New Shark Codec Pack giving false positive

Discussion in 'ESET Smart Security' started by psychokilla, May 20, 2009.

Thread Status:
Not open for further replies.
  1. psychokilla

    psychokilla Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    171
    When installing the latest version of the Windows 7 Codec pack ESET Smart Security v4 x64 finds the following virus:

    AUTOIT » script.au3 - Win32/Packed.Autoit.Gen

    This codec pack author has been trusted by the computing and media communities for over a year now so it's highly unlikely it's a real infection.

    His explanation :

     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Doesn't help, but you're better off running a good media player like VLC instead of installing a ton of codec packs. It supports a lot of common codecs, everything that is necessary really.
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Can you please copy and paste the complete message from your log file and also provide the version number for the virus signature database?

    Regards,

    Aryeh Goretsky
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    The codecs from this guy are very good and stable. Never had a problem with the codecs in Vista and 7 x64.

     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Apparently he uses code obfuscation like malware does and hence it's detected. However, it's not detected as malware, but as a potentially unsafe or unwanted application which means the user must have intentionally enabled detection of such suspicious files.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Hello, I'm not debating the quality of hes code, I'm sure it's good. I'm just saying, you will find it very hard to find a file that VLC can't play, and the overall quality of the player is very good. I was very happy I didn't need quicktime/divx/etc installed anymore :thumb:
     
  7. psychokilla

    psychokilla Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    171
    Yeah, I use Media Center from Vista and Windows 7 so vlc is useless for that, I do use it on my laptop though cos it's much lighter on resources.

    I disabled the AV and installed the codec packs, then added their folders to the exclusion list.
     
  8. psychokilla

    psychokilla Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    171
    FIX THE 7 CODEC FALSE POSITIVE!!!

    This has been reported weeks ago and is still being reported as a false positive, WHY!?!
     
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Re: FIX THE 7 CODEC FALSE POSITIVE!!!

    I think it's still being detected because it uses an obfuscation code similar to malware. I don't know if it can be fixed without affecting the generic detection of potentially new malicious codes that use this method.
    The best fix you can do is to exclude files that are detected. Thus you don't need to disable potentially unwanted apps. detection and at the same time codecs aren't detected.
    I'm using this method to keep the codecs free of the danger of being deleted.

     
  10. jcarroll

    jcarroll Registered Member

    Joined:
    Nov 8, 2009
    Posts:
    3
    Ok, if the Shark codec package is so innocent...specifically it's settings.exe, which ESET NOD32 flags, let me ask this question. Why when I rename settings.exe to a non-exe, does the Shark package insist it cannot be uninstalled without this program? The very program flagged by ESET! BTW, you cannot (by Sharks own instructions) uninstall the package but from a tab within the flagged settings.exe program. You cannot uninstall from "Programs and Features". Is it just me, or does this raise a red flag?
     
  11. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    @ funkydude: Not everyone wishes to use another application i.e VLC media player. Yes it is a good media player that works ok, and plays most files, however some people prefer to use other players and wish to just have codecs.

    Sharks codec packages work really well, and never had any issues with them,
    it is with the way it is compiled that eset has the issue.
    I use the codecs on my multiple pc's and do not have any issues with them.
    As long as it is downloaded via his site, I can't see it being an issue.

    @jcarroll: I have found you can use 'Programs and Features' in Windows 7 to uninstall the codecs without any issues. So I think it is you looking for issues that don't exist..
     
  12. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    +1.
    These codecs works very well in my system too. In the past I had some minor bugs that made explorer.exe to crash but were fixed with the next version.

     
  13. jcarroll

    jcarroll Registered Member

    Joined:
    Nov 8, 2009
    Posts:
    3
    @pjb: This is what I'm seeing on my system with the Shark007 v2.0.5 package. At this moment, the settings32.exe was removed by ESET. And from Programs and Features, the only option available is "Repair". Please don't be so dismissive of others posts, it doesn't serve the forum.
     
  14. pbmcmlxxi

    pbmcmlxxi Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    131
    Location:
    Hants, UK
    I am not dismissive, just to the point...
    I believe you would have clicked to remove the setting32.exe when eset prompted you, which was a discretionary move on the end user i.e you.

    You said you could not use 'Programs and Features' but you did not say you were missing the above file, which is why 'Programs and Features' for you is not working, and is not a inherent with Shark's installer.

    I guess one way you could remove it or try to is; download the latest version, turn off real time file protection etc, or if it prompts you on the file of a potentially unwanted application - on this occasion ignore, and then it may give you the option to remove/repair etc. That may help you out..
     
  15. jcarroll

    jcarroll Registered Member

    Joined:
    Nov 8, 2009
    Posts:
    3
    I believe I was being right to the point in my original post. I stated I renamed the settings.exe file. And what is inherent in the Shark codec package is that this file, which is flagged by ESET NOD32, must be present to uninstall.

    I actually discovered the uninstall issue when I downloaded and attempted to install the latest version of Shark. The install detected the earlier version and would not continue until it was uninstalled.

    I did restore the settings32.exe from quarantine, but this did not change the options under "Programs and Features". I still only have a "Repair" option.

    So, as originally noted, per Shark's own documentation, my only recourse for uninstalling is to run settings32.exe...the very pgm ESET NOD32 is warning me about. I don't think I'm fishing for phantom issues.
     
Thread Status:
Not open for further replies.