Norton finds trojan in version 2.6.0's mplayer.exe

General discussion about Universal Media Server (no support or requests)
cmonster
Posts: 21
Joined: Sat Jun 02, 2012 10:15 am

Norton finds trojan in version 2.6.0's mplayer.exe

Post by cmonster »

Hey guys, I've been happily using UMS forever so this is more of a concern than a complaint.

I just upgraded to 2.6.0 and flagged mplayer.exe as having the suspicious.emit trojan. This is the first time I've ever had a UMS install cause any type of security flag. Can anyone help look into this? Better safe than sorry.

Thanks!
cmonster
Posts: 21
Joined: Sat Jun 02, 2012 10:15 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by cmonster »

I just tried the installation on a different computer and it got flagged there too.
User avatar
Optimus_prime
Posts: 678
Joined: Fri Jun 01, 2012 6:39 pm
Location: Sydney, Australia

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by Optimus_prime »

Trend Micro didn't find anything on my PC. Also Spybot didn't flag it either. I think it's a false positive and nothing to worry about
How Ask For Support
Remember, Debug Log's Can/Will Help and Explain your issues, we're not mind reader's but here to help
OS's I Use And Can Assist With: Windows 7/8, Mac OS-X 10.8 & 10.9
Mac OS-X Java 7 Builds Mac OS-X Java 7 Forum
john3voltas
Posts: 21
Joined: Sun Mar 31, 2013 1:14 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by john3voltas »

Darned!
I didn't check in the general forum and went posting in the support forum instead of looking here first...
I just posted the same thing. I am not using Norton, I am using the corporate product named Symantec (both from the same company).
viewtopic.php?f=9&t=773
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
jdecape
Posts: 3
Joined: Sun Mar 31, 2013 2:38 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by jdecape »

I already submitted it as FP to Symantec. After I restored mplayer.exe and removed it from future scans. Got the response today that next def set would fix the FP. The consumer product and enterprise product use the same AV engine(and other malware engines IPS/SONAR). This was a FP caught by the heuristics, so it was a FP not in the hash based AV engine.

As a note-all of you could have done the same: https://submit.symantec.com/false_positive/

And the coders of UMS can submit for whitelisting as well: https://submit.symantec.com/whitelist/

Anyway, should be a non issue.

Cheers.
john3voltas
Posts: 21
Joined: Sun Mar 31, 2013 1:14 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by john3voltas »

Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
cmonster
Posts: 21
Joined: Sat Jun 02, 2012 10:15 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by cmonster »

john3voltas wrote:Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers
I'm not 100% convinced (yet). Could you check the mplayer that you downloaded to see if it's the same version? Also, could you do a manual scan of each file so see if there's any discrepancies?
john3voltas
Posts: 21
Joined: Sun Mar 31, 2013 1:14 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by john3voltas »

I can't.
Symantec quarantined the mplayer.exe that comes with UMS and I can't get it out of there to run it.
Every time I try, it grabs the file and put it back on the quarantine folder again.
Quarantined files can't be used, so I can't run it from the quarantine folder either.
My stock mplayer.exe is

Code: Select all

MPlayer Redxii-SVN-r36089-4.6.3 (C) 2000-2013 MPlayer Team
Also, Symantec doesn't have an option to test a single file or folder. Lame...
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
cmonster
Posts: 21
Joined: Sat Jun 02, 2012 10:15 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by cmonster »

You may need to temporarily disable auto-protect in order to hold onto the file for a bit. I don't know what version of Symantec you're running but you may be able to right-click on the file and pick virusscan from the menu.
john3voltas
Posts: 21
Joined: Sun Mar 31, 2013 1:14 am

Re: Norton finds trojan in version 2.6.0's mplayer.exe

Post by john3voltas »

As I said, this version of SEP (symantec endpoint protection) doesn't have a "right-click scan this file". Kinda lame imo.
As for disabling SEP and access the file, even though I disable all SEP services it seems that it is still running because when I try to access the file it still pops up saying it found a threat.
I just can't seem to stop SEP completely...
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
Post Reply