DivX

comoquest · May 20, 2009, 2:02pm

these 6 programs reported as TrojWare.Win32.BHO
in this format…
Program Files\Divx\Divx[Item Name Here]Uninstall.exe

[bundle, codec, converter, dsfilters, player, webplayer]

for example, Program Files\Divx\DivxBundleUninstall.exe where bundle is the item name.

Divx is popular, so I’m wondering if it’s really a trojan?

jebuchanan · May 20, 2009, 2:08pm

Welcome to the Forum, comoquest.

Please read this link on how to report false positives.

jebuchanan · May 20, 2009, 2:16pm

If you read the page I directed you to, it also has instructions on reporting suspicious software.
The files will be checked and reported back.

fOrTy_7 · May 20, 2009, 5:49pm

CIS version: 3.9.95478.509
DB version: 1177

I also have got few files from DivX bundle labeled as Trojware with DB 1177. IMHO these are FP.

[tr]
[td]Malware name[/td]
[td]Filename[/td]
[td]Status[/td]
[/tr]
[tr]
[td]TrojWare.Win32.BHO.~ME@19496380[/td]
[td]DivXCodecUninstall.exe[/td]
[td]Scan results[/td]
[/tr]
[tr]
[td]TrojWare.Win32.BHO.~ME@19496380[/td]
[td]DivXBundleUninstall.exe[/td]
[td]Scan results[/td]
[/tr]
[tr]
[td]TrojWare.Win32.BHO.~ME@19496380[/td]
[td]DivXDSFiltersUninstall.exe[/td]
[td]Scan results[/td]
[/tr]

[attachment deleted by admin]

gmohan · May 21, 2009, 5:47am

Hi

Thanks for submission
We will get back to you after investigation

Regards,
-Chandra Mohan

fOrTy_7 · May 23, 2009, 6:42am

CIS version: 3.9.95478.509
DB version: 1190
Heuristics: High

I still get FP for these files. Funny thing is that if I scan the archive which I attached a post earlier then I don’t get a FP. But when I extract these files to some folder and then I scan this folder then FP appears as before.

sriramp · May 23, 2009, 1:06pm

Hi,

We have found the problem and shall get back to you after investigation.

Regards,
Sriram.P

fOrTy_7 · May 25, 2009, 11:21am

All has been fixed with DB 1199. Thank you.

Paquito · May 26, 2009, 9:28pm

With antivirus database 1203 I’m still getting those FPS, but only in contextual scanning (see screenshot). If I try to run them I get Defense+ warnings, but not antivirus alerts.

[attachment deleted by admin]

fOrTy_7 · May 27, 2009, 7:32am

For me, the files which I uploaded earlier are still fixed with DB 1203.
You might have a different build of DivX. Make sure these files are FPs by scanning them on http://www.virustotal.com (or similar service) and if so then attach them to your post.

Jim1 · May 27, 2009, 11:18pm

Virus signature database version: 1207 (local)
Virus total reports Comodo version 1207
All of these files when scanned locally report TrojWare.Win32.BHO.~ME@19496380
When scanned at Virus total they are all 0/40 or 0/39 (This includes Comodo)

DivXCodecUninstall.exe
DivXPlayerUninstall.exe
DivXBundleUninstall.exe
DivXDSFiltersUninstall.exe
DivXConverterUninstall.exe
DivXWebPlayerUninstall.exe

[attachment deleted by admin]

gmohan · May 28, 2009, 7:22am

Hi Jim__,

Submitted FPs will be fixed next few updates.

Regards,
-Chandra Mohan

Paquito · May 28, 2009, 2:54pm

I’m getting inconsistent results with the files mentioned by Jim_. The FPs seem to be gone, but if I copy and paste to a different location, then I get the virus alert again but only in contextual scanning. ??? Same results as Jim_ at Virustotal. Comodo database 1211.

Jim1 · May 30, 2009, 12:55pm

The 6 files scan without problem using database version 1219.

gmohan · May 31, 2009, 5:36am

Hi Jim__,

Thanks for confirming.

-Chandra Mohan