[milkweg]

If you use the below crossfeed plugin in Winamp or MediaMonkey then do a virus scan on it. I scanned it with Avast and it came up as containing a trojan so asked some other people to look into it. Defintely looks like a Trojan unless all of the scanners are reporting a false positive.


SourceForge.net: Files

bs2b_winamp-2.1.0-bin.zip

Virustotal. MD5: 2ca6e72c83f30adcdbde0ecd6be8c548 Downloader Downloader.gen.a Trojan-Downloader.Win32.Agent.nxa

The below is after it has been installed to Winamp in a virtual OS.

http://mewnlite.com/mbytes.gif

 

[Mazz]

Quote:

Originally Posted by milkweg /img/forum/go_quote.gif If you use the below crossfeed plugin in Winamp or MediaMonkey then do a virus scan on it. I scanned it with Avast and it came up as containing a trojan so asked some other people to look into it. Defintely looks like a Trojan unless all of the scanners are reporting a false positive.

I got the same report on a couple of machines months after installing it, and with what still appear to be the original timestamps on the executable files. That means one of:

1. It is a Trojan, and lots of virus scanners failed to detect the fact for months and months
2. It's a false positive that only started occurring recently

The source code should be available for inspection if you want to try and find out - or to build your own copy from source and see if it is also flagged as a Trojan - but I haven't had time to look at it.

 

[milkweg]

I don't know enough to do that. I think I can submit the file to Panda Software and they will examine it for me. Will post here their findings.

ver. 2.0.0 of that file scans clean, it is only 2.1.0 that shows a Trojan.