4.1.9.1758: Norton Security finds infected file

Beta Testing for Windows Products and plugins

Moderator: Gurus

icon
Posts: 31
Joined: Sun Nov 22, 2009 6:21 am

4.1.9.1758: Norton Security finds infected file

Post by icon » Sat Sep 12, 2015 10:51 am

Hi

I've just updated to 4.1.9.1758. Norton Security alerted my, that the file winamp.exe is malicious (Suspisicous.Cloud Tread) and removed the file

why is winamp.exe included and what's wrong with the file?

Regards
Renato

Lowlander
Posts: 46093
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: 4.1.9.1758: Norton Security finds infected file

Post by Lowlander » Sat Sep 12, 2015 11:09 am

Nothing wrong with the file as it's empty. It is a false positive. winamp.exe is included to allow WinAmp plugins to be installed with MediaMonkey.
Lowlander (MediaMonkey user since 2003)

icon
Posts: 31
Joined: Sun Nov 22, 2009 6:21 am

Re: 4.1.9.1758: Norton Security finds infected file

Post by icon » Sat Sep 12, 2015 11:20 am

Okey thanks. I will submit it to Symantec to check for false positive then :)

Aff
Posts: 301
Joined: Sun Oct 05, 2008 4:46 pm
Location: Switzerland

Re: 4.1.9.1758: Norton Security finds infected file

Post by Aff » Sun Sep 13, 2015 9:12 am

Checked with VirusTotal - only Symantec thinks it could be virus (heuristic), the other 55 scanners say it's OK.

The file is 216 bytes larger than an older version.
The digital signature has been updated. Was there any other change? Probably a newer version of the compiler?

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Sun Sep 13, 2015 9:16 am

My Beta installation crashes as soon as it appears on the monitor...Norton keeps removing Suspicious.Cloud even after I tried to allow it in a rule. Haven't had this problem with any previous Beta version.

Aff
Posts: 301
Joined: Sun Oct 05, 2008 4:46 pm
Location: Switzerland

Re: 4.1.9.1758: Norton Security finds infected file

Post by Aff » Sun Sep 13, 2015 9:22 am

I simply use winamp.exe from an older version of MM.
So you can backup the old winamp.exe, deactivate Norton, install MM, and copy the old winamp.exe back to the MM program folder, enable Norton.

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Sun Sep 13, 2015 10:34 am

did not work for me...
I replaced with old version of d_WMDM.dll
Also tried just deleting d_WMDM.dll
same crashing result

Aff
Posts: 301
Joined: Sun Oct 05, 2008 4:46 pm
Location: Switzerland

Re: 4.1.9.1758: Norton Security finds infected file

Post by Aff » Sun Sep 13, 2015 12:54 pm

PDoyle wrote:d_WMDM.dll
???

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Sun Sep 13, 2015 1:43 pm

Sorry...after your suggestion of replacing with winamp.exe from previous version, 1758 still crashes immediately upon opening.

I then tried Pavle's suggestion of deleting from plugins folder d_WMDM.dll and restarting; still MMW crashes. I'm not getting a warning from Norton about Suspcious.Cloud; but MMW is still crashing.

Ludek
Posts: 2998
Joined: Fri Mar 09, 2007 9:00 am

Re: 4.1.9.1758: Norton Security finds infected file

Post by Ludek » Mon Sep 14, 2015 6:53 am

Hi, strange,
there was no code change between 1757 and 1758 that could cause this.

The reason for the crash most probably is that the build 1757 somehow wasn't properly closed before installation of 1758, i.e. the files from 1757 has not been completely replaced.
To confirm, try installing of 1758 to another folder than 1757, or uninstall 1757 at first and ensure that the install directory is empty before installing 1758.

Ludek
Posts: 2998
Joined: Fri Mar 09, 2007 9:00 am

Re: 4.1.9.1758: Norton Security finds infected file

Post by Ludek » Wed Sep 16, 2015 2:48 pm

Any update on this? I see here http://www.mediamonkey.com/forum/viewto ... 24#p413990 that 1757 also does not work, so it looks unrelated to the build 1758 but rather to a Norton security update ? If you disable Norton, does it work then?

Could you open eSupport ticked and attach debug log? Item 4B here: http://www.mediamonkey.com/forum/viewto ... ?f=6&t=341

Thanks!

Peke
Posts: 12368
Joined: Tue Jun 10, 2003 7:21 pm
Location: Serbia
Contact:

Re: 4.1.9.1758: Norton Security finds infected file

Post by Peke » Wed Sep 16, 2015 7:10 pm

BTW MMW Winamp.exe was called number of things over the years :( https://www.google.com/search?q=Mediamo ... 8&oe=utf-8# in all cases it was proven FALSE positive. Actualy I often use that file as Antivirus App Quality Test for in order to ractify payed premium Deep Guessing scan feature.
Best regards,
Pavle
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
Image
Image
How to add SCREENSHOTS to forum

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Wed Sep 16, 2015 7:24 pm

just submitted support ticket with debug log attached...
- 1758 Portable install seems to be working fine, whether NOrton 360 is enabled or disabled.
- Tried to install 1758 regular; Norton removed what it called the Suspicious.Cloud file
- INstalled 1758 regular with NOrton disabled. It still wouldn't open; asked me to create a new database, but never opened.
- 1757 regular install now will not open. 1757 was opening fine last week. This week, it won't open.

Don't think I should use 1758 Portable, as in the past installing portable in same folder as a regular install caused problems. Correct?

thanks

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Thu Sep 17, 2015 3:49 am

While regular installation of 1759 RC fails to open on Windows 7; PORTABLE installation has been successful. Which is what I found with 1758.

PDoyle
Posts: 74
Joined: Tue Mar 03, 2009 2:13 pm

Re: 4.1.9.1758: Norton Security finds infected file

Post by PDoyle » Thu Sep 17, 2015 5:01 am

1759 crashes as soon as it opens, when installed regular on Windows 8.1. I have allowed winamp.exe in Norton after it had been quarantined. I have tried installing and starting up with Norton disabled. I can send in the .elf file if that would help.

Post Reply