Author Topic: mpc-hc.exe  (Read 9593 times)

Offline mega23mac

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
mpc-hc.exe
« on: August 25, 2011, 01:54:41 PM »
Dear,
Sorry the 1st post by mistake .....   :'(
i've got 2 PC in my home, both have Avast free version install with Media Player Classic Home cinema version.
However, the Avast suddenly prompt the "mpc-hc.exe" as virus and need to run in sandbox today, but the other PC does not.
Both of the PC run on the Windows 7 Home Premier edition with updated Avast free version, and of course the media player class version is the same.
I am really confused why such happened, please help.
Thx so much!!
« Last Edit: August 25, 2011, 02:03:11 PM by mega23mac »

Offline mega23mac

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #1 on: August 25, 2011, 02:01:18 PM »
Sorry the 1st post by mistake .....  :'(
i've got 2 PC in my home, both have Avast free version install with Media Player Classic Home cinema version.
However, the Avast suddenly prompt the "mpc-hc.exe" as virus and need to run in sandbox today, but the other PC does not.
Both of the PC run on the Windows 7 Home Premier edition with updated Avast free version, and of course the media player class version is the same.
I am really confused why such happened, please help.
Thx so much!!

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #2 on: August 25, 2011, 02:10:56 PM »
Quote
Sorry the 1st post by mistake ..... 
you can edit post`s......see mine   ;)


Quote
Avast suddenly prompt the "mpc-hc.exe" as virus and need to run in sandbox today
does it say virus.....or run in sandbox.....not the same thing




upload suspicious file(s)to  www.virustotal.com  and test with 43 malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternativ
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline mega23mac

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #3 on: August 25, 2011, 02:17:39 PM »
Sorry that not familiar with the interface ....  :P

It should be the Avast suggest to run in Sandbox ... :P

I'll try your suggestion ... thx so much!!

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #4 on: August 25, 2011, 02:42:32 PM »
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn't had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline mega23mac

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #5 on: August 25, 2011, 04:49:54 PM »
HI ..... Just upload and scan the file in VirusTotal .. below is the link and result
http://www.virustotal.com/file-scan/report.html?id=e43bced21fab1a8dacba02089d93b9a44bcdbb631bcb5b8be6939ae3359a5616-1314289942

Antivirus Version Last Update Result
AhnLab-V3 2011.08.25.01 2011.08.25 -
AntiVir 7.11.13.231 2011.08.25 -
Antiy-AVL 2.0.3.7 2011.08.25 -
Avast 4.8.1351.0 2011.08.25 -
Avast5 5.0.677.0 2011.08.25 -
AVG 10.0.0.1190 2011.08.25 -
BitDefender 7.2 2011.08.25 -
ByteHero 1.0.0.1 2011.08.22 Trojan.Malware.Win32.xPack.i
CAT-QuickHeal 11.00 2011.08.25 -
ClamAV 0.97.0.0 2011.08.25 -
Commtouch 5.3.2.6 2011.08.25 -
Comodo 9870 2011.08.25 -
DrWeb 5.0.2.03300 2011.08.25 -
Emsisoft 5.1.0.10 2011.08.25 -
eSafe 7.0.17.0 2011.08.24 -
eTrust-Vet 36.1.8521 2011.08.25 -
F-Prot 4.6.2.117 2011.08.25 -
F-Secure 9.0.16440.0 2011.08.25 -
Fortinet 4.2.257.0 2011.08.24 -
GData 22 2011.08.25 -
Ikarus T3.1.1.107.0 2011.08.25 -
Jiangmin 13.0.900 2011.08.25 -
K7AntiVirus 9.111.5056 2011.08.25 -
Kaspersky 9.0.0.837 2011.08.25 -
McAfee 5.400.0.1158 2011.08.25 -
McAfee-GW-Edition 2010.1D 2011.08.25 -
Microsoft 1.7604 2011.08.25 -
NOD32 6409 2011.08.25 -
Norman 6.07.10 2011.08.25 -
nProtect 2011-08-25.01 2011.08.25 -
Panda 10.0.3.5 2011.08.25 -
PCTools 8.0.0.5 2011.08.25 -
Prevx 3.0 2011.08.25 -
Rising 23.72.03.03 2011.08.25 -
Sophos 4.68.0 2011.08.25 -
SUPERAntiSpyware 4.40.0.1006 2011.08.25 -
Symantec 20111.2.0.82 2011.08.25 -
TheHacker 6.7.0.1.284 2011.08.25 -
TrendMicro 9.500.0.1008 2011.08.25 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.25 -
VBA32 3.12.16.4 2011.08.25 -
VIPRE 10265 2011.08.25 -
ViRobot 2011.8.25.4639 2011.08.25 -
VirusBuster 14.0.185.0 2011.08.25 -

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #6 on: August 25, 2011, 05:17:54 PM »
Read my topic again as it isn't saying it is infected or avast would have alerted on it also !
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline mega23mac

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #7 on: August 25, 2011, 05:24:58 PM »
I do understand that ..... but just still a bit worried and not understand why suddenly got such alert and only in one of my PC .... ???

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #8 on: August 25, 2011, 06:01:07 PM »
Are your avast settings the same on both systems ?
Have you tried to run it on both systems ?

Is it in the same location on both systems, e.g. if it were run from say a USB or a network location, then you could well have different results ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Cabarnacus

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #9 on: August 25, 2011, 10:05:26 PM »
Mine has started doing the same thing as of yesterday.

There seems to be a huge lag in opening a local media file with MPC-HC and then avast will flag the program as "suspicious activity" and ask to sandbox.

I have white-listed MPC-HC with avast so it no longer sandboxes however there is still a huge lag when opening a file as small as a 4MB .MP3.

Disabling avast temporarily allows MPC-HC to execute file full speed so I can only guess avast is taking an unusually long time to scan mpc-hc.exe when it executes.

MPC-HC has not been updated recently so I reckon it is a definition or program update to avast that is providing a false positive to suspicious activity with MPC-HC.

FYI, My MPC-HC version is the one supplied with the K-Lite codec pack, maybe this is the version causing problems?

Offline pablo0911

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #10 on: August 26, 2011, 08:35:10 AM »
But the report says that it is infected!!

Please read the line

"ByteHero 1.0.0.1 2011.08.22 Trojan.Malware.Win32.xPack.i "

I had the same result when I analyzed the .exe....

Please, there is something to be worry about?

Regards

Offline Cabarnacus

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #11 on: August 28, 2011, 10:14:16 PM »
But the report says that it is infected!!

Please read the line

"ByteHero 1.0.0.1 2011.08.22 Trojan.Malware.Win32.xPack.i "

I had the same result when I analyzed the .exe....

Please, there is something to be worry about?

Regards

I wouldn't have thought so. MPC-HC is a very credible piece of software more so when bundled with the very popular K-lite codecs.

I think it is solely a case of a false positive result. I have excluded the directory that MPC-HC is in from further checks with file shield and everything is back to normal.

Offline CahosRahneVeloza

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #12 on: September 06, 2011, 09:24:45 PM »
Hello folks, I've recently applied the Program updates for Avast! & this false report is still happening. I really thought once the recent updates have been released this false reports would've also been fixed, I guess we still have some time to wait :)

Offline bollity

  • Jr. Member
  • **
  • Posts: 21
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #13 on: September 08, 2011, 04:18:31 AM »
I have the same problem after I update k-lite codec pack to version 7.7.0.
Media player classic run in the sandbox.

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2676
    • Personal Message (Offline)
Re: mpc-hc.exe
« Reply #14 on: September 08, 2011, 08:36:42 AM »
I have the same problem after I update k-lite codec pack to version 7.7.0.
Media player classic run in the sandbox.
Running in sandbox is not the same as having a virus report.

For example, I use portable tools. I have 1 portable tool that, for whatever reason, Avast recommends running in Sandbox. This is not the same as saying that the specific tool is infected.
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now