INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Antivirus problem  (Read 6439 times)

chrisr

  • Recent member
  • *
  • Posts: 40
Antivirus problem
« on: October 01, 2013, 08:12:55 pm »

A virus in this build too. That's twice.  The virus is in:

c:\users\...\appdata\local\temp\\7zs6036.tmp\media jukebox\jrtelevision.dll

Virus name: Gen: Variant.Barys.2102
Logged
Digital: Playback Designs MPD-5 DAC, PC running JRiver
Amps: Halcro DM-10 pre, Krell FPB-400cx amp
Speakers: Wilson W/P 7 speakers, REL Stadium III sub
Cables: Nordost Valhalla PCs, ICs, SCs
Power: Furutech GTX-D(R) outlets, Nordost Thor conditioner, Dedicated 30A lines
Tweaks: HRS M3 isolation base
Home Theater: Oppo UDP-203 4K player, Anthem AVM60 processor, Krell FPB-450mcx center channel amp, Krell TAS amp (unique 7 channel), Wilson Watch center speaker

andrevi

  • Junior Woodchuck
  • **
  • Posts: 77
Antivirus problem
« Reply #1 on: October 01, 2013, 10:02:39 pm »

Tried upgrading to 19.0.49 from build 45.

I get this error message

Install wizard could not copy necessary files to the destination folder.

Please ensure that the file C:\Program Files (x86)\J River\Media Center 19\JRTelevision.dll' is not in use.

Also my anti virus deletes this file because it is identified as a virus called Gen:Variant.Barys.2102.

Please help.

Thanks.

Andrevi
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Antivirus problem
« Reply #2 on: October 01, 2013, 10:07:04 pm »

Test the file here:

   http://virusscan.jotti.org/en

You'll likely find it is a false positive with your AntiVirus.  Report the problem using their false positive reporting mechanism (probably on their support site somewhere).
Logged
The opinions I express represent my own folly.

Maxxwire

  • Recent member
  • *
  • Posts: 46
Antivirus problem
« Reply #3 on: October 02, 2013, 01:06:53 am »

I don't use an antivirus so I downloaded MC 19.0.49 into Sandboxie and scanned it while in the sandbox. In the past everything has always gone well and there has never been a single problem, but in this instance Hitman Pro 3.7.7 Build 203 found 12 threats upon which it quarantined and then removed MC 19.0.49. Thinking there must have been some mistake I downloaded and scanned it again, but the results were the same.

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Comodo/JRiverMC12Threats.png
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Antivirus problem
« Reply #4 on: October 02, 2013, 01:30:12 am »

These are the services that seem to indicate an issue (see attached):

http://virusscan.jotti.org/en/scanresult/84f01589d286cfda5c70c333e565f5c0f33f6b66

https://www.virustotal.com/en/file/802fe8c2afa8c9695fe3b3e8c5f689ae8b475a5d4dd81cad550798e33b90c289/analysis/1380694733/

Not necessarily the front runners in A/V.  But since quite a few have flagged the file, it might be worth submitting it to each.
Logged
The opinions I express represent my own folly.

astromo

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 2251
Antivirus problem
« Reply #5 on: October 02, 2013, 08:08:05 am »

Test the file here:

   http://virusscan.jotti.org/en

You'll likely find it is a false positive with your AntiVirus.  Report the problem using their false positive reporting mechanism (probably on their support site somewhere).


Ugghhhh ... done for bitdefender ...
http://forum.bitdefender.com/index.php?showtopic=49018

Others in the same boat, please raise tickets with BD and build momentum.
Logged
MC33, Win10 x64, HD-Plex H5 Gen2 Case, HD-Plex 400W Hi-Fi DC-ATX / AC-DC PSU, Gigabyte Z370 ULTRA Gaming 2.0 MoBo, Intel Core i7 8700 CPU, 4x8GB GSkill DDR4 RAM, Schiit Modi Multibit DAC, Freya Pre, Nelson Pass Aleph J DIY Clone, Ascension Timberwolf 8893BSRTL Speakers, BJC 5T00UP cables, DVB-T Tuner HDHR5-4DT

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #6 on: October 02, 2013, 01:43:11 pm »

Two more AV's are declaring a problem:

Logged
The opinions I express represent my own folly.

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72413
  • Where did I put my teeth?
Re: Antivirus problem
« Reply #7 on: October 02, 2013, 01:46:46 pm »

I think that a lot of antivirus companies use the Kaspersky engine.
Logged

Matt

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 42344
  • Shoes gone again!
Re: Antivirus problem
« Reply #8 on: October 02, 2013, 01:50:59 pm »

Two more AV's are declaring a problem:

Thanks MrC.  Am I reading that right that they're each reporting totally different problems?

I wonder if renaming our DLLs to JDL or something might get virus checkers to leave them alone?  We're the only program loading them, so don't really care what they're called.

(ps. I'm only speaking about false positives here.  We make every effort to ensure the build machines and builds are clean.  Every build goes through a virus check as part of packaging.  We've never had a build that had an issue in 10+ years and thousands of builds.  So I'm not trying to side-step virus checkers, only side-step false positives.)
Logged
Matt Ashland, JRiver Media Center

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #9 on: October 02, 2013, 02:13:47 pm »

Many of the A/V companies share a reporting mechanism, and some, naming scheme.  When one hits, the name/defs are shared with other A/V vendors.  And it can take a little while for the FP to propagate back.

The Gen.Variant.Barys.2012 reported by Emisoft, BitDefender, F-Secure, and GData seems like a case for the shared FP, and was probably heuristically detected.

The Ikrarus Win32.SuspectCrc might yield a clue that the file's CRC matched a currently suspected file, so a simple change of the file will produce a new (and likely safe) CRC.  Panda may be detecting the same way.

I don't know what Symantec's "WS.Reputation.1" means, other than the file was flagged as suspect, and JRiver may not have a reputation in Symtantec's database (they probably use a point scoring system in their heuristics).  This is why a vendor doing its own reporting is useful in the long run - you build up a reputation.

I know nothing about Bkav.

McAfee, Trend, and Panda obviously are using their own naming and heuristics, so probably they should be reported as FP's to each site.

I'll report as FPs a few now.
Logged
The opinions I express represent my own folly.

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #10 on: October 02, 2013, 02:37:22 pm »

I've reported to Symantec, McAfee, Trend Micro, and F-Secure.  I tried to submit to Panda, but their site would not accept the zipped file per their request.

I forged the submission under Matt's name / email.
Logged
The opinions I express represent my own folly.

jmschnur

  • World Citizen
  • ***
  • Posts: 139
Re: Antivirus problem
« Reply #11 on: October 02, 2013, 04:29:17 pm »

How about Avast?
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #12 on: October 02, 2013, 05:26:03 pm »

Why would I have reported a clean file to Avast?  :-)

The two scans came up clean for Avast.
Logged
The opinions I express represent my own folly.

jmschnur

  • World Citizen
  • ***
  • Posts: 139
Re: Antivirus problem
« Reply #13 on: October 02, 2013, 06:54:24 pm »

Must have been earlier versions and clearly they have fixed their IDs.
Logged

astromo

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 2251
Re: Antivirus problem
« Reply #14 on: October 02, 2013, 10:19:19 pm »

Thanks MrC.  Am I reading that right that they're each reporting totally different problems?

I wonder if renaming our DLLs to JDL or something might get virus checkers to leave them alone?  We're the only program loading them, so don't really care what they're called.

(ps. I'm only speaking about false positives here.  We make every effort to ensure the build machines and builds are clean.  Every build goes through a virus check as part of packaging.  We've never had a build that had an issue in 10+ years and thousands of builds.  So I'm not trying to side-step virus checkers, only side-step false positives.)

Why not try this with an offline build and see whether it's got a chance of working? I'd expect that a half decent AV program would be wise to the tactic of an extension change. With a problem like this, where an issue is being flagged across a range of AV programs, it would be useful to know what the root cause is (what's the trigger?) so that you've got a chance of dealing with the issue within MC's code. [Was Captain Obvious just speaking? oops   ::)]

For BitDefender, this is the 2nd false positive in a month and a half. I'm happy that security is erring on the side of caution and this is also what can happen with a fresh release but there must be something that's stopping MC and BD from not playing nicely together. Hopefully it's sorted out soon. The effort in the background to address this is appreciated. Keep up the good work..   ;)
Logged
MC33, Win10 x64, HD-Plex H5 Gen2 Case, HD-Plex 400W Hi-Fi DC-ATX / AC-DC PSU, Gigabyte Z370 ULTRA Gaming 2.0 MoBo, Intel Core i7 8700 CPU, 4x8GB GSkill DDR4 RAM, Schiit Modi Multibit DAC, Freya Pre, Nelson Pass Aleph J DIY Clone, Ascension Timberwolf 8893BSRTL Speakers, BJC 5T00UP cables, DVB-T Tuner HDHR5-4DT

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #15 on: October 02, 2013, 10:37:37 pm »

Logged
The opinions I express represent my own folly.

Scolex

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1116
  • Cheers
Re: Antivirus problem
« Reply #16 on: October 03, 2013, 02:48:08 am »

I think the best solution to this may be for the updates to extract to a specific folder every time.
Instead of C:\Users\*username*\AppData\Local\Temp\7zs....tmp use C:\Users\*username*\AppData\Local\Temp\J River\7zs....tmp
We can then create an exclusion for the ...\Temp\J River folder.
Logged
Sean

Scolex

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 1116
  • Cheers
Re: Antivirus problem
« Reply #17 on: October 03, 2013, 03:04:24 am »

I wonder if renaming our DLLs to JDL or something might get virus checkers to leave them alone?  We're the only program loading them, so don't really care what they're called.

That would be great because Bitdefender has the option to exclude a specific file extension.
Logged
Sean

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #18 on: October 03, 2013, 12:07:02 pm »

Changing the file suffix will have no affect in general.  A/V scanners do not rely on this  (long ago, it was a common malware technique to pass email gateways and other cheap, but weak heuristics).

Although it might help a user or two who can configure their A/Vs, it isn't worth any time or energy since the vast majority of folks will not do this.
Logged
The opinions I express represent my own folly.

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #19 on: October 03, 2013, 12:20:47 pm »

It is interesting to watch a False Positive spread and recede as vendor's virus defs pickup the shared "intelligence".

While there are still 11 products reporting the file, Symantec importantly no longer reports it (maybe my FP report to Symantec helped, maybe not), but MicroWorld-eScan now reports the file (not a major player, and also using the shared reporting mechanism).
Logged
The opinions I express represent my own folly.

astromo

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 2251
Re: Antivirus problem
« Reply #20 on: October 03, 2013, 05:02:01 pm »

BitDefender is telling me that the file is clean:
http://forum.bitdefender.com/index.php?s=&showtopic=49018&view=findpost&p=199422
but I can't get a functional update sorted.

I'd add that MC19.0.50 is falsely on the nose as well.

Chipping away.
Logged
MC33, Win10 x64, HD-Plex H5 Gen2 Case, HD-Plex 400W Hi-Fi DC-ATX / AC-DC PSU, Gigabyte Z370 ULTRA Gaming 2.0 MoBo, Intel Core i7 8700 CPU, 4x8GB GSkill DDR4 RAM, Schiit Modi Multibit DAC, Freya Pre, Nelson Pass Aleph J DIY Clone, Ascension Timberwolf 8893BSRTL Speakers, BJC 5T00UP cables, DVB-T Tuner HDHR5-4DT

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Antivirus problem
« Reply #21 on: October 04, 2013, 09:24:15 pm »

And the fog clears:
Logged
The opinions I express represent my own folly.
Pages: [1]   Go Up