Virus in v1.15 Setup file

Everything related to MakeMKV
Post Reply
Cyberweaver
Posts: 1
Joined: Wed Mar 04, 2020 10:40 am

Virus in v1.15 Setup file

Post by Cyberweaver » Wed Mar 04, 2020 10:48 am

Hi,

Bitdefender just detected Gen:Variant.Razy.539717 in file: mmnsis.dll during setup execution. Is this real or false positive?

mike admin
Posts: 4075
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Re: Virus in v1.15 Setup file

Post by mike admin » Wed Mar 04, 2020 10:52 am

Nah, we don't ship viruses...

Virustotal:
https://www.virustotal.com/gui/file/890 ... /detection

1.15.0 hash sums

Code: Select all

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

890314d866d52779532b46ed4cf21489bb47f49e6056154524a5e923b85af4c9  Setup_MakeMKV_v1.15.0.exe
442d67d5368390263c30fca2d980ebfffb716be227b9f056b69961d2b11b26ff  makemkv-bin-1.15.0.tar.gz
a9213fa7cbf2bf2f03d90cd350ad53aa82394bc3991c440e9e369e4169f3ed06  makemkv-oss-1.15.0.tar.gz
ad4323d5141a82f11b36f1ad3f54b0f201eedfbd4597ee604fed4b616f2d06b0  makemkv_v1.15.0_osx.dmg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iHUEAREIAB0WIQQuzyMwXx/AsyABZzOU4wg6GAQmlwUCXl9efwAKCRCU4wg6GAQm
l2D8AP91bXRnc5YeaWQ+DlR3DVoEV2h485Gh9eTBFp/Xd2O+wwD/XpX4Pgxsdvqo
a68DumjodayHZqAhjq7yb1KDchhQrCs=
=h3Oh
-----END PGP SIGNATURE-----

Darsarin
Posts: 2
Joined: Mon Jun 17, 2019 3:01 am

Re: Virus in v1.15 Setup file

Post by Darsarin » Wed Mar 04, 2020 4:12 pm

Yeah I got the same message from Bitdefender.

The file C:\Users\*****\AppData\Local\Temp\nsnBCF5.tmp\mmnsis.dll is infected with Gen:Variant.Razy.5397

Woodstock
Posts: 10312
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock » Wed Mar 04, 2020 4:47 pm

As always, when faced with your preferred antivirus software claiming to have found a virus, you should submit the file/URL to your vendor for them to verify it.

Ravik
Posts: 20
Joined: Thu Aug 07, 2014 4:34 pm

Re: Virus in v1.15 Setup file

Post by Ravik » Wed Mar 04, 2020 6:57 pm

Submitted file to BitDefender for review. Lets hope they straighten that out. :)

Mrdeadworry
Posts: 1
Joined: Wed Mar 04, 2020 6:49 pm

Re: Virus in v1.15 Setup file

Post by Mrdeadworry » Wed Mar 04, 2020 7:25 pm

The file check-sums do not match with the one you supplied above. I also use Bitdefender and it is showing the same infection.

SamuriHL
Posts: 2322
Joined: Mon Jun 14, 2010 5:32 pm

Re: Virus in v1.15 Setup file

Post by SamuriHL » Wed Mar 04, 2020 9:00 pm

i checked the sha256 hash of my downloaded windows exe and it matches what Mike posted.

Woodstock
Posts: 10312
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock » Wed Mar 04, 2020 9:03 pm

Are sure? I downloaded the 1.15.0 setup file, then uploaded it to virustotal, and VT gave back a hash code of 890314d866d52779532b46ed4cf21489bb47f49e6056154524a5e923b85af4c9 . This hash code matches what Mike posted above and on the website.

If you're running your own hash, make SURE you are using SHA-256, or you'll get different a different hash.

mkvfanclub
Posts: 27
Joined: Sun Jan 12, 2020 12:23 pm

Re: Virus in v1.15 Setup file

Post by mkvfanclub » Thu Mar 05, 2020 3:21 am

VirusTotal is reporting that uninst.exe (in the MakeMKV program folder) is a virus.

14/71 engines detected a virus in uninst.exe.

https://www.virustotal.com/gui/file/9b6 ... /detection

Woodstock
Posts: 10312
Joined: Sun Jul 24, 2011 11:21 pm

Re: Virus in v1.15 Setup file

Post by Woodstock » Thu Mar 05, 2020 5:09 am

I just ran a test and AVG reports uninst.exe as "Win32:Malware-gen" and moves it to quarantine.

When I ask google what "Win32:Malware-gen" actually is, I get a lot of hits... Many of them for files installed as part of Windows 10 Updates, as well as .NET updates.

MalwareBytes says:
Win32:Malware-gen is a heuristic detection designed to generically detect a Trojan Horse. Due to the generic nature of this threat, we are unable to provide specific information on what it does.
So, I guess the best bet is to submit the file to your favorite AV vendor, and ask them to look at this file SPECIFICALLY, and not "heuristically".

mike admin
Posts: 4075
Joined: Wed Nov 26, 2008 2:26 am
Contact:

Re: Virus in v1.15 Setup file

Post by mike admin » Thu Mar 05, 2020 12:24 pm

mkvfanclub wrote:
Thu Mar 05, 2020 3:21 am
14/71 engines detected a virus in uninst.exe.
https://www.virustotal.com/gui/file/9b6 ... /detection
Interesting...
MakeMKV uses NSIS ( https://nsis.sourceforge.io/Main_Page ) installer engine. The uninstall.exe is a standard NSIS uninstaller stub ( specifically from version 2.51 ) with embedded uninstall script file. Yet, for some reason, the raw stub from NSIS distribution comes clean ( https://www.virustotal.com/gui/file/bca ... /detection ) and the same stub customized with makemkv uninstaller script hits malware warning. You can compare uninstall.exe and the "lzma_solid" stub from NSIS package (v2.51) - they are identical byte-by-byte, except for the script data payload. Please see the detail page in virustotal, specifically it lists hashes of all code and data segments in both files - they are identical
https://www.virustotal.com/gui/file/bca ... 94/details - raw nsis stub
https://www.virustotal.com/gui/file/9b6 ... 52/details - uninst.exe

p.s. There is no virus in uninstall.exe or anywhere else in MakeMKV.

IMissBigMacs2020
Posts: 2
Joined: Mon Apr 27, 2020 8:35 pm

Re: Virus in v1.15 Setup file

Post by IMissBigMacs2020 » Mon Apr 27, 2020 8:44 pm

I'm getting the same today as OP when installing 1.15.1.

SHA 256: E219FF9FDF45A71CEB3AA55615648B43D8EFA64B098459D9CEC9741DE11DD966 downloaded from the MakeMKV site. Will submit to Bitdefender again.

IMissBigMacs2020
Posts: 2
Joined: Mon Apr 27, 2020 8:35 pm

Re: Virus in v1.15 Setup file

Post by IMissBigMacs2020 » Sat May 02, 2020 8:23 pm

Update, submitted the other day to Bitdefender and it's no longer being detected (yay!) but suspect it will get detected again next version.

Post Reply