You are here

CDex is malware?

8 posts / 0 new
Last post
patdiddy88
Offline
Last seen: 4 years 4 months ago
Joined: 2020-07-23 17:37
CDex is malware?

according to the trunk page on LAME's sourceforge SVN page, they stated that "CDex has been stolen and is loaded with malware." The last time tried using CDex, it was completely useless. Is the version on the platform actually malware? if not, then it should be marked as discontinued. Thanks

Ken Herbert
Ken Herbert's picture
Offline
Last seen: 9 hours 4 min ago
DeveloperModerator
Joined: 2010-05-25 18:19
There were some versions of

There were some versions of CDex released that would install adware by default as part of the installation process, but our package doesn't include their installer.

And there is no indication that CDex itself is compromised, with only a single positive from a minor antivirus engine.

HydraBenny
Offline
Last seen: 4 years 1 month ago
Joined: 2020-10-18 03:48
Just to add to this,

Just to add to this, malwarebytes no longer lets me download cdex via portableapps platform which leads me to think the program should be removed for average users and perhaps only be accessible as a Beta or some other type of opt in download. This will help keep the integrity of the portable apps platform for average users. I don't think we want virus warnings associated with this amazing plaform.

depp.jones
Offline
Last seen: 2 hours 47 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
... or you could report the

... or you could report the false positive to malwarebytes to fix their error. False positives are the most disturbing side effect of more antivirus solutions. They normally get fixed after a while when they are reported. They are not completely avoidable because of the way, their heuristics work.

gr.th
Offline
Last seen: 3 years 4 months ago
Joined: 2021-08-07 07:39
Would reply to this, not the above!

At the moment over 10 virus checkers report that CDex from Portable Apps contains malware! Check this $-file inside for example with Virus Total Webpage.

gr.th
Offline
Last seen: 3 years 4 months ago
Joined: 2021-08-07 07:39
2021 with lots of reports in TotalVirus!

The fresh made install of cdex in Portable Apps (August 2021) is claimed by MS Defender and over 10 different virus checkers of VirusTotal Online Check also recognize that that is malware inside CDEX. So from my side this is a NOGO! 1 heuristic ok. But over 10 different engines?

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 8 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Read The Results

Don't go by numbers, read the actual results. Warnings about FusionCore/InstallCore, "adware", or "potentially unwated" with a couple of "generic" false positives is all it is. What that means is that the CDex installer has bundleware included, not that it is malware or there is any risk. The CDex Portable installer bypasses the CDex installer and only installs CDex itself.

That said, if we're at the point where many users can't install it due to these basic warnings, I'm not opposed to revering to an earlier version. The authors abandoned the GPL back in 2005 with the 1.7 beta releases. There is a 1.71 fork that seems to work ok. We could start with that, update the encoding DLLs and have a possibly workable solution. Thoughts?

Sometimes, the impossible can become possible, if you're awesome!

depp.jones
Offline
Last seen: 2 hours 47 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
Changes

You are right, this count of several quality engines (in contrast to the situation last year) is really strong evidence of a PUP. I don't trust this software either, as it possibly has been "hijacked" a while ago by another developer (there are some hints of gpl issues and source code has not been published for the lates versions). I would not recommend using it atm.
I cannot tell if that $ file is still used by the app itself or is a leftover of the possible malicious original installer of the app.

Log in or register to post comments