Journal Antiocheian's Journal: (draft notes) Mediacoder - Shame & Viruses
(draft notes)
What the hell is going on with Mediacoder ? It begun as an open source project of great promise, an FFmpeg UI for Windows that could also encode & mux Nero's AAC to mkv and mp4 and also combine Mplayer for resizing and cropping. But then the author started closing the sources piece by piece turning himself to the FFmpeg hall of Shame. And he started playing around with malware.
Here are some reported cases of viruses and malware in Mediacoder; they have been taken from the Mediacoder support forum (it's quite possible that the author will remove them from the forum in time)
Virus.Win32.Induc found in MediaCoder FullEdition 0.7.1.4490
Postby Vboy  Wed Aug 19, 2009 1:13 pm
I was just scanning my whole computer today and my antivirus was detecting "Virus.Win32.Induc" in MPUI.exe file in the codecs folder of Mediacoder
Here is the link http://www.virustotal.com/analisis/6244923a25f148ff00cb909401baa91da64ee2f119c3af816b22785d8f884d62-1250658289
I downloaded MediaCoder FullEdition 0.7.1.4490 from the mirror http://www.mcex.org/dl/MediaCoder-0.7.1.4490.exe , and it downloaded few more files during setup. Actually when i first installed it offline and there were many missing files, to fix it installed it while online and it downloaded those missing files. Can some one explain what is going on here ???? First a spyware and now a VIRUS ??? Is this a false positive or what ???
Re: Virus.Win32.Induc found in MediaCoder FullEdition 0.7.1.4490
Postby stanley  Thu Aug 27, 2009 11:40 am
MPUI is removed since 0.7.1.4495. MPlayer's built-in GUI is used instead.
Hopefully this MPUI virus doesn't do much harm.
Sure Stanley, an innocent error.
Adware detected in installer
Postby pelle  Tue May 19, 2009 3:45 am
Doing a manual scan of the installer (v0.7.0.4399 - Full Edition) gives this with Eset NOD AV 4.0.424. Installer was downloaded from Sourceforge.
Number of scanned objects: 507
Number of infected objects: 1
Number of cleaned objects: 0
D:\Downloads\MediaCoder-0.7.0.4399.exe  NSIS  rkinstall.exe - Win32/Adware.Agent.NMA application
The v0.7.0.4395 installer gives no such warning.
Extracting the v0.7.0.4399 installer with UniExtract. VirusTotal gives this result (20/40 (50.00%))for the rkinstall.exe located here (\MediaCoder-0.7.0.4399\$TEMP\$TEMP\rkinstall.exe)
Report form VirusTotal:
http://www.virustotal.com/analisis/cde3bd74533204d2e8bab4583338a5e7
Most likely a false postive but can you verify the validity of the file rkinstall.exe contained in the installer?
Re: Adware detected in installer
Postby LoudThunder  Tue May 19, 2009 6:48 pm
I had the same answer for the same file.
Hope someone can tell us if rkinstall.exe is safe.
RkInstall.exe is truly a adware, but I don't understand why Mediacoder has it.
Someone can tell me what is going on?
Open Source is the most powerful way to spread knowledge.
Re: Adware detected in installer
Postby stanley  Sat May 23, 2009 1:58 am
It will not be installed by default.
When things work together, things work.
Re: Adware detected in installer
Postby jbkeh  Sat May 23, 2009 7:52 pm
It won't be installed BECAUSE IT WON'T BE (SUCCESSFULLY) DOWNLOADED!
Most people sane enough to use a virus checker have it set to scan anything being downloaded and to reject anything containing undesirable material.
Suggest you QUICKLY RETHINK this action - once the software package (and you) garner a reputation for inappropriate conduct, it will be irreparable.
You are killing the goose - I doubt you will find a collection of golden eggs.
Re: Adware detected in installer
Postby stanley  Sun May 24, 2009 1:13 am
The 4399 installer is repackaged and uploaded.
Here is the scanning report of VirtusTotal:
http://www.virustotal.com/analisis/5d8229b50f6e4829d98ebc1e4b26ddbabf8f3a3c4ae4d8af1c37c5ed0aaacab9-1243101200
TrendMicro's detection of PAK_Generic.001 is obviusly a mis-reporting.
--------------------------------------------------------------------------------
AntiVir reports latest MediaCoder AE has a virus
Postby nosignal  Tue Dec 02, 2008 5:05 am
AntiVir 8.2 reports MediaCoderAE-0.6.2.4210.exe contains the signature of a "Pakes" file dropper. It has info on two related Pakes variants (I can't post the link exactly): www dot avira dot com
I could find no evidence of these drops, but I may not have been clever enough.
AntiVir is one of the most respected Antivirus programs out there. Assuming MediaCoder is safe, it is still quite a pain having AntiVir nag me about a virus on regular occassions, and many users could be put off.
Postby B!ink  Wed Dec 03, 2008 6:23 am
Did you download MediaCoder from here or from another website?
Postby Placio74 Â Wed Dec 03, 2008 2:36 pm
Probably just false positive...
http://www.virustotal.com/pl/analisis/8
(MC-AE downloaded of course from sourceforge.)
--------------------------------------------------------------------------------
4525 Contains virus
Postby ProjectMayu  Mon Oct 19, 2009 9:26 pm
Microsoft Security Essentials
TrojanClicker:Win32/Yabector.A
I tried all 3 mirrors, same virus
Re: 4525 Contains virus
Postby mixer  Mon Oct 19, 2009 11:53 pm
Confirmed. Did you have any other symptoms? For instance, when plugging in a card reader you get the message: "No Disk in Drive"?
Re: 4525 Contains virus
Postby stanley  Tue Oct 20, 2009 11:53 am
Fixed in 4526.
Re: 4525 Contains virus
Postby mixer  Tue Oct 20, 2009 12:38 pm
Thanks Stanley for dealing with this potential problem so quickly. ( an obvious moron )
----------------------------------------------------------------------------------------------------
Spyware included: Win32/Comscore.gen
Postby kwreid  Sat Jun 13, 2009 12:14 pm
I downloaded Mediacoder for iPhone last night and installed it without any problem from this location: http://softlayer.dl.sourceforge.net/sourceforge/mediacoder/MediaCoder-iPod-0.7.1.4433.exe.
However, today when I logged in I had a Windows Defender alert displayed for the downloaded EXE file above.
AVG Antivirus Free also did not find anything on the system. So it may be possible that this is a false positive.
I'm running Windows 7 public RC and AVG Free antivirus along with the built in Windows Defender. All spyware and virus definitions are up to date as of today.
The information reported by Windows Defender is shown below:
Category:
Monitoring Software
Description:
This program has potentially unwanted behavior.
Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.
Resources:
containerfile:
D:\Downloads\MediaCoder-iPod-0.7.1.4433.exe
file:
D:\Downloads\MediaCoder-iPod-0.7.1.4433.exe->(nsis-6-rki.exe)->(UPX)
webfile:
D:\Downloads\MediaCoder-iPod-0.7.1.4433.exe|http://softlayer.dl.sourceforge.net/sourceforge/mediacoder/MediaCoder-iPod-0.7.1.4433.exe
(draft notes) Mediacoder - Shame & Viruses More Login
(draft notes) Mediacoder - Shame & Viruses
Slashdot Top Deals