AIMP Forum

AIMP for Windows => Вопросы / Questions => Topic started by: Rfx9123 on March 26, 2022, 12:56:48

Title: Question: Virus in installer version aimp_5.02.2368/69.exe ?
Post by: Rfx9123 on March 26, 2022, 12:56:48: ???
When I try to start the installation version, my antivirus program reports with "Junkware (PUP): Win32.Application.Agent.H5I401" and prevents the installation. A download from Google Drive, probably because of this problem, is also not possible and is thus blocked. Please provide a cleaned version. The no-installer version is clean.
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Artem on March 26, 2022, 13:00:06: App is clean. I check all releases via virustotal before publishing. What is your antivirus? I think that this is false positive
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: bogs on March 26, 2022, 14:10:32: Аналогичная ситуация. NOD32: модифицированный win32/aimp.D
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Алексей Долматов on March 26, 2022, 14:18:29: Quote from: bogs on March 26, 2022, 14:10:32
Аналогичная ситуация. NOD32: модифицированный win32/aimp.D
С этой фирмой ситуация известная. Они внесли плеер в негласный "чёрный список", заблокировали возможность связаться с ними официальными способами. Как видите, даже создали отдельный тип угрозы AIMP.
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Алексей Долматов on March 26, 2022, 14:22:53: Quote from: Artem on August 19, 2021, 14:27:17
Официальный ответ

ESET блокирует наш установщик, поскольку в нем есть реклама Яндекса, которая показывается только для русскоговорящих пользователей. В старых версиях программы у страницы с рекламой чуть другая сигнатура, поэтому на них NOD32 не реагирует (пока).

ESET blocks the installer because of Yandex offer that displayed for Russian users. In old versions, page with offer has different signatures. So, ESET does not block it (yet).
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Алексей Долматов on March 26, 2022, 14:25:58: Quote from: Rfx9123 on March 26, 2022, 12:56:48
Win32.Application.Agent.H5I401
Судя по типу классификатора, это антивирус G-DATA.
Rfx9123 может прояснить верно ли я определил через поиск в Google.
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Rfx9123 on March 26, 2022, 16:22:11: Correct, I have already contacted GDATA.
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Artem on March 26, 2022, 22:21:37: It seems that the antivirus has reacted to new version of 7z-SFX module (it used to unpack installer). Now, I have rolled back to previous version. Please, re-download the app.
Title: Re: Virus in installer version aimp_5.02.2368.exe ?
Post by: Rfx9123 on March 26, 2022, 23:22:08: aimp_5.02.2369.exe
~~So the problem seems solved. Thanks very much.~~

Unfortunately no, the message is now "Junkware (PUP): Win32.Application.Agent.3HK4Q1 (Engine B)" and the installation is aborted ???.
Title: Re: Question: Virus in installer version aimp_5.02.2368/69.exe ?
Post by: Artem on March 27, 2022, 14:47:49: Oh, I have no idea what goes on... Please, write to your antivirus vendor, I think that this is false positive detection.
Title: Re: Question: Virus in installer version aimp_5.02.2368/69.exe ?
Post by: Artem on March 27, 2022, 15:09:57: As I can see now, the G-Data detects "agent" in all versions of 7z SFX. It seems I need to refuse from SFX modules at all.
Title: Re: Question: Virus in installer version aimp_5.02.2368/69.exe ?
Post by: Rfx9123 on March 29, 2022, 18:21:00: Hello Artem. I have now received a reply from GDATA, they were indeed hoaxes and the virus signature has been corrected. Thanks for the good work.
Title: Re: Question: Virus in installer version aimp_5.02.2368/69.exe ?
Post by: Artem on March 29, 2022, 19:37:57: Quote from: Rfx9123 on March 29, 2022, 18:21:00
Hello Artem. I have now received a reply from GDATA, they were indeed hoaxes and the virus signature has been corrected. Thanks for the good work.

Thank you!