Last month I clicked a video on facebook, and it was unable to play. A download window popped up and i downloaded MediaPluginSetup from Game Play labs. I installed this addon and the video played fine. Today my computer’s RAM usage was quite high although I didnt have any programs running, also the CPU fan was going nuts!! Also I got several network threat alerts from Avast! I had MBAM PRO running on real time + AIS 6, none of them detected this till today. I just wanted to check what was wrong so ran a quick scan and it detected this as a spyware…

I wanted to submit it to Avast virus lab but after I restored from MBAM quarantine it shows the file as safe! Still I uploaded it to Avast labs hope they add it, but just in case can one of you guys inform an Admin about this ? its MediaPluginSetup from Game Play labs.

Another issue - Does anyone know how to remove the “twitter” logo from Avast! notifications? I mainly get it when there are threat alerts, the little “T” logo - I find this VERY annoying and out of place… I dont know why they have put it there in the first place since its very inappropriate… Please let me know if anyone knows how to remove it

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the address bar and post it here so we can see

alternatives
VirSCAN http://virscan.org/
Jotti http://virusscan.jotti.org/en

Like I said, after restoring it from MBAM quarantine it doesnt detect that as a threat anymore… But I’m pretty sure that it is a threat because MBAM detected it along with several other registry keys…

Like i said…test suspicious file(s) at virustotal
the more who detect the bigger the chance for a real detection

Ok I will try but what I meant what, what if MBAM “cleaned” or “disinfected” the file ? Also my Avast GUI became a bit messed up just now, dont know if it has anything to do with the infection, I’m running a scan on SAS as well, will restart the pc and see if it will be back to normal… but at the moment its like this -

MBAM does not clean file(s) it move infected files to quarantine

The Malware MBAM looks for is not cleanable

On the other hand, antivirus software can't 'clean' a worm or a trojan, because there is nothing to clean - the entire file IS the worm or trojan.

Oh ok. Thanks for the info! Anyway I dont know why MBAM doesnt detect the file as a virus once I restore it :-\ guess I ll have to ask their admins about it…

Anyway I scanned it on VirusTotal - there was another potential malware that Avast! didnt detect so I scanned that as well… So the 2 links for the files are

http://www.virustotal.com/file-scan/report.html?id=4dd6ec9895a6a5a362e0835b258440c86cb1103da7d424826565b14e266c53c3-1302193615

http://www.virustotal.com/file-scan/report.html?id=277b179862655d592587ad3597c1c5ebf8f99a76247a5b8561aec45d8e8edc33-1302193556

My guess is False Positives

File - ibelicomeposu.dll

sigcheck:
publisher…: Realtek Semiconductor Corp.
copyright…: Copyright (c) 2004 Realtek Semiconductor Corp.
product…: Realtek AC97 Audio - Event Monitor
description…: Realtek Azalia Audio - Event Monitor
original name: Alcxmntr.exe
internal name: Alcxmntr
file version.: 1, 6, 0, 4
comments…:
signers…: -
signing date.: -
verified…: Unsigned

File - BHO.dll

igcheck:
publisher…: GamePlayLabs
copyright…: Copyright 2010. All rights reserved.
product…: GamePlayLabs Browser Helper Object
description…: GamePlayLabs Browser Helper Object
original name: BHO.dll
internal name: BHO.dll
file version.: 1.0.0.1
comments…: GamePlayLabs Browser Helper Object
signers…: -
signing date.: -
verified…: Unsigned

ibelicomeposu.dll was detected as a malware on quite a bit of different software…
(10/41)

Also May I know how you got the info about this file? The info you typed is very accurate, but when I googled it, no results came up…

about BHO - as I explained in the first post, I was forced to install it (couldnt play videos online without this plugin), but now after it being removed the videos are playing fine, I find that a little bit suspicious…

Thanks for taking your time to help me out

On virustotal.com, result-page (your link), click button “additional info → show all” ;D

Also May I know how you got the info about this file? The info you typed is very accurate, but when I googled it, no results came up..

see your message box…top right “MY MESSAGES”

lol cant believe I didnt see that! Thanks guys!

@pondus - I replied to the msg.

Oh ok. Thanks for the info! Anyway I dont know why MBAM doesnt detect the file as a virus once I restore it guess I ll have to ask their admins about it..

OK first reply recived…seems the Sigcheck in Virustotal is faked

SOPHOS

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

BHO.dll – non-malicious
ibelicomeposu.dll – identity created/updated (New detection Troj/Agent-RBQ)

Malwarebytes

ibelicomeposu.dll (Trojan.Agent) BHO.dll (Spyware.GamePlayLabs)

Yes MBAM was updated - I always update MBAM before running a scan, however yesterday BHO was detected and after I restored it, it said the file is safe - I did not update it inbetween this incident - had the same definitions…

The info about BHO seems to be correct - the signatures I mean… It was designed by game play labs.

This is exactly what I got from MBAM - this is what it detected the 2 files as. Did you run a scan on MBAM or ? So anyway do you think these are actual viruses? If so please send it to Avast labs.

Cheers!

Norman

Both are malware files, added detection.

BHO.dll : Processed - BHO.AAQE
ibelicomeposu.dll : Already detected as Suspicious_Gen2.KSJAM

Avira

The file 'BHO.dll' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.

The file ‘ibelicomeposu.dll’ has been determined to be ‘FALSE POSITIVE’. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

ehrmmmm…okay ???