|
|
|
|
Maxx_original
|
|
« Reply #8 on: December 10, 2008, 12:49:38 PM » |
|
it's a spying trojan most probably... anyway - regarding the non-detection by some engines there could be "few" affected users.. let's see what will the BSPlayer developers do...
|
|
|
|
« Last Edit: December 10, 2008, 02:46:06 PM by Maxx_original »
|
Logged
|
|
|
|
Mr_llama
Newbie
Offline
Posts: 8
I'm a llama!
|
|
« Reply #9 on: December 10, 2008, 01:29:53 PM » |
|
yea, was only because of HIPS protection that i noticed the file so.
(an short after that avast detected it to)
But anyways thanks for the support, and help on the BS.Player forum (don't think they belived me)
I'm reinstalling my two systems with the virus on as we speak..
Ill write back when i am up an running again..
Thanks for freaking great service Avast..
Special thanks to Maxx_original
Ps.
Just checked the post at BS.Player forum, they say its fixed now.
|
|
|
|
« Last Edit: December 10, 2008, 01:31:30 PM by Mr_llama »
|
Logged
|
|
|
|
|
Maxx_original
|
|
« Reply #10 on: December 10, 2008, 02:25:02 PM » |
|
yes.. fixed and the official note is available...
|
|
|
|
|
Logged
|
|
|
|
|
darth_mikey
|
|
« Reply #11 on: December 10, 2008, 02:31:32 PM » |
|
|
|
|
|
|
Logged
|
Win 7 Ultimate x64 , hardware DEP , UAC , avast! , Microsoft Security Essentials , WinPatrol , SpywareBlaster , Malwarebytes' Anti-Malware , OpenDNS
|
|
|
|
FreewheelinFrank
|
|
« Reply #12 on: December 10, 2008, 03:04:36 PM » |
|
As I’m sure you’ve noticed, these changes to your system are not mandatory and, therefore, BS.Player cannot be considered spyware but, certainly, neither can it be said to be 100% clean. And so, although marked as adware, BS.Player is once again safe to install and back on Softpedia. By Stefan Fintea, Software News Editor 2nd of September 2008, 20:41 GMT NO Adware bundled in BS.Player FREE anymore! Mat2000, BSPlayer team member PostPosted: Mon Aug 11, 2008 7:28 pm |
|
|
|
|
Logged
|
|
|
|
|
darth_mikey
|
|
« Reply #13 on: December 10, 2008, 03:57:02 PM » |
|
I don't see a problem here Frank. There is an option to not install BS.Player ControlBar ... Even if you do i still don't consider it adware.
|
|
|
|
|
Logged
|
Win 7 Ultimate x64 , hardware DEP , UAC , avast! , Microsoft Security Essentials , WinPatrol , SpywareBlaster , Malwarebytes' Anti-Malware , OpenDNS
|
|
|
Mr_llama
Newbie
Offline
Posts: 8
I'm a llama!
|
|
« Reply #14 on: December 10, 2008, 04:00:45 PM » |
|
Im up an running again on a reinstalled system..
once again thanks for the great service Avast / Maxx_original
(one thing is for sure.. im sticking with avast.)
|
|
|
|
|
Logged
|
|
|
|
|
