The KM Player new verson file with malware..?

Discussion in 'malware problems & news' started by jasonbourne, Apr 16, 2011.

Thread Status:
Not open for further replies.
  1. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    I just saw this post at the MBAM forums about The KM Player having malware from download sites. HERE


    Specifically The_KMPlayer_3.0.0.1440 from Filehippo. Now the topic is locked and there is no news whatsoever about it.

    Anyone of you guys using KMPlayer_3.0.0.1440 from FileHippo or just that particular version from a different download site...? Anything unusual there...?

    I don't see anything out of the ordinary here...Made a full-scan with Malwarebytes (darn 2 hours at that :(...tsk) and I am clean. My AV and 3rd party on-demand also says I am clean. Have not yet submitted it to VT/jotty' because my internet connection is a bit flaky at the moment.

    Any ideas here...?

    Thanks.
     
  2. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    I just had a very quick look, the installer has an option to include "VaccineClean" as an optional component...

    this appears to be a rogue program itself, but don`t quote me on that - I just did a 2 minute search and that`s what I saw.

    http://forums.malwarebytes.org/index.php?showtopic=72749

    I think the installer has now been stepped back a version from 1440 :thumb:

    (I didn`t initially follow your link and read it)
     
    Last edited: Apr 16, 2011
  3. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    @Fad;

    Uninstalled it earlier and went back to previous version. I was looking for the vaccine-clean that was mentione prior uninstalling but got tired looking for it...so I went through removing it.

    I'll be waiting for an update at the MBAM forums. I see that there is a guy also asking for news but zit...zero there.

    You have a good one!
     
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    There seems to be a lot of FUD about this version across the net ("OMG u are rooted" BS), but I can confirm that the 1440 version is OK to install if you uncheck the 2 "additions" (VaccineClean and, IRC, Keywordsearch) during install.

    Although, by "OK" I mean malware free, it's still as bug ridden as always. :rolleyes: (which is the reason I switched to MPC-HC, probably permanently)
     
  5. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Found this one out at an MBAM forum post. I don't know what was meant by

    --maybe "it" was designed to "not be detected"..anyway, no other replies there as it was locked also...but it says, MBAM has added signatures for its detection.

    Link
     
    Last edited: Apr 18, 2011
  6. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    I personally use PotPlayer which is an offshoot of KMPlayer apparently...

    it runs portably as well which suits me fine :thumb:
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi,

    Just to expand on missing information to clarify any misunderstandings.

    We lock topics so other members of the research team know it is being handled although giving feedback on submissions is very time dependent.
    Usually we are busy processing 100's of files on the fly so our time is often regretably limited.

    Kmplayer by itself is not malicious so we did not need to create detection for the installer or the application itself.

    However on initial assessment it was felt that 2 of the bundled components were undesirable so signatures were created to both block their install with our protection module(MBAM Pro) and also unload them should they be installed already on somebodies computer :thumb:

    I hope that feels in the blanks for you folks...must dash got new mal-code to BBQ:cool:
     
    Last edited: Apr 19, 2011
  8. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Wow that was mighty kind of you fcukdat! Thanks for the explanation there! All is well now:)
     
Loading...
Thread Status:
Not open for further replies.