Possible virus detected in DGMPGDec 2.0.0.3 download

Support forum for DGMPGDec
Post Reply
User avatar
hydra3333
Posts: 394
Joined: Wed Oct 06, 2010 3:34 am
Contact:

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by hydra3333 »

Hello.

A "Severe" virus was detected by inbuilt standard Windows 10 antivirus in the downloaded DGMPGDec 2.0.0.3 ...

Trojan:Win32/Casur.A!cl

Stock standard Win10 x64.

Cheers
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

virus detected in DGMPGDec 2.0.03 download

Post by Rocky »

Just scanned the ZIP file with Windows Defender. No threats found. Stock Win10 64 with latest updates.

I really prefer to get reports like this in PM because you can cause a lot of damage with unfounded reports.

You can try VirusTotal.
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.03 download

Post by Rocky »

Just ran it through VirusTotal. There was one detection by Microsoft and 62 all-clears from the others. False positives are not unheard of. I'll see if there is a way to submit a challenge to Microsoft about it.
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.03 download

Post by Rocky »

Please tell me the specific version number of defender so I can tell Microsoft. Also try updating it and retesting.
User avatar
hydra3333
Posts: 394
Joined: Wed Oct 06, 2010 3:34 am
Contact:

Possible virus detected in DGMPGDec 2.0.03 download

Post by hydra3333 »

OK.

Windows Security "Protection updates" in settings says:

Code: Select all

Security Intelligence version 1.329.2507.0
Version created on 20/01/21 10:35 am.
Win10 x64 Pro fully updated as of yesterday, with "native" Win10 security.

It can sometimes be challenging to know whether one or other product is "ahead of the pack" in terms of detection of a specific vulnerability ... I guess I tend to err on the side of caution until something is investigated ;)

edit 1: just did "check for updates", same result.
edit 2: just scanned folder of prior version downloads of your wonderful software, nothing detected there. :salute:
I really do like it here.
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

I just updated Defender to the latest 1.329.2528.0 and the scan showed no threats. Can you try it?
User avatar
hydra3333
Posts: 394
Joined: Wed Oct 06, 2010 3:34 am
Contact:

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by hydra3333 »

OK.
Updated to 1.329.2602.0 and for http://rationalqm.us/dgmpgdec/dgmpgdec2003.zip
the same result (Chrome download)
the same result (Edge download)
the same result (IE download)

So I tried it on a second PC, and it downloaded fine.
Scanned it and it scans fine.
Copied the zip to the first PC
Scanned it and found Trojan:Win32/Wacatac.B!ml :(

So I tried it on a third PC, and it downloaded fine.
Scanned it and it scans fine.
Copied the zip to the first PC
Scanned it and found Trojan:Win32/Wacatac.B!ml :(

Hmm.

Copied the "bad" zip to the third PC and did an "fc /b" file-compare on the "good" and "bad" files and they are bit identical.

Hmm.

Time to re-format system disk on the first PC and install from scratch, by the looks.
Disheartening, since I'm reasonably careful about not downloading stuff.
The "only" new thing I did recently was a new CPUz run in admin mode. Never again.
(and a new BIOS direct from ASUS)

Thanks for your patience.
I really do like it here.
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

The fly in your ointment is that Microsoft detected it in VirusTotal. That complicates your theory that it is just your first PC. If it continues I may submit a sample to Microsoft. IIRC correctly, however, jdobbs hasn't had great luck doing that. I can imagine that they get thousands of submissions per month. The submission page warns that high visibility and high usage applications get priority.
User avatar
hydra3333
Posts: 394
Joined: Wed Oct 06, 2010 3:34 am
Contact:

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by hydra3333 »

Yes. Thanks. :scratch:

Blew away the system drive, mostly re-installed, tried to download again, and success with no trojan detected.

Hmm.

AFAIK, and as users are always wont to say, "the only thing I did was" to dl and run the latest cpu-z, however I couldn't guarantee that.

Oh well, pending the virustotal thing, it seems a wipe/reinstall "fixed" it and OF COURSE your build chain wasn't somehow accidentally compromised by the Russians ;) (unlike some US infrastructure). :lol:

Cheers !
I really do like it here.
DAE avatar
DJAlik
Posts: 1
Joined: Sun Feb 21, 2021 11:11 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by DJAlik »

I am getting the same warning with 2.0.0.4 version. Here's the screenshot:

Image
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

Welcome to the forum DJAlik!

Yes, we know about the false detection. Try it on VirusTotal -- only MS detects it. There's nothing we can do about it except to wait for MS to analyze our sample and do the needful. Not holding my breath. Even MS recommends adding an exclusion:

https://answers.microsoft.com/en-us/pro ... a47968abcd

Many other apps are suffering from this too.
User avatar
hydra3333
Posts: 394
Joined: Wed Oct 06, 2010 3:34 am
Contact:

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by hydra3333 »

cough ... ;) wiping my PC and re-installing from an older system image backup made the error go away.

It seems something may be funny with Win Defender local config, perhaps once it gets something tweaked sometime, somehow, then it stays that way and finds something that isn't there.
User avatar
Wonder Woman
Posts: 58
Joined: Sun Feb 07, 2021 10:46 am

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Wonder Woman »

:facepalm:
User avatar
new_guy
Posts: 59
Joined: Fri Jan 15, 2021 11:12 am

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by new_guy »

Seems awfully quiet around here. Everything OK?
DAE avatar
Guest

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Guest »

Guess everyone is scared of catching a virus :mrgreen:
PS
Any flippin' RTX30xx cards available anywhere?

PPS
new_guy, please get a face
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

Ran out of major things to do, so taking a little break.

BTW, some loser emailed me that DGMPGDec 2.0.0.5 does not work with Avisynth 2.60. It's a lie, it works just fine. His issue is that he has autoloading set up wrong. But he won't listen and lectures me instead. You know, the old "thanks anyway for trying" rudeness. Hey losers out there, if you know it all why bother asking me about anything. Sheesh!
User avatar
Bullwinkle
Posts: 338
Joined: Thu Sep 05, 2019 6:37 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Bullwinkle »

Who is it, Rock? I'll take care of it...Moose-style!
DAE avatar
Guest

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Guest »

Why can't people explicitly load plugins and filters?
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

Agreed, I hate autoloading.
DAE avatar
Guest

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Guest »

Any news on RTX30xx cards
BH Photo says soon on some and 4 to 6 weeks on one of them
NewEgg.ca is OUT OF STOCK still
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

This is a case of no news is bad news.
User avatar
Rocky
Posts: 3557
Joined: Fri Sep 06, 2019 12:57 pm

Possible virus detected in DGMPGDec 2.0.0.3 download

Post by Rocky »

Cropping discussion moved here:

viewtopic.php?f=7&t=1045

I'll mark this thread resolved as there is nothing more I can do.
Post Reply