Stream Video Codec v 4.01a

Hi
is it an fp or the codec is?. cannot download.

 

Can you copy to Quarantine and submit for analysis to Eset.

Cheers

 

This is not a codec, it's a trojan. Avoid all these domains:

emcodec.com
getcodecs.com
v-codec.com
vcodec-download.com
vcodec-get.com
vcodec.com
vcodecdownload.com
vcodecget.com
vcodecget.net
vcodecpull.com
vicodec.com
vidcodec.com
videocodecupdate.com
vidscodec.com

These contain all fake codecs. They are NOT codecs, they are all trojans.

 

man that's are dangerous

 

Are you all sure that it is not an fp?

regards
joter

 

Here is the results from Jotti's.
Jotti must have NOD setup incorrectly?
NOD detects here but not on Jotti's scan?

NOD:
D:\Documents and Settings\Administrator\My
Documents\SVideoCodec4_01a.exe »NSIS »ecodec.exe - probably a variant of
Win32/TrojanDownloader.Zlob.KT trojan


Jotti's:
File: SVideoCodec4_01a.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 f2e3bdbb9b753f1735e1267fa4f16eea
Packers detected: UPX, PE_PATCH, UPACK
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.Favadd
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Notifier.Win32.Zlob.d, Trojan-Downloader.Win32.Zlob.kz
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found Trojan.Favadd

 

It does seem a bit suspicious that the "official" site of the "Stream Video Codec" would have no information at all about the codec, about the people involved, or even how to encode audio and video with it. Wouldn't you say?

 

I've noticed it many times that a file was not recognized by NOD32 at Jottis' though it actually was by my NOD32. When I uploaded it again, it was recognized. Pretty odd.

 

Virus Total
_______________________________________________

Scan results
File: SVideoCodec4_01a.exe
Date: 04/12/2006 00:55:38 (CET)
----
AntiVir 6.34.0.24/20060411 found nothing
Avast 4.6.695.0/20060403 found nothing
AVG 386/20060412 found nothing
Avira 6.34.0.56/20060411 found nothing
BitDefender 7.2/20060412 found nothing
CAT-QuickHeal 8.00/20060411 found nothing
ClamAV devel-20060202/20060411 found nothing
DrWeb 4.33/20060412 found [Trojan.Favadd]
eTrust-InoculateIT 23.71.126/20060411 found nothing
eTrust-Vet 12.4.2158/20060411 found nothing
Ewido 3.5/20060411 found nothing
Fortinet 2.71.0.0/20060412 found [suspicious]
F-Prot 3.16c/20060411 found nothing
Ikarus 0.2.59.0/20060411 found nothing
Kaspersky 4.0.2.24/20060412 found nothing
McAfee 4738/20060411 found nothing
NOD32v2 1.1483/20060411 found [probably a variant of Win32/TrojanDownloader.Zlob.KT ]
Norman 5.90.15/20060411 found nothing
Panda 9.0.0.4/20060411 found [Suspicious file]
Sophos 4.04.0/20060411 found nothing
Symantec 8.0/20060411 found nothing
TheHacker 5.9.7.128/20060411 found nothing
UNA 1.83/20060411 found nothing
VBA32 3.10.5/20060411 found nothing


Regards
joter

 

LOL. Take a look at this section of the "Terms of Use" posted at http://emcodec.com/terms.html . It looks like adware to me:

One question I have is, how did you find out about this? Did somebody in particular tell you to download this software in order to play a certain movie file? Or are you wanting to play a certain type of movie, and you arrived at this site via Google search?

Also...
http://virusinfo.prevx.com/pxparall.asp?PXC=10ba11980504
http://research.sunbelt-software.com/threat_display.cfm?name=Vcodec&threatid=42096

 

Viola, the vendor insists on removing detection of the Zlob trojan, though the threat actually fullfils all criteria for malware:

- installs itself to the program files folder (actually, codec.exe is finally removed by the installer and only uninstaller remains the folder after installation)

- copies dfrgsrv.exe and ld4F9E.tmp to the SYSTEM32 folder (not removed by the uninstaller)

- the exe file registers itself to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\wininet.dll

- dfrgsrv.exe injects into the winlogon.exe process to hide away, so it's invisible and cannot be deleted

The question is when we can expect the author of Mydoom to remove detection for this famous worm?

 

Finally all antiviruses removed signature detection

 

Then why the new variant being spread is still detected by one famous AV besides NOD32