Page 1 of 1

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Tue Jan 19, 2021 8:20 pm
by hydra3333
Hello.

A "Severe" virus was detected by inbuilt standard Windows 10 antivirus in the downloaded DGMPGDec 2.0.0.3 ...

Trojan:Win32/Casur.A!cl

Stock standard Win10 x64.

Cheers

virus detected in DGMPGDec 2.0.03 download

Posted: Tue Jan 19, 2021 8:32 pm
by Rocky
Just scanned the ZIP file with Windows Defender. No threats found. Stock Win10 64 with latest updates.

I really prefer to get reports like this in PM because you can cause a lot of damage with unfounded reports.

You can try VirusTotal.

Possible virus detected in DGMPGDec 2.0.03 download

Posted: Tue Jan 19, 2021 9:10 pm
by Rocky
Just ran it through VirusTotal. There was one detection by Microsoft and 62 all-clears from the others. False positives are not unheard of. I'll see if there is a way to submit a challenge to Microsoft about it.

Possible virus detected in DGMPGDec 2.0.03 download

Posted: Tue Jan 19, 2021 9:24 pm
by Rocky
Please tell me the specific version number of defender so I can tell Microsoft. Also try updating it and retesting.

Possible virus detected in DGMPGDec 2.0.03 download

Posted: Wed Jan 20, 2021 12:22 am
by hydra3333
OK.

Windows Security "Protection updates" in settings says:

Code: Select all

Security Intelligence version 1.329.2507.0
Version created on 20/01/21 10:35 am.
Win10 x64 Pro fully updated as of yesterday, with "native" Win10 security.

It can sometimes be challenging to know whether one or other product is "ahead of the pack" in terms of detection of a specific vulnerability ... I guess I tend to err on the side of caution until something is investigated ;)

edit 1: just did "check for updates", same result.
edit 2: just scanned folder of prior version downloads of your wonderful software, nothing detected there. :salute:

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Wed Jan 20, 2021 6:57 am
by Rocky
I just updated Defender to the latest 1.329.2528.0 and the scan showed no threats. Can you try it?

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Jan 21, 2021 4:36 pm
by hydra3333
OK.
Updated to 1.329.2602.0 and for http://rationalqm.us/dgmpgdec/dgmpgdec2003.zip
the same result (Chrome download)
the same result (Edge download)
the same result (IE download)

So I tried it on a second PC, and it downloaded fine.
Scanned it and it scans fine.
Copied the zip to the first PC
Scanned it and found Trojan:Win32/Wacatac.B!ml :(

So I tried it on a third PC, and it downloaded fine.
Scanned it and it scans fine.
Copied the zip to the first PC
Scanned it and found Trojan:Win32/Wacatac.B!ml :(

Hmm.

Copied the "bad" zip to the third PC and did an "fc /b" file-compare on the "good" and "bad" files and they are bit identical.

Hmm.

Time to re-format system disk on the first PC and install from scratch, by the looks.
Disheartening, since I'm reasonably careful about not downloading stuff.
The "only" new thing I did recently was a new CPUz run in admin mode. Never again.
(and a new BIOS direct from ASUS)

Thanks for your patience.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Jan 21, 2021 8:31 pm
by Rocky
The fly in your ointment is that Microsoft detected it in VirusTotal. That complicates your theory that it is just your first PC. If it continues I may submit a sample to Microsoft. IIRC correctly, however, jdobbs hasn't had great luck doing that. I can imagine that they get thousands of submissions per month. The submission page warns that high visibility and high usage applications get priority.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Fri Jan 22, 2021 5:02 am
by hydra3333
Yes. Thanks. :scratch:

Blew away the system drive, mostly re-installed, tried to download again, and success with no trojan detected.

Hmm.

AFAIK, and as users are always wont to say, "the only thing I did was" to dl and run the latest cpu-z, however I couldn't guarantee that.

Oh well, pending the virustotal thing, it seems a wipe/reinstall "fixed" it and OF COURSE your build chain wasn't somehow accidentally compromised by the Russians ;) (unlike some US infrastructure). :lol:

Cheers !

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Tue Feb 23, 2021 1:43 pm
by DJAlik
I am getting the same warning with 2.0.0.4 version. Here's the screenshot:

Image

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Tue Feb 23, 2021 1:47 pm
by Rocky
Welcome to the forum DJAlik!

Yes, we know about the false detection. Try it on VirusTotal -- only MS detects it. There's nothing we can do about it except to wait for MS to analyze our sample and do the needful. Not holding my breath. Even MS recommends adding an exclusion:

https://answers.microsoft.com/en-us/pro ... a47968abcd

Many other apps are suffering from this too.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Fri Feb 26, 2021 7:55 pm
by hydra3333
cough ... ;) wiping my PC and re-installing from an older system image backup made the error go away.

It seems something may be funny with Win Defender local config, perhaps once it gets something tweaked sometime, somehow, then it stays that way and finds something that isn't there.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Fri Feb 26, 2021 8:42 pm
by Wonder Woman
:facepalm:

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Wed Mar 10, 2021 12:23 pm
by new_guy
Seems awfully quiet around here. Everything OK?

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Wed Mar 10, 2021 3:38 pm
by Guest
Guess everyone is scared of catching a virus :mrgreen:
PS
Any flippin' RTX30xx cards available anywhere?

PPS
new_guy, please get a face

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 1:08 pm
by Rocky
Ran out of major things to do, so taking a little break.

BTW, some loser emailed me that DGMPGDec 2.0.0.5 does not work with Avisynth 2.60. It's a lie, it works just fine. His issue is that he has autoloading set up wrong. But he won't listen and lectures me instead. You know, the old "thanks anyway for trying" rudeness. Hey losers out there, if you know it all why bother asking me about anything. Sheesh!

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 1:15 pm
by Bullwinkle
Who is it, Rock? I'll take care of it...Moose-style!

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 2:36 pm
by Guest
Why can't people explicitly load plugins and filters?

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 2:53 pm
by Rocky
Agreed, I hate autoloading.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 3:18 pm
by Guest
Any news on RTX30xx cards
BH Photo says soon on some and 4 to 6 weeks on one of them
NewEgg.ca is OUT OF STOCK still

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Thu Mar 11, 2021 3:54 pm
by Rocky
This is a case of no news is bad news.

Possible virus detected in DGMPGDec 2.0.0.3 download

Posted: Fri Mar 12, 2021 7:47 pm
by Rocky
Cropping discussion moved here:

viewtopic.php?f=7&t=1045

I'll mark this thread resolved as there is nothing more I can do.