You are here

VLC: Latest Update [12/11/13] is Infected with MalCrypt.Indus!@105441913 variant Alert

7 posts / 0 new
Last post
GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 6 years 2 months ago
Joined: 2012-06-15 14:48
VLC: Latest Update [12/11/13] is Infected with MalCrypt.Indus!@105441913 variant Alert

I got a notice that an update for VLC was available today and I selected to have it installed.

The package v1.7.1.0 (according to header):
!define PORTABLEAPPNAME "VLC Media Player Portable"
!define APPNAME "VLC"
!define NAME "VLCPortable"
!define VER "1.7.1.0"
!define WEBSITE "PortableApps.com/VLCPortable"
!define DEFAULTEXE "vlc.exe"
!define DEFAULTAPPDIR "vlc"
!define DEFAULTSETTINGSDIR "settings"
!define LAUNCHERLANGUAGE "English"

Tries to install the file (:\PortableApps\VLCPortable\App\vlc\vlc-cache-gen.exe) which is infected with [MalCrypt.Indus!@105441913] for VLC version 2.1.2 payload.

I have raised the matter with Comodo to see if this is a false positive or not, but for now it should be noted that this warning is being issued.

John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 33 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Another Comodo Error

It's another Comodo error as you can see from the Virus Total report here: https://www.virustotal.com/en/file/0f78a6bb142aa51e733ef839ba75ee12a6013...

Note that even Comodo has fixed their error by the time this report was generated and only the obscure Bkav engine is still having an error issue.

As noted multiple times, PortableApps.com has never... ever... had an issue with one of our distributed files in the 7 years we've been in existence. Comodo and other have had *many* issues with false positives in that time, though.

Sometimes, the impossible can become possible, if you're awesome!

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 6 years 2 months ago
Joined: 2012-06-15 14:48
I know, quite likely

Hey bud, good to see you again.

Yeah I am pretty certain its a FP and I have reported to them so they can adjust their hash heuristics on it but in the meantime wanted to give everyone a heads up that they might get this so they are not surprised and have a remedy to check on it and know someone is following up on it.

Its triggering on the regular package installed on the desktop too, that's where others are getting it. It seems that it might be related to the way they parse on x64 machines but that's not confirmed yet.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 6 years 2 months ago
Joined: 2012-06-15 14:48
VT Report Link invalid

Just a heads up, I forgot to mention it above, the link you posted gives this message:

404 - The requested page could not be found

Probably the report was deleted or perhaps the link got mangled when you copied it, not sure.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

Simeon
Simeon's picture
Offline
Last seen: 10 years 2 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
works here

The link works for me.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 33 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Visit Directly?

That link is good, it's just abbreviated in display in the forums, but you can click it and it works from here. Can you visit VirusTotal.com directly? If not, your machine could be infected.

Sometimes, the impossible can become possible, if you're awesome!

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 6 years 2 months ago
Joined: 2012-06-15 14:48
weird, it works now

I clicked on it just now and it came up, must have been an intermittent server or upstream gateway issue, anyway I see it and if you check the forum link I posted you can see that Comodo updated their database and I am checking now to see if it passes the check.

I uninstalled it, and reinstalling it now to see how it goes. According to them, it should be fine now, otherwise I will just send them the file and have them check it out.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

Log in or register to post comments