Norton finds trojan in version 2.6.0's mplayer.exe
Norton finds trojan in version 2.6.0's mplayer.exe
Hey guys, I've been happily using UMS forever so this is more of a concern than a complaint.
I just upgraded to 2.6.0 and flagged mplayer.exe as having the suspicious.emit trojan. This is the first time I've ever had a UMS install cause any type of security flag. Can anyone help look into this? Better safe than sorry.
Thanks!
I just upgraded to 2.6.0 and flagged mplayer.exe as having the suspicious.emit trojan. This is the first time I've ever had a UMS install cause any type of security flag. Can anyone help look into this? Better safe than sorry.
Thanks!
Re: Norton finds trojan in version 2.6.0's mplayer.exe
I just tried the installation on a different computer and it got flagged there too.
- Optimus_prime
- Posts: 678
- Joined: Fri Jun 01, 2012 6:39 pm
- Location: Sydney, Australia
Re: Norton finds trojan in version 2.6.0's mplayer.exe
Trend Micro didn't find anything on my PC. Also Spybot didn't flag it either. I think it's a false positive and nothing to worry about
How Ask For Support
Remember, Debug Log's Can/Will Help and Explain your issues, we're not mind reader's but here to help
OS's I Use And Can Assist With: Windows 7/8, Mac OS-X 10.8 & 10.9
Mac OS-X Java 7 Builds Mac OS-X Java 7 Forum
Remember, Debug Log's Can/Will Help and Explain your issues, we're not mind reader's but here to help
OS's I Use And Can Assist With: Windows 7/8, Mac OS-X 10.8 & 10.9
Mac OS-X Java 7 Builds Mac OS-X Java 7 Forum
-
- Posts: 21
- Joined: Sun Mar 31, 2013 1:14 am
Re: Norton finds trojan in version 2.6.0's mplayer.exe
Darned!
I didn't check in the general forum and went posting in the support forum instead of looking here first...
I just posted the same thing. I am not using Norton, I am using the corporate product named Symantec (both from the same company).
viewtopic.php?f=9&t=773
Cheers
I didn't check in the general forum and went posting in the support forum instead of looking here first...
I just posted the same thing. I am not using Norton, I am using the corporate product named Symantec (both from the same company).
viewtopic.php?f=9&t=773
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
Windows 7 x64
Re: Norton finds trojan in version 2.6.0's mplayer.exe
I already submitted it as FP to Symantec. After I restored mplayer.exe and removed it from future scans. Got the response today that next def set would fix the FP. The consumer product and enterprise product use the same AV engine(and other malware engines IPS/SONAR). This was a FP caught by the heuristics, so it was a FP not in the hash based AV engine.
As a note-all of you could have done the same: https://submit.symantec.com/false_positive/
And the coders of UMS can submit for whitelisting as well: https://submit.symantec.com/whitelist/
Anyway, should be a non issue.
Cheers.
As a note-all of you could have done the same: https://submit.symantec.com/false_positive/
And the coders of UMS can submit for whitelisting as well: https://submit.symantec.com/whitelist/
Anyway, should be a non issue.
Cheers.
-
- Posts: 21
- Joined: Sun Mar 31, 2013 1:14 am
Re: Norton finds trojan in version 2.6.0's mplayer.exe
Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
Windows 7 x64
Re: Norton finds trojan in version 2.6.0's mplayer.exe
I'm not 100% convinced (yet). Could you check the mplayer that you downloaded to see if it's the same version? Also, could you do a manual scan of each file so see if there's any discrepancies?john3voltas wrote:Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers
-
- Posts: 21
- Joined: Sun Mar 31, 2013 1:14 am
Re: Norton finds trojan in version 2.6.0's mplayer.exe
I can't.
Symantec quarantined the mplayer.exe that comes with UMS and I can't get it out of there to run it.
Every time I try, it grabs the file and put it back on the quarantine folder again.
Quarantined files can't be used, so I can't run it from the quarantine folder either.
My stock mplayer.exe is
Also, Symantec doesn't have an option to test a single file or folder. Lame...
Symantec quarantined the mplayer.exe that comes with UMS and I can't get it out of there to run it.
Every time I try, it grabs the file and put it back on the quarantine folder again.
Quarantined files can't be used, so I can't run it from the quarantine folder either.
My stock mplayer.exe is
Code: Select all
MPlayer Redxii-SVN-r36089-4.6.3 (C) 2000-2013 MPlayer Team
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
Windows 7 x64
Re: Norton finds trojan in version 2.6.0's mplayer.exe
You may need to temporarily disable auto-protect in order to hold onto the file for a bit. I don't know what version of Symantec you're running but you may be able to right-click on the file and pick virusscan from the menu.
-
- Posts: 21
- Joined: Sun Mar 31, 2013 1:14 am
Re: Norton finds trojan in version 2.6.0's mplayer.exe
As I said, this version of SEP (symantec endpoint protection) doesn't have a "right-click scan this file". Kinda lame imo.
As for disabling SEP and access the file, even though I disable all SEP services it seems that it is still running because when I try to access the file it still pops up saying it found a threat.
I just can't seem to stop SEP completely...
Cheers
As for disabling SEP and access the file, even though I disable all SEP services it seems that it is still running because when I try to access the file it still pops up saying it found a threat.
I just can't seem to stop SEP completely...
Cheers
Laptop 1,8Ghz intel coreduo with 4GB RAM
Windows 7 x64
Windows 7 x64