Re: Superantispyware - false positives?

Ron Lopshire · 11-05-2006, 08:01 AM

Ron Lopshire wrote:

> lessmalwareiscool@knowhotmail.org wrote:
>
>> Ron Lopshire <notron@ovbl.org> wrote in
>> news:UBp%g.12259$Lv3.8275@newsread1.news.pas.earth link.net:
>>
>>>> A recent scan found (and REMOVED!) these items:
>>>>
>>>> Trojan.Media-Codec
>>>> E:\PROGRAM FILES\AV\TOOLS\AVICODEC\UNINST.EXE
>>>> E:\DOCUMENTS AND SETTINGS\GIZENTA1\START MENU\PROGRAMS\AVICODEC
>>>> \UNINSTALL.LNK
>>>>
>>>> Adware.Spyware Labs
>>>> E:\PROGRAM FILES\UTILITIES\INTERNET\PROXYWAY\PROXYWAY.EXE
>>>>
>>>> AVICODEC is a highly recommended program on many sites for AV
>>>> enthusiasts, and Proxyway is a legit anonymous proxy program. Both
>>>> are freeware.
>>>
>>> What makes you think that these are FPs? And recommended by whom? Free
>>> CODECs are the Number One in the current list of malware vectors. And
>>> you do have the option of having your scanners not automatically
>>> delete suspected riskware.
>>
>> So you're saying that CCCP, and the K-lite packs over at
>> Free-codecs.com are dangerous? AVICODEC is not a codec but a program
>> that scans multimedia files to see what codecs are in them. It's
>> similar to G-spot.
>>
>> Siteadvisor gives them clean ratings (I think). They're highly
>> recommended over at Videohelp.com and on most AV enthusiast forums.
>
> Not in and of themselves. What I was trying to say is that those who
> routinely download and play with free CODECs put themselves at risk for
> malware infestation. The apps that you are using may be fine, it is the
> downloads and (some of) the creeps who make them available that are
> risky. As I said, free CODECs -> Number 1 malware vector. IIRC,
> pr0n-surfing is now about Number 5 and dropping.
>
> And so, the fact that SAS flagged some of the executable files of
> genuine applications, doesn't mean that the apps themselves are suspect.
> The files themselves may or may not be legitimate. This is a common MO
> for these creeps --- replacing legitimate executables with their own,
> ideally transparently to the user. Google for svchost.exe. What you mean
> it's malware? MS says I need it. Same idea.

I have renamed this topic since it has nothing to do with the OP's use
of SAS, but I will quote the original thread since it is germane to my
discussion with the OP. From Alex's blog,

A note on fake codecs
http://sunbeltblog.blogspot.com/2006...ke-codecs.html

Ron

Thread: Re: Superantispyware - false positives?

Thread Tools

Display

Threaded View

Beware of CODECs

Thread Information

Users Browsing this Thread

Posting Permissions