Stream Video Codec v 4.01a

Discussion in 'NOD32 version 2 Forum' started by clique, Apr 11, 2006.

Thread Status:
Not open for further replies.
  1. clique

    clique Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    39
    Hi
    is it an fp or the codec is?. cannot download.
     

    Attached Files:

  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you copy to Quarantine and submit for analysis to Eset.

    Cheers :D
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    This is not a codec, it's a trojan. Avoid all these domains:

    emcodec.com
    getcodecs.com
    v-codec.com
    vcodec-download.com
    vcodec-get.com
    vcodec.com
    vcodecdownload.com
    vcodecget.com
    vcodecget.net
    vcodecpull.com
    vicodec.com
    vidcodec.com
    videocodecupdate.com
    vidscodec.com

    These contain all fake codecs. They are NOT codecs, they are all trojans.
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    man that's are dangerous
     
  5. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Are you all sure that it is not an fp?

    regards
    joter
     
  6. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA

    Here is the results from Jotti's.
    Jotti must have NOD setup incorrectly?
    NOD detects here but not on Jotti's scan?

    NOD:
    D:\Documents and Settings\Administrator\My
    Documents\SVideoCodec4_01a.exe »NSIS »ecodec.exe - probably a variant of
    Win32/TrojanDownloader.Zlob.KT trojan


    Jotti's:
    File: SVideoCodec4_01a.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 f2e3bdbb9b753f1735e1267fa4f16eea
    Packers detected: UPX, PE_PATCH, UPACK
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found Trojan.Favadd
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Trojan-Notifier.Win32.Zlob.d, Trojan-Downloader.Win32.Zlob.kz
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found Trojan.Favadd
     
  7. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    It does seem a bit suspicious that the "official" site of the "Stream Video Codec" would have no information at all about the codec, about the people involved, or even how to encode audio and video with it. Wouldn't you say? :cautious:
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've noticed it many times that a file was not recognized by NOD32 at Jottis' though it actually was by my NOD32. When I uploaded it again, it was recognized. Pretty odd.
     
  9. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Virus Total
    _______________________________________________

    Scan results
    File: SVideoCodec4_01a.exe
    Date: 04/12/2006 00:55:38 (CET)
    ----
    AntiVir 6.34.0.24/20060411 found nothing
    Avast 4.6.695.0/20060403 found nothing
    AVG 386/20060412 found nothing
    Avira 6.34.0.56/20060411 found nothing
    BitDefender 7.2/20060412 found nothing
    CAT-QuickHeal 8.00/20060411 found nothing
    ClamAV devel-20060202/20060411 found nothing
    DrWeb 4.33/20060412 found [Trojan.Favadd]
    eTrust-InoculateIT 23.71.126/20060411 found nothing
    eTrust-Vet 12.4.2158/20060411 found nothing
    Ewido 3.5/20060411 found nothing
    Fortinet 2.71.0.0/20060412 found [suspicious]
    F-Prot 3.16c/20060411 found nothing
    Ikarus 0.2.59.0/20060411 found nothing
    Kaspersky 4.0.2.24/20060412 found nothing
    McAfee 4738/20060411 found nothing
    NOD32v2 1.1483/20060411 found [probably a variant of Win32/TrojanDownloader.Zlob.KT ]
    Norman 5.90.15/20060411 found nothing
    Panda 9.0.0.4/20060411 found [Suspicious file]
    Sophos 4.04.0/20060411 found nothing
    Symantec 8.0/20060411 found nothing
    TheHacker 5.9.7.128/20060411 found nothing
    UNA 1.83/20060411 found nothing
    VBA32 3.10.5/20060411 found nothing


    Regards
    joter
     
  10. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    LOL. Take a look at this section of the "Terms of Use" posted at http://emcodec.com/terms.html . It looks like adware to me:
    One question I have is, how did you find out about this? Did somebody in particular tell you to download this software in order to play a certain movie file? Or are you wanting to play a certain type of movie, and you arrived at this site via Google search?

    Also...
    http://virusinfo.prevx.com/pxparall.asp?PXC=10ba11980504
    http://research.sunbelt-software.com/threat_display.cfm?name=Vcodec&threatid=42096
     
    Last edited: Apr 12, 2006
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Viola, the vendor insists on removing detection of the Zlob trojan, though the threat actually fullfils all criteria for malware:

    - installs itself to the program files folder (actually, codec.exe is finally removed by the installer and only uninstaller remains the folder after installation)

    - copies dfrgsrv.exe and ld4F9E.tmp to the SYSTEM32 folder (not removed by the uninstaller)

    - the exe file registers itself to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\wininet.dll

    - dfrgsrv.exe injects into the winlogon.exe process to hide away, so it's invisible and cannot be deleted

    The question is when we can expect the author of Mydoom to remove detection for this famous worm?
     
  12. Aerul

    Aerul Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    5
    Finally all antiviruses removed signature detection :D
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Then why the new variant being spread is still detected by one famous AV besides NOD32 :D
     
Thread Status:
Not open for further replies.