Old 9th March 2011, 19:23   #1
shii_bejiita
Junior Member
 
Join Date: Mar 2011
Posts: 2
The recapture suite (add on) visualization

My McAfee program found a trojan virus in this add on.. please fix or remove it from the list. thanks.
shii_bejiita is offline  
Old 1st April 2011, 06:13   #2
baddawge
Junior Member
 
Join Date: Apr 2011
Posts: 1
Does contain a virus...or false positive... either way ?

http://www.microsoft.com/security/po...tid=2147610525

This is what I got when I downloaded it.
baddawge is offline  
Old 22nd April 2011, 14:36   #3
pogue
Junior Member
 
Join Date: Apr 2011
Posts: 1
This file definitely seems fishy. I ran it through two online virus scanners that use multiple engines to determine the probability of a file being malicious.

Virustotal reports 25 positives out of a possible 42.
http://bit.ly/VirusTotal-Recapture

Jotti found 10 positives out of 20.
http://bit.ly/Jotti-Recapture

All the scanners had different names for it, but the most common was Trojan/Compact/Generic/Win32.

I also got a warning immediately once it finished downloading from AVG saying the runtime was packed with upack. I assume this is similar to UPX exe packing, but I cba to dig through the file and figure it out.



The Winamp mods/admins should take a look at this visualization plugin, The Recapture Suite.

(I shrunk the URLs because the permalinks to the virus sites were to huge)

pogue
pogue is offline  
Old 7th December 2011, 13:32   #4
adamo
Junior Member
 
Join Date: Dec 2011
Posts: 1
Definitely still malicious.

As per virustotal,

File name:
the_recapture_suite.exe
Submission date:
2011-11-07 06:31:58 (UTC)
Current status:
finished
Result:
28 /42 (66.7%)
adamo is offline  
Old 14th February 2012, 06:26   #5
shdwfox
Junior Member
 
Join Date: Feb 2012
Posts: 1
just my 2 cents

Just wanted to add that as of Feb 13th 2012 10:20 pm Norton etc. still reports this as bad, after seeing how many ppl are reporting this one I have to wonder why it is still here. I have been using winamp since it came out and this is the first time i found a virus in any plugin i wanted to download. I know you guys take care of this stuff, so if you know then why is it here? Just curious...

oh, and i don't have my Norton settings very high, but it blocks the download completely, doesn't even give me an option to tell it otherwise ...

Last edited by shdwfox; 14th February 2012 at 06:31. Reason: just a bit more to say
shdwfox is offline  
Old 16th February 2012, 19:40   #6
Warrior of the Light
Forum King
 
Warrior of the Light's Avatar
 
Join Date: Aug 2002
Location: The Netherlands
Posts: 4,082
Sorry for not posting here earlier but I figured false warnings and NSIS installers were discussed often enough already throughout the forums...

I'm the reviewer who put it on the site and I could (and certainly would) take it down if I had any doubts about the safety of the file.

I got the warning as well but I guarantee you guys that the download is absolutely safe.

I'll try to explain why:
The installer is created with Pimpbot, which is used for 99% of all AVS installers. It is open-source and absolutely safe. Pimpbot is basically NSIS with a GUI to easily create AVS, SPS and milkdrop installers. Older versions of pimpbot are known to give false positives - just search the NSIS sub forums for false positives and pick any thread. Also read this thread and especially post #24.

If you're after this still afraid of running the installer, you can also simply open it in 7-zip instead and choose to install it manually.

You don't need to extract the files in the $[pluginsdir] directory as they are only meant for the installer itself.
Extract the files in $[32] and $[33] to ..\winamp\plugins\avs\
Extract the files in $_OUTDIR to ..\winamp\plugins\avs\frames.of.reality\

I hope this makes things clear because it really is worth the trouble.


But still, thanks for reporting, especially those who signed up for this

Jesus loves you [yes, you] so much, he even died for you so that you will not need to die, but live forever
Warrior of the Light is offline  
Old 24th May 2012, 22:00   #7
Andrea Borman
Junior Member
 
Join Date: May 2012
Posts: 1
It happened to me too. When I tried to install the same plug in,The recapture Suite on Windows 8,I got an alert warning from Windows Defender,telling me it was malware.

Windows Defender also said it was a severe threat and quarantined and removed the file from my system. I tested the download on my other Windows 7 and Windows XP computer and got the same alert warning from Windows Defender.

It seems that this has happened to other people as well. So I advise that the plug in should be removed from the site as it has been detected by Windows Defender and other anti virus programs as malware. Andrea Borman.
Andrea Borman is offline  
Old 3rd August 2012, 20:59   #8
Yathosho
Forum King
 
Yathosho's Avatar
 
Join Date: Jan 2002
Location: AT-DE
Posts: 3,363
ok, so here's an official response, i'm the developer of pimpbot. at the time when the recapture suite was used, pimpbot still used a header compression called upack. this compressor has two problems: 1. it's not open source and 2. it's used by a lot of true malware. combined, that's the reason why a lot of antivirus software treats as malware, even if it's not. since upack isn't open source, it's not very easy for software developers to interpret it.

anyway, all later pimpbot installers use the open source upx compressor. a couple of tests on virustotal showed there hasn't been a single false positive. we at visbot always made sure our installers are clean, and your antivirus software likely found a false positive.

as i wouldn't want to rely on a word by a stranger, feel invited to download the recapture suite from the visbot website. all installers on the site are using the latest pimpbot version. unfortunately, i cannot force individual visbot members to update the installers they submit to winamp.com on their own (i tried, though!)

hope this clears up the situation!
Yathosho is offline  
 
Go Back   Winamp & Shoutcast Forums > Skinning and Design > Skin and Plug-in Rip Reporting for Removal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump