Cole2K codec is seen as a Trojan


06/01/2007 18:45:08: ZLOB8 MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\DOCUMENTS AND SETTINGS\HP_PROPRIéTAIRE\MES DOCUMENTS\COLE2K.MEDIA.-.CODEC.PACK.V6.0.9.-ADVANCED-.32BIT.SETUP.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
Logged in user: HP_Propriétaire

Here is the log where I tried to install the latest version of this codec pack and BOC thought it was a Trojan and I removed it.
Weird don’t you think.

(:TNG)

Not enough information to tell if it’s “weird” or not.
Can you IM me the download link so I can look at the file?

~cat~ I found a link :

0n :

http://www.free-codecs.com/Cole2k_Media_Codec_Pack_download.htm

I have no time to analyze it now myself, but if I can be at any help later just tell me :slight_smile:

Greetz, Red.

The files in question would ideally come from the same source.

Sorry to say, ZLOB8 is one of our most SUCCESSFUL detects of “fake codec” and “dnschanger” that there’s no WAY we’re going to modify it simply because some open source vendor chose to use the SAME EXACT NSIS coder and COUNTRY CODE to embed their package of codecs because the reality is their package PRECISELY matches very VERY well known malware. Such is the “price” of “FREE” sometimes in that “free vendors” don’t pay to release their code and thus end up with the very SAME code as the malware is using.

I’m not saying that this particular release IS malware, but they used the SAME stuff that the malware authors use to release their product and thus my advice is “if you KNOW it’s safe, then drag it to BOClean’s EXCLUDER telling BOClean that you MEANT to do that” and BOClean won’t complain any longer, it cannot be programmatically deleted because they PERFECTLY match a malware signature by “cheaping out” … so we will NOT remove the detection, but you can allow it to happen if you exclude it in BOClean.

Bad, bad BAD authors! But then freeware has those risks … their code PERFECTLY matches early ZLOB for confiuration and design. And though it’s harmless, only cure WE can do is to NOT detect ZLOB. Not going to happen! :frowning:

Hello everybody,

I’m deeply impressed by your interest to this “malware”, the link I followed to download the codec pack is : http://www.cole2k.net/?download=CP-A32

For the moment I stick to the previous version which is not suspicious enough for BOC.

Kind regards.

Gillou :THNK

Why not use the tried and true K-Lite Codec Pack instead?

Why use a codec pack at all? Use ■■■■■ (■■■■■ Codec Information Appliance) and look what codec you need. Then go download that codec. Codec packs often create more problems than solve them.

Please remember that this is about the cole2k codec / malware. It’s best to start a new topic on codec recommendations (I have some of my own :D) in the General board.