Super Pidgin XP CodePack Xampp.....

austin316 · June 3, 2009, 6:31pm

hi there,
i just scanned my computer with updated virusdatabase… some files, e.g from SUPER or XP CODEC PACK were marked as viruses… but i think this is wrong because i read some topics here, where the same viruses are named, e.g. “TrojWare.Win32.BHO.~ME[at]19496380” and in some topics they called the found viruses as bugs and fixed them.
can some one have look at my results, please?? THX

TrojWare.Win32.BHO.~ME[at]19496380 C:\Dokumente und Einstellungen\dlp2\Eigene Dateien\7-Zip_Portable_4.64.paf.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\ff2ogg.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\M2TS_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\MKV_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\Movawin.spk
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\Pidgin\pidgin-uninst.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\XP Codec Pack\Uninstall.exe
ApplicUnsaf.Win32.Monitor.KGBSpy.bk[at]5889789 C:\System Volume Information\_restore{186B9B7A-DAA6-4430-B26D-72E29D59AA82}\RP106\A0030141.exe
Unclassified Malware[at]8318481 C:\System Volume Information\_restore{186B9B7A-DAA6-4430-B26D-72E29D59AA82}\RP112\A0030700.exe
Heur.Suspicious[at]19400792 C:\WINDOWS\Temp\mgxfonts.exe
Unclassified Malware[at]17259646 C:\xampp\apache\bin\pv.exe
TrojWare.Win32.BHO.~ME[at]19496380 M:\PortableApps\PortableApps\OpenOfficePortable\OpenOfficePortable.exe
TrojWare.Win32.BHO.~ME[at]19496380 M:\PortableApps\PortableApps\PNotesPortable\PNotesPortable.exe
Heur.Suspicious[at]19977101 (...) \SSHSecureShellClient-3.2.9.exe
Unclassified Malware[at]17259646 (...) \xampp\apache\bin\pv.exe
Heur.Suspicious[at]21626079 (...)\I386\UNREGMP2.EX_|unregmp2.exe
Heur.Suspicious[at]21626079 (...) \I386\UNREGMP2.EX_|unregmp2.exe
Heur.Suspicious[at]21626079 (...) \I386\UNREGMP2.EX_|unregmp2.exe

Mod Edit: Capital Words Is A Expression Of Yelling, Please Refrain From Using Capital Words

dariovolaric · June 3, 2009, 9:40pm

Hi,

After a scan I also gat a false positive on the Pidgin uninstaller executable and musapp.exe in the system32 folder on Vista Home. I uploaded both on Virustotal and both seemed to be fine:

http://www.virustotal.com/analisis/34c1f786c27e7ec527dc20454b76bfa7293506816e21dda7df050f64e48ac431-1244064657

http://www.virustotal.com/analisis/e31a57d16c1100ca53bf292f54fa38e3a8074cee0901df38d0604bff585f7f97-1243516885

languy99 · June 3, 2009, 9:43pm

I think muzapp.exe is a trojan, upload it here and provide a link please http://camas.comodo.com/ and here http://virscan.org/

system · June 4, 2009, 5:34am

austin316 post:1:

hi there,
i just scanned my computer with updated virusdatabase… some files, e.g from SUPER or XP CODEC PACK were marked as viruses… but i think this is wrong because i read some topics here, where the same viruses are named, e.g. “TrojWare.Win32.BHO.~ME[at]19496380” and in some topics they called the found viruses as bugs and fixed them.
can some one have look at my results, please?? THX

TrojWare.Win32.BHO.~ME[at]19496380 C:\Dokumente und Einstellungen\dlp2\Eigene Dateien\7-Zip_Portable_4.64.paf.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\ff2ogg.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\M2TS_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\MKV_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\Movawin.spk
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\Pidgin\pidgin-uninst.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\XP Codec Pack\Uninstall.exe
ApplicUnsaf.Win32.Monitor.KGBSpy.bk[at]5889789 C:\System Volume Information\_restore{186B9B7A-DAA6-4430-B26D-72E29D59AA82}\RP106\A0030141.exe
Unclassified Malware[at]8318481 C:\System Volume Information\_restore{186B9B7A-DAA6-4430-B26D-72E29D59AA82}\RP112\A0030700.exe
Heur.Suspicious[at]19400792 C:\WINDOWS\Temp\mgxfonts.exe
Unclassified Malware[at]17259646 C:\xampp\apache\bin\pv.exe
TrojWare.Win32.BHO.~ME[at]19496380 M:\PortableApps\PortableApps\OpenOfficePortable\OpenOfficePortable.exe
TrojWare.Win32.BHO.~ME[at]19496380 M:\PortableApps\PortableApps\PNotesPortable\PNotesPortable.exe
Heur.Suspicious[at]19977101 (...) \SSHSecureShellClient-3.2.9.exe
Unclassified Malware[at]17259646 (...) \xampp\apache\bin\pv.exe
Heur.Suspicious[at]21626079 (...)\I386\UNREGMP2.EX_|unregmp2.exe
Heur.Suspicious[at]21626079 (...) \I386\UNREGMP2.EX_|unregmp2.exe
Heur.Suspicious[at]21626079 (...) \I386\UNREGMP2.EX_|unregmp2.exe

Hi,austin316
Could you zip the files and attach it to your post ,i suggest you upload all files.flowing list:
TrojWare.Win32.BHO.~ME[at]19496380 C:\Dokumente und Einstellungen\dlp2\Eigene Dateien\7-Zip_Portable_4.64.paf.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\ff2ogg.exe
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\M2TS_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\MKV_ax.spk
Heur.Pck.tElock C:\Programme\eRightSoft\SUPER\spk\Movawin.spk
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\Pidgin\pidgin-uninst.exe
TrojWare.Win32.BHO.~ME[at]19496380 C:\Programme\XP Codec Pack\Uninstall.exe
Thanks
Shaogang.He

austin316 · June 4, 2009, 10:34am

hey!!
thank you all for your help!!
testing muzapp.exe and loading up the zipped files will be done in the evening.
see you later and TAHNK YOU

austin316 · June 4, 2009, 6:05pm

sorry, muzapp.exe wasnt mine.
i upload every file as seperate zip becaus all in one zip are bigger than 9500KB and
would you say that the other files (that you did not wont to have as zipfile) are clean?
THX!!! O0

[attachment deleted by admin]

austin316 · June 4, 2009, 6:26pm

part2

[attachment deleted by admin]

austin316 · June 4, 2009, 6:30pm

part3

[attachment deleted by admin]

austin316 · June 4, 2009, 6:31pm

part4

[attachment deleted by admin]

austin316 · June 4, 2009, 6:32pm

part5

[attachment deleted by admin]

austin316 · June 4, 2009, 6:36pm

part6

[attachment deleted by admin]

austin316 · June 4, 2009, 6:48pm

sorry for the many (many? much?? :)) posts!
couldnt upload “M2TS_ax.spk”. its 5236KB. i get this message

Your attachment couldn't be saved. This might happen because it took too long to upload or the file is bigger than the server will allow.
Please consult your server administrator for more information.

OmeletGuy · June 4, 2009, 6:50pm

I will get that file for you! ;D

Edit:
Download M2TS_ax.spk here:

http://lnavkg.blu.livefilestore.com/y1ps2uw7vWiykAxPhMDhtxn66lkIS0ppD-ltp4HIKWv5_g9kZVfL14ilADRewKLsQq-wgJ9pMCJeoKP_t6nUOAsHg/M2TS_ax.spk?download

austin316 · June 4, 2009, 7:19pm

thx

OmeletGuy · June 4, 2009, 7:21pm

Np ;D

system · June 5, 2009, 1:39am

Hi,austin316
We are going to have a look at it and will get back to you after investigation.
Regards
Shaogang.He

system · June 5, 2009, 5:16am

edit

Removed due to double post

John Buchanan
Comodo Global Moderator.

dariovolaric · June 5, 2009, 9:32pm

Hi,

I have uploaded it. Here is the link:
http://camas.comodo.com/cgi-bin/submit?file=e31a57d16c1100ca53bf292f54fa38e3a8074cee0901df38d0604bff585f7f97

and here

http://virscan.org/report/0b756c275a58952c84bb9ea818fc8039.html

Comodo was the only one detecting it as a trojan.

I read on Google that muzapp.exe is part of the Samsung MP3 player software. I do have a Samsung YPT10 MP3 player and I have tried out it’s software in the past.

system · June 6, 2009, 2:06am

Hi,dariovolaric
We are going to have a look at it and will get back to you after investigation.
Regards
Shaogang.He

system · June 6, 2009, 4:35am

Hi,dariovolaric
Detection for submitted samples have been added. Please check in virus signature database 1269
Regards
Shaogang.He