Virus in v1.15 Setup file

Everything related to MakeMKV
Post Reply
Cyberweaver
Posts: 1
Joined: Wed Mar 04, 2020 10:40 am

Virus in v1.15 Setup file

Post by Cyberweaver »

Hi,

Bitdefender just detected Gen:Variant.Razy.539717 in file: mmnsis.dll during setup execution. Is this real or false positive?
mike admin
Posts: 4075
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Re: Virus in v1.15 Setup file

Post by mike admin »

Nah, we don't ship viruses...

Virustotal:
https://www.virustotal.com/gui/file/890 ... /detection

1.15.0 hash sums

Code: Select all

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

890314d866d52779532b46ed4cf21489bb47f49e6056154524a5e923b85af4c9  Setup_MakeMKV_v1.15.0.exe
442d67d5368390263c30fca2d980ebfffb716be227b9f056b69961d2b11b26ff  makemkv-bin-1.15.0.tar.gz
a9213fa7cbf2bf2f03d90cd350ad53aa82394bc3991c440e9e369e4169f3ed06  makemkv-oss-1.15.0.tar.gz
ad4323d5141a82f11b36f1ad3f54b0f201eedfbd4597ee604fed4b616f2d06b0  makemkv_v1.15.0_osx.dmg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iHUEAREIAB0WIQQuzyMwXx/AsyABZzOU4wg6GAQmlwUCXl9efwAKCRCU4wg6GAQm
l2D8AP91bXRnc5YeaWQ+DlR3DVoEV2h485Gh9eTBFp/Xd2O+wwD/XpX4Pgxsdvqo
a68DumjodayHZqAhjq7yb1KDchhQrCs=
=h3Oh
-----END PGP SIGNATURE-----
Darsarin
Posts: 2
Joined: Mon Jun 17, 2019 3:01 am

Re: Virus in v1.15 Setup file

Post by Darsarin »

Yeah I got the same message from Bitdefender.

The file C:\Users\*****\AppData\Local\Temp\nsnBCF5.tmp\mmnsis.dll is infected with Gen:Variant.Razy.5397
Woodstock
Posts: 10330
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock »

As always, when faced with your preferred antivirus software claiming to have found a virus, you should submit the file/URL to your vendor for them to verify it.
Ravik
Posts: 20
Joined: Thu Aug 07, 2014 4:34 pm

Re: Virus in v1.15 Setup file

Post by Ravik »

Submitted file to BitDefender for review. Lets hope they straighten that out. :)
Mrdeadworry
Posts: 1
Joined: Wed Mar 04, 2020 6:49 pm

Re: Virus in v1.15 Setup file

Post by Mrdeadworry »

The file check-sums do not match with the one you supplied above. I also use Bitdefender and it is showing the same infection.
SamuriHL
Posts: 2325
Joined: Mon Jun 14, 2010 5:32 pm

Re: Virus in v1.15 Setup file

Post by SamuriHL »

i checked the sha256 hash of my downloaded windows exe and it matches what Mike posted.
Woodstock
Posts: 10330
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock »

Are sure? I downloaded the 1.15.0 setup file, then uploaded it to virustotal, and VT gave back a hash code of 890314d866d52779532b46ed4cf21489bb47f49e6056154524a5e923b85af4c9 . This hash code matches what Mike posted above and on the website.

If you're running your own hash, make SURE you are using SHA-256, or you'll get different a different hash.
mkvfanclub
Posts: 27
Joined: Sun Jan 12, 2020 12:23 pm

Re: Virus in v1.15 Setup file

Post by mkvfanclub »

VirusTotal is reporting that uninst.exe (in the MakeMKV program folder) is a virus.

14/71 engines detected a virus in uninst.exe.

https://www.virustotal.com/gui/file/9b6 ... /detection
Woodstock
Posts: 10330
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock »

I just ran a test and AVG reports uninst.exe as "Win32:Malware-gen" and moves it to quarantine.

When I ask google what "Win32:Malware-gen" actually is, I get a lot of hits... Many of them for files installed as part of Windows 10 Updates, as well as .NET updates.

MalwareBytes says:
Win32:Malware-gen is a heuristic detection designed to generically detect a Trojan Horse. Due to the generic nature of this threat, we are unable to provide specific information on what it does.
So, I guess the best bet is to submit the file to your favorite AV vendor, and ask them to look at this file SPECIFICALLY, and not "heuristically".
mike admin
Posts: 4075
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Re: Virus in v1.15 Setup file

Post by mike admin »

mkvfanclub wrote:
Thu Mar 05, 2020 3:21 am
14/71 engines detected a virus in uninst.exe.
https://www.virustotal.com/gui/file/9b6 ... /detection
Interesting...
MakeMKV uses NSIS ( https://nsis.sourceforge.io/Main_Page ) installer engine. The uninstall.exe is a standard NSIS uninstaller stub ( specifically from version 2.51 ) with embedded uninstall script file. Yet, for some reason, the raw stub from NSIS distribution comes clean ( https://www.virustotal.com/gui/file/bca ... /detection ) and the same stub customized with makemkv uninstaller script hits malware warning. You can compare uninstall.exe and the "lzma_solid" stub from NSIS package (v2.51) - they are identical byte-by-byte, except for the script data payload. Please see the detail page in virustotal, specifically it lists hashes of all code and data segments in both files - they are identical
https://www.virustotal.com/gui/file/bca ... 94/details - raw nsis stub
https://www.virustotal.com/gui/file/9b6 ... 52/details - uninst.exe

p.s. There is no virus in uninstall.exe or anywhere else in MakeMKV.
IMissBigMacs2020
Posts: 2
Joined: Mon Apr 27, 2020 8:35 pm

Re: Virus in v1.15 Setup file

Post by IMissBigMacs2020 »

I'm getting the same today as OP when installing 1.15.1.

SHA 256: E219FF9FDF45A71CEB3AA55615648B43D8EFA64B098459D9CEC9741DE11DD966 downloaded from the MakeMKV site. Will submit to Bitdefender again.
IMissBigMacs2020
Posts: 2
Joined: Mon Apr 27, 2020 8:35 pm

Re: Virus in v1.15 Setup file

Post by IMissBigMacs2020 »

Update, submitted the other day to Bitdefender and it's no longer being detected (yay!) but suspect it will get detected again next version.
Post Reply