Author Topic: A trojan spyware in an avi codec O.O"?  (Read 6204 times)

0 Members and 1 Guest are viewing this topic.

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1432
A trojan spyware in an avi codec O.O"?
« on: March 19, 2010, 05:27:56 PM »
Hi hi and hi again guys :)
I was searching for the avi codec for my windows movie player and I while searching in some websites saying that there is a trojan spyware in the codec and that he is not the author of that

Here is the link for that which is malware free unless you download it:
h**p://avicodec.duby.info/
« Last Edit: March 20, 2010, 03:57:57 AM by Shiw Liang »

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: A trojan spyware in an avi codec O.O"?
« Reply #1 on: March 19, 2010, 06:13:22 PM »
Yes I ran google Chrome from inside the sandbox and I got the avast warning that site is blocked.

And I check the address hxxp://www.avicodecpack.com/  and so far all good,

avast objects to the above address and that may be because of some of the links on the page

But I went back to that address on yr post and there is obfuscated or corrupted text in the pages that some of the links take visitors. So better change that link to hxxp like mine until we know for sure.


And near the top, there is very large google-analytics.com/urchin javascript link which may be okay

hxxp://www.google-analytics.com/urchin.js\
I'll check that address in the sandbox as well - the google analytics link is actual broke

<script src="hxxp://www.google-analytics.com/urchin.js" type="text/javascript">

may just be unable to go there
« Last Edit: March 19, 2010, 09:18:05 PM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
« Last Edit: March 19, 2010, 06:37:16 PM by Pondus »

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: A trojan spyware in an avi codec O.O"?
« Reply #3 on: March 20, 2010, 12:31:32 AM »
Hi there, I want to post how is this google analytics tracker, the large size of it, and the fact urchin tracker is different from other tracker code that I have seen. That said, however, the script does not generate any warnings or alerts, so there appears nothing malicious about it. Just interest value really. btw, I have de-actioned the script by adding a random x here and there --

<script src="http://www.google-analytics.com/urchin.js" typex="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-136525-1"x
urchinTracker()x
</script>


The script is entered in the <head> just above the page title - AVIcodec is a free multimedia file analyser for Windows (btw, different from the address title in the <head> - AVIcodec, a free multimedia file analyzer), which would imply that, by its positioning and if it is running as it should, tracker urchin will be activated by any visits to the page.

here is link for the urchin tracker script
- I will leave it on the site for only a day or so, for yr interest, then delete it

http://eduspaces.net/mkistech/files/-1/29794/cookie1.txt
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1432
Re: A trojan spyware in an avi codec O.O"?
« Reply #4 on: March 20, 2010, 03:57:18 AM »
okay thank you mkis and pondus ^^

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: A trojan spyware in an avi codec O.O"?
« Reply #5 on: March 20, 2010, 05:48:52 AM »
I think the page is okay Shiw Liang. I just thought that AVICodec and Pack came up too often on the page, and that deactivating the link would be a fail-safe solution - that would prevent accidents from occurring. But now I'm all but 100% certain that the page is malware free. Problem was that it was a bit too much to go through the page from start to finish.

It looks as if Philippe Duby is an unfortunate victim in this affair. I could see that he's put in a lot of work into building these packs. Impressive really. If you are viewing page source, then you'll be getting some good insight into his builds. If there was something you thought would be useful on the page, I wouldn't hesitate to email him and ask directly yr questions (about the download, or the running, or whatever else). And I've posted his tracker pack as well - omg what a pack! What a nuisance I am. But I will be removing that page and the link to it tomorrow morning. I just wanted the members to see the google urchin build for their own knowledge and experience. Say, for next time reference is made to urchin, or when they find a build of it running somewhere else, perhaps. That's all.

I start to have a fine appreciation of M. Duby's talent as I worked through the page. But you would know better than me. This is not really my specialty at all.  I remove the urchin script tomorrow and move on.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: A trojan spyware in an avi codec O.O"?
« Reply #6 on: March 20, 2010, 09:41:57 AM »
Why do you need codec?

If you want to play videos

I would give 4/5 stars for VLC media Player

http://www.videolan.org/vlc/

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: A trojan spyware in an avi codec O.O"?
« Reply #7 on: March 20, 2010, 01:06:28 PM »
VLC always seems to rate well on any comparison terms, Chris.

For myself, I use Windows media player 11 - my own video clips I make to .wmv
and powerISO for hard copy or for ISO images, and so on...
And that's about it, not much time left for anything else.


I think Shiw Liang does anime - now I'm not going to define what that is, because I couldn't, but I do know the genre as such and the media frames that are produced.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline JuninhoSlo

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 849
Re: A trojan spyware in an avi codec O.O"?
« Reply #8 on: March 20, 2010, 03:54:24 PM »
Why do you need codec?

If you want to play videos

I would give 4/5 stars for VLC media Player

http://www.videolan.org/vlc/


K-Lite Codec+MPC= Perfect Combination ;)

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: A trojan spyware in an avi codec O.O"?
« Reply #9 on: March 20, 2010, 04:06:57 PM »
You might also want KM Player

It's on par with VLC but I chose KM for its classy black interface, lots of flexible preset configurations and light resource use. Hope it helps.
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1