Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: WinAmp kit/update - a possible threat inside it

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Nullsoft
And, this specific program:
Winamp 5.x

This thread has been marked as locked.
DalilaSoft WinAmp kit/update - a possible threat inside it
Member 29th Sep, 2011 11:21
Ranking: -9
Posts: 4
User Since: 21st Dec, 2007
System Score: 98%
Location: RO
When I've tried to download WinAmp from the URL provided by Secunia PSI, my antivirus (NOD32) detect in it this:

http://download.nullsoft.com/winamp/client/winamp5... > NSIS > OCSetupHlp.dll is infected with Win32/OpenCandy application.

What is safer: to keep old version of WinAmp or to execute an executable which contains Win32/OpenCandy threat ?

--
ing. Traian Gheorghe ONCIU
S.C. Dalila SoftWare SRL

Maurice Joyce RE: WinAmp kit/update - a possible threat inside it
Handling Contributor 29th Sep, 2011 12:24
Score: 11630
Posts: 8,917
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 29th Sep, 2011 12:38
I have just tested it & can find nothing wrong.

Have U checked with your anti viral vendor that they are not issuing a false positive?

To double check I have installed it onto my test PC - no problems & no notification of any malware.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Anthony Wells RE: WinAmp kit/update - a possible threat inside it
Expert Contributor 29th Sep, 2011 12:50
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

None of my security software pick up this detection .

Jotti confirm the Eset (NOD32) detection and another company see it as a Zlob variant :-

http://virusscan.jotti.org/en/scanresult/7cd4ea459...

I am having trouble loading the file to VirusTotal atm , you may wish to try yourself :-

http://www.virustotal.com/

A couple weeks ago my Antivir Avira (on demand scan) detected a (long time installed on my PC) programme installer as an ADWARE OpenCandyA486 . No-one else sees it , but when I uploaded it their labs as a "probable False Positive " , they said that it was a "real infection" and is their database - note it is shown as "Adware" !!

As Maurice Joyce says , you will need to get ESET to check it's findings and also you should advise WinAmp of the "potential" problem .

Bit of a Catch 22 whether you load the update , the odds favour an FP but I am not a gambler by nature .

Let us know how you go .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
ddmarshall RE: WinAmp kit/update - a possible threat inside it
Dedicated Contributor 29th Sep, 2011 14:26
Score: 1205
Posts: 957
User Since: 8th Nov 2008
System Score: 98%
Location: UK
OpenCandy is used by some free software producers to make some money. Usually it is harmless. It offers you additional products as you are installing the program you downloaded.
There's a good description of it here:
http://www.microsoft.com/security/portal/Threat/En...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Anthony Wells RE: WinAmp kit/update - a possible threat inside it
Expert Contributor 29th Sep, 2011 14:54
Score: 2434
Posts: 3,317
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 29th Sep, 2011 15:04
Hello again ,

Here is the (very long) awited Virus Total scan which also shows Eset detection (no others) :-

http://www.virustotal.com/file-scan/report.html?id...

It should be noted that in an earlier VT scan , it was not detected as such as Eset(NOD32) was not included in the scan :-

http://www.virustotal.com/file-scan/report.html?id...

Interestingly , the Avira detection I have/had on my machine is for an installation .exe of Sumo which is specifically the one without bundled adware/software .

I would be interested to hear what Eset/Nullsoft have to say .

Take care

Anthony

EDIT : The links do work , but if you get an error at first , it seems to go thru' at the second/third attempt .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

hollisterdesign2011

RE: WinAmp kit/update - a possible threat inside it
[+]
This reply has been deleted

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability