FP - again, please fix

Medank · Oct 19, 2008

http://en.wikipedia.org/wiki/MP3_Rocket

and the download link is: hxxp://baixaki.ig.com.br/download/mp3-rocket.htm

~Virus Total screenshot removed per Policy. - Ron~

jmc777 · Oct 19, 2008

It's been flagged as a 'potentially unsafe application'.

Potentially unsafe applications

There are many legitimate programs which serve to simplify the administration of networked computers. However, in the wrong hands, they may be misused for malicious purposes. This is why ESET has created this special category. Our clients now have the option to choose whether the antivirus system should or should not detect such threats.
"Potentially unsafe applications” is the classification used for commercial, legitimate software. This classification includes programs such as remote access tools, password-cracking applications, and keyloggers (a program recording each keystroke a user types).

If you find that there is a potentially unsafe application present and running on your computer (and you did not install it), please consult your network administrator or remove the application.
Click to expand...

Medank · Oct 19, 2008

what is all this wow
the file is safe it's not a virus or anything . eset detected as FP when will this file be removed ?

jmc777 · Oct 19, 2008

Medank said:

what is all this wow
the file is safe it's not a virus or anything .
Click to expand...

It's not being flagged as a virus. If you don't want warnings about that program, untick 'Potentially unsafe applications' in your Threatsense settings.

proactivelover · Oct 19, 2008

scan only MP3Rocket.exe then see result on virustotal

Medank · Oct 19, 2008

proactivelover said:

scan only MP3Rocket.exe then see result on virustotal
Click to expand...

i did, i scaned again and it flagged as: a variant of Win32/AdInstaller application

Marcos · Oct 19, 2008

I've downloaded it and the result was as follows:
File MP3Rocket.exe received on 10.18.2008 16:22:43 (CET)
Current status: finished
Result: 1/36 (2.78%)

NOD32 3534 2008.10.18 -

Additional information
File size: 116224 bytes
MD5...: 9fc505e6ad29c4909ab35cfadfd9e9c4
SHA1..: 152849e3534f103e9ff623fbe8cec7fb7ff70c27
SHA256: 6d3f91ca0b2d751f45019be57d1a4fc1ca446a5dc6c612f32e38dbf64fbc489a
SHA512: 3371fb170922b187be07a2e80d0044e0005e90499f1e67d1178bad42ffacec7f
bdff3567273d219d38acfe6d807c86d30b7be3921d65f9f8ce1febe97bdcbdf5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

proactivelover · Oct 19, 2008

file apbarSp.MP3Rocket.exe is ad installer so it's not a FP
i extract the installer with Universal Extractor v1.6

Medank · Oct 19, 2008

Marcos said:

I've downloaded it and the result was as follows:
File MP3Rocket.exe received on 10.18.2008 16:22:43 (CET)
Current status: finished
Result: 1/36 (2.78%)

NOD32 3534 2008.10.18 -

Additional information
File size: 116224 bytes
MD5...: 9fc505e6ad29c4909ab35cfadfd9e9c4
SHA1..: 152849e3534f103e9ff623fbe8cec7fb7ff70c27
SHA256: 6d3f91ca0b2d751f45019be57d1a4fc1ca446a5dc6c612f32e38dbf64fbc489a
SHA512: 3371fb170922b187be07a2e80d0044e0005e90499f1e67d1178bad42ffacec7f
bdff3567273d219d38acfe6d807c86d30b7be3921d65f9f8ce1febe97bdcbdf5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Click to expand...

I just downloaded mp3rocket from same website as i mention above and scanned and result:
-
File MP3Rocket-Win.exe recived on 10.19.2008 23:18:36
Current status: finished
Resultat: 2/36 (5.56%)

NOD32 3536 2008.10.19 - a variant of Win32/AdInstaller

Additional Information
File size: 3715432 bytes
MD5...: 687d2ba0528f6f95b808d3c084db2898
SHA1..: 580b174b6839beeb7e2a4404aef905f39db64a7e
SHA256: 2e691587d6419cae0def80179d0f95bf28cece4fb5ba6c2a726869e61e644ed5
SHA512: b4c87404867c0e746eed6181a1630eb447d40c386423e6a0b711c10030b55dd5
1db1a117e809330a9a6ac89f4ee82a1904bd13688a28703d280164c75df37fbd
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)

NOD32 user · Oct 19, 2008

Medank said:

I just downloaded mp3rocket from same website as i mention above and scanned and result:
-
File MP3Rocket-Win.exe recived on 10.19.2008 23:18:36
Current status: finished
Resultat: 2/36 (5.56%)

NOD32 3536 2008.10.19 - a variant of Win32/AdInstaller

Additional Information
File size: 3715432 bytes
MD5...: 687d2ba0528f6f95b808d3c084db2898
SHA1..: 580b174b6839beeb7e2a4404aef905f39db64a7e
SHA256: 2e691587d6419cae0def80179d0f95bf28cece4fb5ba6c2a726869e61e644ed5
SHA512: b4c87404867c0e746eed6181a1630eb447d40c386423e6a0b711c10030b55dd5
1db1a117e809330a9a6ac89f4ee82a1904bd13688a28703d280164c75df37fbd
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
Click to expand...

That's what I got earlier - the file Marcos scanned was smaller?

proactivelover said:

file apbarSp.MP3Rocket.exe is ad installer so it's not a FP
i extract the installer with Universal Extractor v1.6
Click to expand...

Saw that too:
C:\Documents and Settings\xxxxxx\Desktop\MP3Rocket-Win.exe » NSIS » apbarSp.MP3Rocket.exe - a variant of Win32/AdInstaller application - was a part of the deleted object

Cheers

Dark Shadow · Oct 19, 2008

Marcos said:

I've downloaded it and the result was as follows:
File MP3Rocket.exe received on 10.18.2008 16:22:43 (CET)
Current status: finished
Result: 1/36 (2.78%)

NOD32 3534 2008.10.18 -

Additional information
File size: 116224 bytes
MD5...: 9fc505e6ad29c4909ab35cfadfd9e9c4
SHA1..: 152849e3534f103e9ff623fbe8cec7fb7ff70c27
SHA256: 6d3f91ca0b2d751f45019be57d1a4fc1ca446a5dc6c612f32e38dbf64fbc489a
SHA512: 3371fb170922b187be07a2e80d0044e0005e90499f1e67d1178bad42ffacec7f
bdff3567273d219d38acfe6d807c86d30b7be3921d65f9f8ce1febe97bdcbdf5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Click to expand...

hey Marcos just curious is that 1/36 of VT and Not a FP.Disregard get my question answered and loving it.

LowWaterMark · Oct 19, 2008

Marcos appears to have tested the actual MP3Rocket.exe application file, versus what other have tested - i.e. the installer kit named MP3Rocket-Win.exe. It looks like NOD32 is not detecting the MP3Rocket.exe program itself once installed. It's just detecting the installer kit which contains a lot more than just the MP3Rocket.exe file. If it is a bundle containing adware among the other contents, then the detection isn't a FP, which is what proactivelover said above.

Dark Shadow · Oct 19, 2008

I guess it safe to say Nod was the first on the job.Time to signature watch.LOL

Log in or Sign up

FP - again, please fix

Medank Registered Member

jmc777 Registered Member

Medank Registered Member

jmc777 Registered Member

proactivelover Registered Member

Medank Registered Member

Marcos Eset Staff Account

proactivelover Registered Member

Attached Files:

weqwe.jpg

Medank Registered Member

NOD32 user Registered Member

Dark Shadow Registered Member

LowWaterMark Administrator

Dark Shadow Registered Member

Log in or Sign up

FP - again, please fix

Medank Registered Member

jmc777 Registered Member

Medank Registered Member

jmc777 Registered Member

proactivelover Registered Member

Medank Registered Member

Marcos Eset Staff Account

proactivelover Registered Member

Attached Files:

weqwe.jpg

Medank Registered Member

NOD32 user Registered Member

Dark Shadow Registered Member

LowWaterMark Administrator

Dark Shadow Registered Member

Useful Searches