Official BS.Player forums

Official BS.Player forums (http://forum.bsplayer.com/index.php)
-   General Talk And Support (http://forum.bsplayer.com/forumdisplay.php?f=8)
-   -   [Fixed]Virus Found in BS v 2.33 ??? (http://forum.bsplayer.com/showthread.php?t=9167)

iceman69 10th December 2008 08:44 AM

[Fixed]Virus Found in BS v 2.33 ???
 
Hej all..

i just downloaded the new version of BS Player (2.33 Free edition)
now my AVG comes up with a virus detect..
(don't know if it's of any importance, but I cancelled the Codecs download and deselected everything from the install other than the player itself and shortcut to menu - start)

The files it sais looks like a Trojan is installdata358.tmp.exe, which is placed under system32

infected - Win32:Trojan-gen {Other}

C:\Windows\system32\installdata358.tmp.exe
(the file is hidden)

Does anyone know what this file does ?
If i check the taskmanager i can see the installdata358.tmp.exe running, if i terminate the process and start it manually i still can't see what it is doin, just places itself in taskmanager again..


i have ******* [edited by IcoMan - sorry guys, no free advertising in this forum] Free Home edition installed on my comp fully updated

Hope someone can help..
Thanks

Ico-man 10th December 2008 10:08 AM

BS.Player video player
 
From where did you download BS.Player? Can you give us exact URL?

iceman69 10th December 2008 10:30 AM

Sure..

downloaded it from this site

exact url is
http://www.bsplayer.com/inc/download...yer.php?type=1


downloaded from bsplayer.com
http://www.bsplayer.com/en/bs.player/download/
the Download BS.Player FREE (EU Server)

Ico-man 10th December 2008 10:34 AM

BS.Player YouTube player
 
BS.Player installation (or BS.Player itself) does not write anything in System32 folder.

Can you send us this file to email support@bsplayer.com so we can check it?

iceman69 10th December 2008 11:04 AM

i sure can..

just send it.. from a mail called [deleted by Ico-man - you don't want to receive all the latest spam, do you? ;)]
and packed the file as an .Rar

tried scanning with F-Secure online scanned, which picked the file up as an virus to.

Ico-man 10th December 2008 11:30 AM

BS.Player avchd player
 
Ok, you sent us the infected file itself and not the BS.Player installation file (btw. our antivirus reports it as WORM/Kolabc.fat), but the problem is that BS.Player does not have anything to do with this infected file. Like stated before - BS.Player does not write anything in System32 folder.

BS.Player installation does not include any viruses, worms, trojans...

Your entire system may be infected (but not because of BS.Player) and now with every installation, virus copies itself over and over again. I suggest you run full computer antivirus scan and delete/quarantine all infected files and then install BS.Player.

iceman69 10th December 2008 12:06 PM

yea the thing is though..

I have installed it at 3 different computers..

i installed it on a homecomputer which is on a totally different network, not to say different physical location an different ISP..

that comp caught the file..

Then i installed the player at work, (checked the system32 folder befor install) and then the file got there..

Then i took another machine at work, with a totally new image on, and installed bs.player, now the file is there to..

so 2 computers in same network, and 1 computer from different ISP and dif location, got the same file right after BS.Player install..

the computers in dif location has never had any contact with each other.

Ico-man 10th December 2008 12:17 PM

BS.Player flv player
 
Please send us the installation file. (something like this bsplayer234.978_clip.exe)

If we distributed viruses in our downloads... how many users do you think would be posting complaints on our forum? 1 or hundreds?

iceman69 10th December 2008 12:46 PM

hey im not to blame you guys for the virus problem, i'm just trying to figure out why i suddenly get the file on my computers.. which seems to be after the installation..

iceman69 10th December 2008 02:12 PM

Im sorry to say guys but it seems like your european mirror has been highjacked.

Correct me if i am wrong but doesn't you use nullsoft installer.. ?

the file from the euro mirror uses CAB-self extract installer have i been informed..

also the file size should be different between the two files from the us vs the eu mirror

Maxx 10th December 2008 02:18 PM

To whom it may concern

Guys, it's a serious problem, which must be solved ASAP. The US mirror returns a valid installation file, but the EU mirror returns a file injected by virus. The original file is a Nullsoft Installer (MD5: 55E0B18B5600339D50842D9514F5FDB5), the injected file is bigger and it is a CAB self-extract with the original installer and a virus included (MD5 of the injected installer: EBFF8F450FB4EEE11D7FC100126A6D75). The virus is detected by some engines http://www.virustotal.com/en/analisi...72e14d84ae4947. Assuming my DNS is not cloaked it must be a problem on your side (maybe a hacked download server). Anyway, you should correct it and put a warning on your homepage before anyone else does that (it could significantly discredit your reputation).

Regards
Michal Krejdl
*********** (the developer of ********** antivirus) [edited by IcoMan - sorry guys, no free advertising on this forum]

Ico-man 10th December 2008 03:28 PM

Fixed.

Maxx 10th December 2008 03:43 PM

How about the official "press release" or warning on the home page? We're thinking about the warning on our home page, because many people could be affected (when their AV solutions did not a good job). You've been notified and got the chance to put some official words to the people. We will publish the warning in a hour or two.

MK

Ico-man 10th December 2008 04:07 PM

Please read:
http://bsplayer.com/en/bs.player/new...nt/?article=34


@iceman69: You were right, the problem was on our side, hopefully you didn't have too much problems because of it, because your av worked like it should and has detected the error in time.

iceman69 10th December 2008 05:36 PM

Hey Ico-man

Don't worrie about it, i work with computers for a living so ill manage..
just saw the file an wanted to get rid of it..

Yea ********** [edited by IcoMan - sorry guys, no free advertising on this forum] detected it, and deleted it, an my HIPS kept it down from doin any harm, i reinstalled the system tho just to be on the safe side.. (but thats my choice, im sure the AVG removed it as it should)

Ico-man 11th December 2008 10:29 AM

Completely changing the meaning of our posts are we? :)

PostPosted: Wed Dec 10, 2008 3:43 pm
Last edited by Maxx on Wed Dec 10, 2008 4:09 pm; edited 1 time in total

Maxx 11th December 2008 12:11 PM

Just changed the "maybe" statement. The final decision was made meanwhile, so the current phrase is more precise. :)

MK

gulfstar 11th December 2008 01:28 PM

How can I remove the virus ?
 
I have had the same problem, my computer is infected now with the virus ...can anyone guide me please to a tool to remove this virus? the AV I have is not able to remove it, every time the computer starts the installdata358.tmp.exe file appears again..?

iceman69 11th December 2008 01:43 PM

Hey Gulfstar

F-Secure Online Scanner is able to detect the virus an remove it..

******* [edited by IcoMan, sorry guys, no free advertising on this forum] is able to remove it to..
(I use the free home version, the online scanner can detect it, but i have to locate the file yourself.)

The file is located at C:\Windows\System32\installdata358.tmp.exe.
it's an hidden file, so u have to show hidden files and folders...

First, open task manager, and find the file under processes, and terminate it.. then go to C:\Windows\System32 and delete the file...

Restart the system an check if the file is startet in the task manager again, if not go to system32 and see if you can find the file..

after you see that the file is gone, run either F-Secure online scanner, or install ********* home edition ******* [edited by IcoMan, sorry guys, no free advertising on this forum] and run one of thoes, see what it comes up with


All times are GMT +1. The time now is 11:59 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
Ad Management plugin by RedTyger


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20