Trojan Downloader

[Mondo]

Yesterday, my Roxio Easy Media Creator Basic DVD Home v7 updated and everything seemed fine. But today AVG anti-virus is telling me that the file MPEGStreamDemuxer.dll is infected with Trojan horse Downloader.Agent.KNW. This file is in the folder \PROGRAM FILES\ROXIO SHARED\SHAREDCOM\ and appears to be part of the program that was updated.

 

What did you send me and why do you need it running surreptitiously? Or did I get an infected file from your server?

[REDWAGON]

I am assuming that this is a false positive Mondo. Several others have posted a similar virus indication.

 

Frank...

[d_deweywright]

What did you send me and why do you need it running surreptitiously? Or did I get an infected file from your server?

Also, "we" didn't send you anything, nor need it running. "We" are users like yourself. Occassionally, you'll find a Roxio employee here, but rarely.

[grandpabruce]

Yesterday, my Roxio Easy Media Creator Basic DVD Home v7 updated and everything seemed fine. But today AVG anti-virus is telling me that the file MPEGStreamDemuxer.dll is infected with Trojan horse Downloader.Agent.KNW. This file is in the folder \PROGRAM FILES\ROXIO SHARED\SHAREDCOM\ and appears to be part of the program that was updated.

 

What did you send me and why do you need it running surreptitiously? Or did I get an infected file from your server?

 

I wasn't aware that Roxio ever sold, or supported, a Basic version of EMC 7. Where did you get it, and where did you get an update for it?

 

This is not Roxio tech support. This is a users forum, and unless someone has a Roxio icon by their name, they are a user, like you.

[Brendon]

I wasn't aware that Roxio ever sold, or supported, a Basic version of EMC 7. Where did you get it, and where did you get an update for it?

Hi Bruce,

 

It's mentioned here http://forums.support.roxio.com/index.php?showtopic=7564

 

Looks like an OEM version.

[grandpabruce]

Hi Bruce,

 

It's mentioned here http://forums.support.roxio.com/index.php?showtopic=7564

 

Looks like an OEM version.

 

Thanks, Brendon. I know about the OEM's with computers and drives, but I don't see any updates on the Roxio site, for anything but the downloaded version and the retail version.

[sknis]

Thanks, Brendon. I know about the OEM's with computers and drives, but I don't see any updates on the Roxio site, for anything but the downloaded version and the retail version.

 

That would be an interesting way of infecting a computer. Make and "sell" a pirated version of a program with a time bomb in it. Eventually send an update with the trojan. Where did you get the program?

 

As stated above, there are no updates from Roxio on OEM software since there are probably many versions with the same version name and not all have the same functionality. How often do you check for malware on your computer? Perhaps that trojan was there all the time or perhaps it is not there at all. Some security software free trials or downloads might give a false positive just to get you to buy their software.

 

You might try a system restore to before when you downloaded that fake update but i don't think that will work. There is a lot of help if you Google for that agent.

[EscapePod]

I also got this trojan message from AVG 7.5 on my XP PC today. That PC had been off for approx. 6 days. No updates were received or solicited from Roxio. My Roxio is Easy Media Creator 7 (Build 7.1.1.189 ENU).

 

It should be noted that AVG "found" this trojan approx. 15 - 20 minutes "after" an AVG virus definition update. I'm inclined to believe it is a false indication. Per AVG, the file needs to be zipped, passworded, and sent to them for analysis.

[talldancer]

Does anyone not consider that this is a real trojan perhaps that is designed for a particular program? or do you believe that AVG through its hueristic (I might have spelt that wrong) analysis has recogonised a genuine file as being bad?

I did not update my version of EMC but did update AVG last night and subsequently ran a scan, the result of which was this trojan downloader being identified. My AVG has deleted the file. I do not have any of my programs or applications set to automatically update.

[Brendon]

AVG is throwing yet ANOTHER FALSE POSITIVE

 

It has a bad history for this.

[lynn98109]

I've never considered using AVG because I don't consider ECDC 5 to be a trojan - and AVG is confident it is.

 

Lynn

[talldancer]

AVG is throwing yet ANOTHER FALSE POSITIVE

 

It has a bad history for this.

 

So do I now have a problem in reinstating the genuine EMC file (is it?) and what about limiting AVG in its ability to identify false positives?

 

What does Roxio say?

 

I have yet to find an AV program (I have tried and used many) that I can totally rely upon, whether paid for or not.

 

I am fed up with spending hour after hour chasing the consequences of false identification, no results and dead ends but believing I am about to find a solution, either through the companies or often through totally independant sources.

 

How many AV 'companies' perpetrate the problem to an end of profit above all else, slowly undermining the ability of those like me that are potentially unlimited in their knowledge as a result of what is put before them.

 

Is there an answer?

[Brendon]

So do I now have a problem in reinstating the genuine EMC file (is it?) and what about limiting AVG in its ability to identify false positives?

 

Talldancer (and anyone else who has deleted mpegstreamdemuxer.dll because of AVG),

 

I'm not sure how you'd reinstate the file if you have deleted it instead of sending it to some virus dungeon or whatever else AVG does.

 

To do it through the Roxio site you'd probably have to uninstall the program completely, then reinstall it from your CD and have it update itself again. That should be straightforward, but a fairly long procedure.

 

If you want to send me an email address in a Private Message (click on the PM button below my picture) I can send you a copy of the file out of my Easy Media Creator 7.5.

Using that to replace the deleted file should work, but if it doesn't then no harm done and you just move on to the complete uninstall/reinstall routine.

 

As to limiting AVG from their false positives . . short of a SCUD missile I can't think of anything. They have a history, and staff local to me arrogantly tell me they NEVER have false positives. I shun their software now.