mpui.exe is in fact infected

Hello folks,

I need to swallow some crow and I’m not sure how to do this. This seems to be the best option at the moment, given limited time.

I just reported a false positive on mpui.exe, a file that is included in MediaCoder, an open source project from SourceForge. This is a trusted application that I have used for quite some time and given the nature of open source - and that MPUI is a Windows front end for media player software - I found it highly unlikely that the file would be infected.

After I reported the “false positive”, however, I decided to take a quick peek at their forums. I should have done this before hand.

As it turns out, MPUI.exe apparently is in fact infected. This is what I get for being in a rush, and I apologize.

Good day all.

No real harm done, as it would be analysed first, it wouldn’t automatically be removed from the detections.

Welcome to the forums.

Another tool you may find useful to confirm or deny a detection:
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Hi Keeshin,

Information on the apparent malicious variant: http://www.prevx.com/filenames/2543133621618554511-X1/MPUI.EXE.html
This file is probably reported as a infected file because it has the ability to change a file format to another. Thus acting like Malware.

I would do like it was mentioned by DavidR and report these to avast. You can do so within the scanner itself. In the mean time , do not delete these False Positives before you hear whether it is a FP. We all here report apparent false positives to them and they will add them to their white list and correct within a next update.

To replace this MediaCoder program , you can use : http://formatoz.com/ .
The name of the program is “Format Factory” . It’s free and does a lot more than just convert video files.
Here is the scorecard for Formatoz.com :
http://www.mywot.com/en/scorecard/formatoz.com

polonus