Virus in BSPlayer ?

[Mr_Fast]

Hey all..

Hope someone can help me with an answer..

I just installed the new version of BS-Player Free edition 2.33
http://bsplayer.com

Now my Avast Home edition comes up with an Virus detection -  installdata358.tmp.exe infected - Win32:Trojan-gen {Other}

To explain the installation..

I installed BS-Player free edition, Deselected everything from the install except the program itself and the shortcut to menu start.. at the auto codecs download/install i cancelled. an thats it..
Avast detected a Virus in C:\Windows\System32\installdata358.tmp.exe..

i can see installdata358.tmp.exe in the task manager, terminated it an found the file in system32, the file is hidden.. (nothing happens when i click the .exe, other than it places itself in the taskmanager again..

Does anyone know what the file does, ?

Hope someone can give me an answer...

thanks allot.

[FreewheelinFrank]

BSPlayer is adware:

http://news.softpedia.com/news/Safe-To-Install-Version-Of-BS-Player-Is-Out-And-About-92721.shtml

[Mr_Fast]

yea so far so good, but i deselected all the files which should make it a clean media player..

anyways Avast detects it as Win32:Trojan-gen ? ?  that doesn't seem like ad-aware more like a virus ? or am i wrong ?

[FreewheelinFrank]

It's a fairly generic detection.

You need to report the detection to avast! if you think it's wrong.

There should be a option to do this at the bottom right of the detection screen, I think, or follow the advice here:

http://forum.avast.com/index.php?board=2;action=display;threadid=7779

[Maxx_original]

C:\Windows\System32\installdata358.tmp.exe looks quite fishy... it is autorunned, contains encrypted data, refers to C:\Log.log.. we'll do further analysis...

[Mr_Fast]

Maxx_original..

where did u get the installdata358.tmp.exe from ? the BS.Player installation ?
i posted on BS.Players Official Forum, and send them the file to, but they deny that it should come from their installer..

this is their reply

Ok, you sent us the infected file itself and not the BS.Player installation file (btw. our antivirus reports it as WORM/Kolabc.fat), but the problem is that BS.Player does not have anything to do with this infected file. Like stated before - BS.Player does not write anything in System32 folder.

BS.Player installation does not include any viruses, worms, trojans...

Your entire system may be infected (but not because of BS.Player) and now with every installation, virus copies itself over and over again. I suggest you run full computer antivirus scan and delete/quarantine all infected files and then install BS.Player.

[Maxx_original]

the file from european mirror is hijacked by a virus... its size is bigger than the file downloaded from US mirror.. also the original file is Nullsoft installer, the hijacked is CAB self-extract with the virus and the original installer included..

[Mr_Fast]

ok thanks alot..

Can u tell me exactly what the virus does ?

I deleted the file as soon as i noticed it, running comodo firewall and defense+ (HIPS) could see the file tried to do some DNS lookups or something like that..

[Maxx_original]

it's a spying trojan most probably... anyway - regarding the non-detection by some engines there could be "few" affected users.. let's see what will the BSPlayer developers do...

[Mr_Fast]

yea, was only because of HIPS protection that i noticed the file so.
(an short after that avast detected it to)

But anyways thanks for the support, and help on the BS.Player forum (don't think they belived me)
I'm reinstalling my two systems with the virus on as we speak..

Ill write back when i am up an running again..

Thanks for freaking great service Avast..
Special thanks to Maxx_original


Ps.
Just checked the post at BS.Player forum, they say its fixed now.

[Maxx_original]

yes.. fixed and the official note is available...

[Hard_ROCKER]

BSPlayer is adware:

http://news.softpedia.com/news/Safe-To-Install-Version-Of-BS-Player-Is-Out-And-About-92721.shtml

http://www.bsplayer.org/forum/viewtopic.php?p=42275&sid=1e9e4917d56f056dc8948c2f5dd936d7&BSPLAYER=bbefb59fae434a5d4c31aea665630fb5

[FreewheelinFrank]

As I’m sure you’ve noticed, these changes to your system are not mandatory and, therefore, BS.Player cannot be considered spyware but, certainly, neither can it be said to be 100% clean. And so, although marked as adware, BS.Player is once again safe to install and back on Softpedia.

By Stefan Fintea, Software News Editor

2nd of September 2008, 20:41 GMT

NO Adware bundled in BS.Player FREE anymore!

Mat2000, BSPlayer team member

PostPosted: Mon Aug 11, 2008 7:28 pm

[Hard_ROCKER]

I don't see a problem here Frank. There is an option to not install BS.Player ControlBar ... Even if you do i still don't consider it adware. 

[Mr_Fast]

Im up an running again on a reinstalled system..

once again thanks for the great service Avast / Maxx_original
(one thing is for sure.. im sticking with avast.)