Comodo Internet Security did an update today and asked for a reboot. After rebooting, when trying to play XMPlay.exe ver. 3.4.2.111, I am getting a popup with window title “ERROR!” and text “This file has been tampered with and MAY BE INFECTED BY A VIRUS!”
I have been running this program version fine for days and previous versions of this program for years. The program ran fine yesterday. I am not seeing this message so far when opening any other programs.
Various previous versions of the XMPlay executable were tried and come up with the same message. I unzipped XMPlay files to another directory – this program does not require an install – and I received the same message when trying to execute.
I have Windows Vista 64-bit Service Pack 2 with all updates and Comodo Internet Security, Product 3.10.102194.530, Virus Signature Database 1544.
A full scan and cleaning by Comodo Antivirus did not cure the issue, even after reboot. I followed sticky “What to do if you’re infected - eXPerience Rev.3” and cleaned with Malwarebytes and Superantispyware programs. My issue persisted after each cleaning and a reboot.
A-Squared revealed the following detections, which I did not remove per the sticky advice:
Trace.Directory.FavSearch!A2
Trace.File.Ezula!A2
Trojan-Downloader.DelphiIK
Trojan.Generic!IK
HTML.Infected.WebPage!IK
Virus.Win32.Downloader.BV!IK
Trojan.ATRAPS!IK
Virus.JS.ScriptIP!IK
Cracker!IK
Trojan-Dropper.Agent!IK
Trojan-Proxy.Win32.Steredir!IK
Trojan-Spy.Win32.Agent.asf!IK
Riskware.Client-IRC.Win32.mIRC!IK
Trojan.Crypt!IK
Trojan.Dropper!IK
Email-Worm.VBS.Brit!IK
Trojan.BAT.Agent!IK
Trojan.Exploit.Dcomrpc.A!IK
Note: Trojan-Downloader.DelphiIK seems to be present at C:\Program Files\ (x86)\XMPlay\Plugins\dsp_vst.dll, though this may be a false positive and this plugin should not be engaged when running XMPlay from another directory. It is possible that this plugin would be engaged normally, however.
Then I ran HijackThis and I’m attaching the log.
Please help with removing my malware. Thank you!
[EDIT: I also run Spybot Search & Destroy. Yesterday before this problem appeared I know that I updated the program’s malware database and did full immunization. I have found very little on the Internet about the exact error that I’m reporting; I don’t know if it comes from Comodo, Vista, or elsewhere.]
[attachment deleted by admin]