www.makemkv.com

Hi,

Bitdefender just detected Gen:Variant.Razy.539717 in file: mmnsis.dll during setup execution. Is this real or false positive?

Nah, we don't ship viruses...

Virustotal:
https://www.virustotal.com/gui/file/890 ... /detection

1.15.0 hash sums

Yeah I got the same message from Bitdefender.

The file C:\Users\*****\AppData\Local\Temp\nsnBCF5.tmp\mmnsis.dll is infected with Gen:Variant.Razy.5397

As always, when faced with your preferred antivirus software claiming to have found a virus, you should submit the file/URL to your vendor for them to verify it.

Submitted file to BitDefender for review. Lets hope they straighten that out.

The file check-sums do not match with the one you supplied above. I also use Bitdefender and it is showing the same infection.

i checked the sha256 hash of my downloaded windows exe and it matches what Mike posted.

Are sure? I downloaded the 1.15.0 setup file, then uploaded it to virustotal, and VT gave back a hash code of 890314d866d52779532b46ed4cf21489bb47f49e6056154524a5e923b85af4c9 . This hash code matches what Mike posted above and on the website.

If you're running your own hash, make SURE you are using SHA-256, or you'll get different a different hash.

VirusTotal is reporting that uninst.exe (in the MakeMKV program folder) is a virus.

14/71 engines detected a virus in uninst.exe.

https://www.virustotal.com/gui/file/9b6 ... /detection

I just ran a test and AVG reports uninst.exe as "Win32:Malware-gen" and moves it to quarantine.

When I ask google what "Win32:Malware-gen" actually is, I get a lot of hits... Many of them for files installed as part of Windows 10 Updates, as well as .NET updates.

MalwareBytes says:

Win32:Malware-gen is a heuristic detection designed to generically detect a Trojan Horse. Due to the generic nature of this threat, we are unable to provide specific information on what it does.

So, I guess the best bet is to submit the file to your favorite AV vendor, and ask them to look at this file SPECIFICALLY, and not "heuristically".

mkvfanclub wrote: ↑

Thu Mar 05, 2020 3:21 am

14/71 engines detected a virus in uninst.exe.
https://www.virustotal.com/gui/file/9b6 ... /detection

Interesting...
MakeMKV uses NSIS ( https://nsis.sourceforge.io/Main_Page ) installer engine. The uninstall.exe is a standard NSIS uninstaller stub ( specifically from version 2.51 ) with embedded uninstall script file. Yet, for some reason, the raw stub from NSIS distribution comes clean ( https://www.virustotal.com/gui/file/bca ... /detection ) and the same stub customized with makemkv uninstaller script hits malware warning. You can compare uninstall.exe and the "lzma_solid" stub from NSIS package (v2.51) - they are identical byte-by-byte, except for the script data payload. Please see the detail page in virustotal, specifically it lists hashes of all code and data segments in both files - they are identical
https://www.virustotal.com/gui/file/bca ... 94/details - raw nsis stub
https://www.virustotal.com/gui/file/9b6 ... 52/details - uninst.exe

p.s. There is no virus in uninstall.exe or anywhere else in MakeMKV.

I'm getting the same today as OP when installing 1.15.1.

SHA 256: E219FF9FDF45A71CEB3AA55615648B43D8EFA64B098459D9CEC9741DE11DD966 downloaded from the MakeMKV site. Will submit to Bitdefender again.

Update, submitted the other day to Bitdefender and it's no longer being detected (yay!) but suspect it will get detected again next version.