Avast 4.7.1043 finds freerip296.exe "infected"

Avast Free Antivirus / Premium Security
1

During a thorough scan with Avast it alerted me that freerip296.exe was infected with Win32:SearchCol…
FreeRip is a cd ripper freeware that I installed months ago.As far as I know it is a clean program.
I sent a copy of that file to AlWil thru the Virus Chest.
I’m going to upload the file to VirusTotal and see what that shows for results.

2

I downloades FreeRIPmp3 3.01 from download.com, unpacked with Universal extractor and scanned the unpacked files with AVAST, SA free, AVG AS free and ST and it’s clean.
I think you have installed and old version.

3

You are right.

4

Results form VT scan:
BitDefender and Ikarus also identified Adware:BD found MyWay,Ikarus found NewDotNet.

There may something to this.
I used FreeRip only once.Now looking at it closely I see a “My $earch” button in the control panel.That is probably Adware.Off it goes!

It’s up to the virus analysers to look at the file I sent and decide what it is or isn’t.

*Edit-FYI.
I see Free Rip 3.01 is available at MajorGeeks.It is classified as “Adware” there.
My mistake as I don’t normally use adware/spyware programs at all!

5

Some like to say that they are add supported for their free use and that is what myway, etc. would be doing monitoring your activity to serve the adverts relevant to your browsing habits.

Though the same as you no way I would use this c*ap delivering ads when there are probably other tools to do the same job without the adware.

6

There a lot of prorams.
I use AIMP classic player to listen to music and i used it for ripping all my CD’s some times ago.

7

Thanks for the tip Rafel.
I’ll look at AIMP classic player.
I found Media Monkee but I haven’t tried it yet.Maybe i can compare the two. :wink:

8

If you like more Media monkey. You can use it. With media monkey problems with adaware are out too. :wink:

9

the tester: the file is Inno setup i guess… can you post the scan result here? i want to see which underlaying file is detected…

10

I had two files detected.
The one that I uploaded successfully was found in system volume information_restore.It’s identified as A0045447.exe.Win32:Stealth-H.
I have that in quarantine yet.

The FreeRip exe file was too large to upload to Alwil.
I haven’t been able to compress it to a small enough size to upload.I do have a copy of the file but I did uninstall FreeRip.
I copied and pasted the “Warning” log as I couldn’t find the upload link.

9/7/2007 10:50:14 PM 1189223414 XXXX 232 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\Documents and Settings\All Users\Documents\freerip296.exe{app}\s4Setp.exe[Embedded#040d0][Embedded#453d8]” file.
9/7/2007 10:52:30 PM 1189223550 XXXX 232 Sign of “Win32:SearchColor-C [Adw]” has been found in “C:\Documents and Settings\All Users\Documents\freerip296.exe{app}\s4Setp.exe[Embedded#870d0][Embedded#040d0]” file.
9/7/2007 10:52:33 PM 1189223553 XXXX 232 Sign of “Win32:SearchColor-C [Adw]” has been found in “C:\Documents and Settings\All Users\Documents\freerip296.exe{app}\s4Setp.exe[Embedded#870d0]” file.
9/7/2007 10:52:40 PM 1189223560 XXXX 232 Sign of “Win32:SearchColor-C [Adw]” has been found in “C:\Documents and Settings\All Users\Documents\freerip296.exe{app}\s4Setp.exe” file.
9/7/2007 11:16:20 PM 1189224980 XXXX 232 Sign of “Win32:Stealth-H [Trj]” has been found in “C:\System Volume Information_restore{2786A773-52E3-4420-B7EE-47CCCC5C4BA3}\RP70\A0045447.exe[ASPack][Embedded#1fe218]” file.
9/7/2007 11:43:58 PM 1189226638 XXXX 232 Sign of “Win32:SearchColor-C [Adw]” has been found in “C:\Documents and Settings\All Users\Documents\freerip296.exe{app}\s4Setp.exe” file.