VideoHelp Forum
+ Reply to Thread
Results 1 to 8 of 8
Thread
  1. Hello, dear all.

    I just downloaded the version 2.5 from ffmpeg ( portable version).

    The site I got the program is: http://ffmpeg.zeranoe.com/builds/


    And my Antivirus ( Avira ) detected some "malware" or "virus":

    Look the message:


    TR/Crypt.XPACK.Gen2

    Description:

    A generic detection routine designed to detect common family characteristics shared in several variants.

    This special detection routine was developed in order to detect unknown variants and will be enhanced continuously
    Is this a true detection? Or a false positive? Is safe to use this version program?

    Thanks for your advices!

    Best regards.

    devil (johner)
    Quote Quote  
  2. I'm a MEGA Super Moderator Baldrick's Avatar
    Join Date
    Aug 2000
    Location
    Sweden
    Search Comp PM
    What does www.virustotal.com say?
    Quote Quote  
  3. Member racer-x's Avatar
    Join Date
    Mar 2003
    Location
    3rd Rock from the Sun
    Search Comp PM
    I just checked the 64-bit version and it is 100% green. I didn't check the 32-bit version because I don't use it anyway.
    Got my retirement plans all set. Looks like I only have to work another 5 years after I die........
    Quote Quote  
  4. Hello, dear all!

    64 bit version I tested just for curiosity. Nothing found...


    But 32 version, I have problems and the site www.virustotal.com said:


    ---> Avira TR/Crypt.XPACK.Gen2 ( for Avira ) : File analysed :
    ffmpeg-20141230-git-37b35fe-win32-shared
    And:

    ---> PUA.Win32.Packer.PrivateExeProte-7 ( for ClamAv ) --> Using: http://virusscan.jotti.org/ ( for scanning the file )


    The other files I didn't tested yet...

    Soon I'll tell what I found here.

    My OS is Windows XP / 32 Bits.

    Thanks for helping!

    Best regards.

    devil (johner)
    Quote Quote  
  5. Member racer-x's Avatar
    Join Date
    Mar 2003
    Location
    3rd Rock from the Sun
    Search Comp PM
    Seems only Avira red-flags it: https://www.virustotal.com/en/file/d494cd0a74e50639ed49737f0aa5c3746f56e86b313e0433d15...3a0c/analysis/

    I wonder why only the 32-bit version has any issues, while the 64-bit version is issue free?
    Got my retirement plans all set. Looks like I only have to work another 5 years after I die........
    Quote Quote  
  6. Banned
    Join Date
    Feb 2013
    Search PM
    The only AV flagging it AVIRA. All others say its clean. Most likely false positive. Contact AVIRA
    Quote Quote  
  7. Hello, dear all.

    As I said before, I tested all the "builds" that is available for 32 Bits environments, from the site:

    ---> http://ffmpeg.zeranoe.com/builds/

    The files that I found some problems during scanning detection:


    1) ffmpeg-20141230-git-37b35fe-win32-shared


    2) ffmpeg-20141230-git-37b35fe-win32-static


    3) ffmpeg-latest-win32-static

    The only file that was completely OK is: ffmpeg-20141230-git-37b35fe-win32-dev


    The results:

    1) Avira - TR/Crypt.XPACK.Gen2

    2) ClamAv - PUA.Win32.Packer.PrivateExeProte-7


    I used this sites for scanning:


    ---> https://www.virustotal.com/en/

    ---> http://virusscan.jotti.org/en


    So, despite of that, I can assume the detection was a false positive?


    The only AV flagging it AVIRA. All others say its clean. Most likely false positive. Contact AVIRA.

    I wonder why only the 32-bit version has any issues, while the 64-bit version is issue free?

    Thanks for helping, folks!


    Best regards.


    devil (johner)
    Last edited by devilcoelhodog; 31st Dec 2014 at 20:21.
    Quote Quote  
  8. Member
    Join Date
    Aug 2013
    Location
    Central Germany
    Search PM
    A little explanation:

    Many malware authors runtime-compress their executables to make detection and analysis a little harder.

    Avira is over-sensitive and warns in every case when an executable is runtime-compressed with a "not very common" or "notorious" kind of EXE packer (in their opinion). No matter if the original executable is good or bad. Just packing it is already suspicious for Avira.
    Quote Quote  
Visit our sponsor! Try DVDFab and backup Blu-rays!