Jump to content
Sign in to follow this  
ParrotSlave

MP3 DirectCut false positive

Recommended Posts

VirusTotal gives SUPERantispyware as the only scanner of the 50 that they use that reports the program, MP3DirectCut2.20, as a trojan, Trojan.Agent/Gen-Small.

See https://www.virustotal.com/en/file/6afbfd4f27078086b4e9b5591d475928edfce7c4b476183a55638eeebbd397c1/analysis/.

 

The author's site, http://mpesch3.de1.cc/mp3dc.html gives the MD5 checksum, and the downloaded file has the correct checksum and file size. 

 

I seem to recall getting a false positive with an earlier version of MP3 DirectCut. SAS did not detect the file while it was downloading, strangely enough, but when I was trying to install it:

 

post-28345-0-53991600-1398837281_thumb.png

Edited by GuiltySpark
Adjusted link to make it work

Share this post


Link to post
Share on other sites

I couldn't get the program to install to test it out from any of the links on that site, kept wanting to create a weird directory and/or filename.

 

If you check the virustotal https://www.virustotal.com/en/file/6afbfd4f27078086b4e9b5591d475928edfce7c4b476183a55638eeebbd397c1/analysis/ it is listed by Symantec and ClamAV as having/containing PUA's, although when downloaded SAS doesn't alert me to any issues even when scanned individually so it may be a PUA inside the installer.

 

Interestingly one of the file names is :

 

mp3DirectCut 2,20 (Salta SuperAntiSpyware).Exe

May just be a conflict.

 

A member of the Maware Team may be able to confirm or deny it.

Share this post


Link to post
Share on other sites

Hello ParrotSlave,

 

I have done some investigating, however neither the installer nor the files installed were detected as malware.

 

Make sure you update to the latest definitions (12201) and scan again.

 

Please let us know if this has solved your issue - if not I will dig deeper to see what I can find.

 

SUPERAntiSpyware Malware Research

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×