View Profile
View Forum Posts
Hello, dear all.
I just downloaded the version 2.5 from ffmpeg ( portable version).
The site I got the program is: http://ffmpeg.zeranoe.com/builds/
And my Antivirus ( Avira ) detected some "malware" or "virus":
Look the message:
Is this a true detection? Or a false positive? Is safe to use this version program?TR/Crypt.XPACK.Gen2
Description:
A generic detection routine designed to detect common family characteristics shared in several variants.
This special detection routine was developed in order to detect unknown variants and will be enhanced continuously
Thanks for your advices!
Best regards.
devil (johner)
+ Reply to Thread
Results 1 to 8 of 8
-
-
I'm a MEGA Super Moderator
- Aug 2000
- Sweden
What does www.virustotal.com say?
-
I just checked the 64-bit version and it is 100% green. I didn't check the 32-bit version because I don't use it anyway.
Got my retirement plans all set. Looks like I only have to work another 5 years after I die........ -
Hello, dear all!
64 bit version I tested just for curiosity. Nothing found...
But 32 version, I have problems and the site www.virustotal.com said:
---> Avira TR/Crypt.XPACK.Gen2 ( for Avira ) : File analysed :And:ffmpeg-20141230-git-37b35fe-win32-shared
---> PUA.Win32.Packer.PrivateExeProte-7 ( for ClamAv ) --> Using: http://virusscan.jotti.org/ ( for scanning the file )
The other files I didn't tested yet...
Soon I'll tell what I found here.
My OS is Windows XP / 32 Bits.
Thanks for helping!
Best regards.
devil (johner) -
Seems only Avira red-flags it: https://www.virustotal.com/en/file/d494cd0a74e50639ed49737f0aa5c3746f56e86b313e0433d15...3a0c/analysis/
I wonder why only the 32-bit version has any issues, while the 64-bit version is issue free?Got my retirement plans all set. Looks like I only have to work another 5 years after I die........ -
The only AV flagging it AVIRA. All others say its clean. Most likely false positive. Contact AVIRA
-
Hello, dear all.
As I said before, I tested all the "builds" that is available for 32 Bits environments, from the site:
---> http://ffmpeg.zeranoe.com/builds/
The files that I found some problems during scanning detection:
1) ffmpeg-20141230-git-37b35fe-win32-shared
2) ffmpeg-20141230-git-37b35fe-win32-static
3) ffmpeg-latest-win32-static
The only file that was completely OK is: ffmpeg-20141230-git-37b35fe-win32-dev
The results:
1) Avira - TR/Crypt.XPACK.Gen2
2) ClamAv - PUA.Win32.Packer.PrivateExeProte-7
I used this sites for scanning:
---> https://www.virustotal.com/en/
---> http://virusscan.jotti.org/en
So, despite of that, I can assume the detection was a false positive?
The only AV flagging it AVIRA. All others say its clean. Most likely false positive. Contact AVIRA.
I wonder why only the 32-bit version has any issues, while the 64-bit version is issue free?
Thanks for helping, folks!
Best regards.
devil (johner)Last edited by devilcoelhodog; 31st Dec 2014 at 19:21.
-
A little explanation:
Many malware authors runtime-compress their executables to make detection and analysis a little harder.
Avira is over-sensitive and warns in every case when an executable is runtime-compressed with a "not very common" or "notorious" kind of EXE packer (in their opinion). No matter if the original executable is good or bad. Just packing it is already suspicious for Avira.
Quote
Visit Homepage
