I just installed the new version of BS-Player Free edition 2.33 http://bsplayer.com
Now my Avast Home edition comes up with an Virus detection - installdata358.tmp.exe infected - Win32:Trojan-gen {Other}
To explain the installation…
I installed BS-Player free edition, Deselected everything from the install except the program itself and the shortcut to menu start… at the auto codecs download/install i cancelled. an thats it…
Avast detected a Virus in C:\Windows\System32\installdata358.tmp.exe…
i can see installdata358.tmp.exe in the task manager, terminated it an found the file in system32, the file is hidden… (nothing happens when i click the .exe, other than it places itself in the taskmanager again…
C:\Windows\System32\installdata358.tmp.exe looks quite fishy… it is autorunned, contains encrypted data, refers to C:\Log.log… we’ll do further analysis…
where did u get the installdata358.tmp.exe from ? the BS.Player installation ?
i posted on BS.Players Official Forum, and send them the file to, but they deny that it should come from their installer…
this is their reply
Ok, you sent us the infected file itself and not the BS.Player installation file (btw. our antivirus reports it as WORM/Kolabc.fat), but the problem is that BS.Player does not have anything to do with this infected file. Like stated before - BS.Player does not write anything in System32 folder.
BS.Player installation does not include any viruses, worms, trojans…
Your entire system may be infected (but not because of BS.Player) and now with every installation, virus copies itself over and over again. I suggest you run full computer antivirus scan and delete/quarantine all infected files and then install BS.Player.
the file from european mirror is hijacked by a virus… its size is bigger than the file downloaded from US mirror… also the original file is Nullsoft installer, the hijacked is CAB self-extract with the virus and the original installer included…
I deleted the file as soon as i noticed it, running comodo firewall and defense+ (HIPS) could see the file tried to do some DNS lookups or something like that…
it’s a spying trojan most probably… anyway - regarding the non-detection by some engines there could be “few” affected users… let’s see what will the BSPlayer developers do…
yea, was only because of HIPS protection that i noticed the file so.
(an short after that avast detected it to)
But anyways thanks for the support, and help on the BS.Player forum (don’t think they belived me)
I’m reinstalling my two systems with the virus on as we speak…
Ill write back when i am up an running again…
Thanks for freaking great service Avast…
Special thanks to Maxx_original
Ps.
Just checked the post at BS.Player forum, they say its fixed now.
As I’m sure you’ve noticed, these changes to your system are not mandatory and, therefore, BS.Player cannot be considered spyware but, certainly, neither can it be said to be 100% clean. And so, although [b]marked as adware[/b], BS.Player is once again safe to install and back on Softpedia.
Nothing to do with you or me. Softpedia marks it adware because “it offers to install a third-party application”; BSPlayer says there’s no adware bundled with the player.
I thought avast! might be detecting the toolbar add-on, which is why I mentioned it. If you object to the adware description, you’ll really need to take it up with Softpedia, or ask BSPlayer to clarify whether they mean there is no adware bundled with the player, or there is adware bundled with the player, but it’s not a mandatory install.
I know i know, i just hate how everything is “adware” for them.
They had CCleaner listed as adware aswell Frank, apparently anything that includes a toolbar(even if you can opt-out in the installation) is considered adware by them. It’s just not fair IMHO. By that logic Nero and a alot of other good and trusted programs are also adware. What a load of crap.
· (1) Attempts to change the homepage for web browsers installed on the system |
· (2) Attempts to change the default search engine for web browsers installed on the system |
· (3) Offers to download or install software or components (such as browser toolbars) that the program does not require to fully function
EDIT2: Sorry for hijacking your thread Mr_llama but i had to get this off my chest, been bothering me for a long time now. Wonder how many regular users steered clear of the above programs because they saw them listed as adware on the softpedia page. :
I just got an account on avast, and here I see something about this virus TODAY. It seems like you can get this thing from more than what i got it from… I got it from a popup on myspace.com!
This sucks, right now Ive got very low protection, my system restore is corrupt and my firewall settings have been remotely tampered with. I was attacked by this thing you are talking about but was also attacked by another thing that was like AIDS to my computer called “WIN32.Spybot.Worm” that my norton antivirus decided to just remove repetitively.
This piece of trash kept coming back like fleas on my dog, and went straight to c:\ProgramFiles\Symantec\ and got blocked by norton right there first time and killed. an hour later it showed its ugly face again and took a different approach which did damage…
c:\WINDOWS\system32\systemrestore_settings\I01779G3%4692 and did something to that. now I cant open system restore!
