NeroAudioRip.exe false positive?

Hi guys.

Having done a full Windows (7) scan today (including PuP) NeroAudioRip.exe was flagged at the location ‘Nero\Nero 9\Nero Express\NeroAudioRip.exe’. I’m pretty sure it’s fine as 1) It’s the only virus reported on the whole system, 2) It’s never been flagged before and 3) It was included with my Alienware laptop and has never been run (the modified date is the same date I had the laptop). I tried to upload to Jotti but when I double-clicked the file to select it I got the Windows message: ‘Operation did not complete successfully because the file contains a virus’ - is this because Avast! has blocked it? I selected no action in the virus scanner, unless it’s re-scanning and blocking (though I’m not ‘opening’ it per se, am I?).

Regardless, thought I’d post here.

You didn’t post what was actually detected, so … won’t guess. Nero bundles Ask.com toolbar (PUP).

Hello,

I got the same problem here, though I’ll try to be a bit more detailed (though I don’t know if Bobby got exactly the same, I also did got a positive with the neroaudiorip.exe file).

Anyway, here the details:
Ran a start-up scan on 27-3-2010 → no virusses found
Ran a start-up scan on 29-3-2010 → virus found → \Nero\Nero9\Nero Express\NeroAudioRip.exe → Exactness is High (I don’t know if this is the correct word but don’t use Avast in english) → Threat: Win32: Injector-AAG [Trj]
I removed the file (simply because I don’t want to run any risks) and then ran another start-up scan wich didn’t found any virusses anymore. Also it was (just like Bobby) the only virus it could find.

For the rest I can add that I use windows 7 & that, instead of Bobby, I installed Nero9 through a install disk so it wasn’t pre-installed (though haven’t used it at all yet for that matter, neither before nor between any scans).

After surfing on the internet myself (before finding this topic) I found out it is also known as “Rogue:Win32/FakeRean” in Microsoft’s database, though correct me if I’m wrong there, because I used an external site (http://www.virustotal.com/) for that information.

If you could tell me any more information (for example if it’s a false positive or not, etc.), I would be very happy.

EDIT1: Forgot to add that so far I know this computer doesn’t got any ask.com stuff on it (and if it would have been on it one time I would have immediately deleted it anyway).

http://www.avast.com/contact-form.php?loadStyles

Report false positives above (or simply add the file to the check and report from there). Nero has been a junky bloatware for years, but not really malware. For good ripping of audio, I sincerely recommend Exact Audio Copy. :stuck_out_tongue:

Nero is bloated garbage anyways. Go with ImgBurn.

Sorry, in my haste I did forget to post what it detected.

It too was Win32: Injector-AAG [Trj].

So I guess FP, or a big coincidence with the other poster.

Edit: I tried to upload the file and it says it’s too big.

I just sent a message with the aswboot file, I couldn’t find the scanfile itself somehow though it does appear in Avast’s scan log menu… So I just mentioned a lot of info I also stated below, hopefully they will still pick it up anyway.

Yeah, I wouldn’t worry about it - it’s not anything much and I’m sure it’ll get fixed in a future update.

I just got an email from avast requesting the file (“NeroAudioRip.exe”), sadly enough I removed it when the scan asked what to do with it… (having had bad experience with virusses before I wanted to have as little risk as possible).

I offered to install it myself again (and scan it to see if it gives the false-positive again and if so send the file to them), but that might take several days before I’ve done all of that (being busy these couple of days).

@ Bobby: So (I hope you don’t mind), but I also gave him the link of this topic and refered to the fact there are other people having this problem too (wich might not have deleted the file).

Do not delete things blindly. Any file does zero harm when moved to chest.

Will keep that in mind for next time, though it’s too late for it now (sadly enough).
On the other side, I still got the install CD, though I’m not sure when I have time to install/repair it (or look for an alternative program).
But thanks, good to know that :slight_smile:

I still have mine. I’ll send it if they want but as I wrote I tried to upload to the specific page given and it was denied for being too big (although it’s only a couple of MB, so eh.