[FIXED] BASS Audio Library DLLs - Heur.Packed.Unknown

CIS version: 3.9.95478.509
DB version: 1361
Heuristics: High

Malware name: Heur.Packed.Unknown
Filename: bass.dll, bass_wma.dll
Description: BASS Audio Library DLLs.

bass.dll scan results: VirusTotal, VirSCAN, ThreatExpert

bass_wma.dll scan results: VirusTotal, VirSCAN, ThreatExpert

These files are FP. Moreover AV didn’t show any alert at all for these files. It just blocked access to these files locking them completely for system and AIMP2 resulting in abnormal behaviour of these two as long as CIS real-time scanner was enabled. It took me a while to track it down to CIS. Hmm, another serious AV issue?

[attachment deleted by admin]

For the future: Lower your heuristics level to low (default setting). That way you’ll avoid high FP rate.

Hi fOrTy_7,

We will get back to after analysis.
Thanks for reporting FPs.

Regards,
-Chandra Mohan

Hi fOrTy_7,

Mentioned FP has been fixed in DB 1362.

-Chandra Mohan

Thanks. But what about the issue with not showing an anti-virus alert at all.

Hi fOrTy_7,

Is “Automatically quarantine threats found during scanning” enabled in your CIS3.9?

-Chandra Mohan

[attachment deleted by admin]

No, it isn’t. But I found what was causing it. I disabled the ‘Show alerts/notification messages’ as I read in other thread that it disables Balloon Tooltips. Well, it did but it also disabled the main alert window. Anyway, reenabling the ‘Show alerts/notification messages’ doesn’t seem to pop up an alert for already locked files. They are still locked after reboot.

Also, there are no log events about found malware when ‘Show alerts/notification messages’ is disabled.

Edit: Switching real-time scanner from Stateful to On Access seems to fix the issue with locked files after a while. IMHO Stateful scan status should be reseted after reenabling ‘Show alerts/notification messages’.