I have the program MediaCoder installed on my computer:
http://mediacoder.sourceforge.net/
It is an open source transcoding program. According to Ad-Aware it is flagged as malware with the following information:
========================================
Win32Backdoor.Hupigon installs a backdoor service on the infected computer. This backdoor lets
the attacker gain full control of the compromised system. Win32Backdoor.Hupigon is also known
as Win32Backdoor.Graybird.
========================================
McAfee provides the following information on the malware:
http://www.siteadvisor.com/sites/videohelp...loads/16212948/
Mcafee reports the checksum as:
12a331a20aceb4db63e4b9ebd3da5bd7
This is the checksum of the file on my system:
CRC32: 4D199338
MD5: 17BD9C08C0FACDEDAFB2C4EC8FBC5D06
SHA-1: AF9BFAB2DC7203C84997153498A399B846A3F1DB
This is the contents of the directory:
========================================
C:\Program Files (x86)\megui\tools\eac3to>dir
Volume in drive C is Vista
Volume Serial Number is D4A0-B710
Directory of C:\Program Files (x86)\megui\tools\eac3t
07/04/2009 08:13 AM <DIR> .
07/04/2009 08:13 AM <DIR> ..
07/04/2009 08:13 AM 4,261,888 avcodec.dll
07/04/2009 08:13 AM 40,960 avutil-49.dll
07/04/2009 08:13 AM 49,685 changelog.txt
07/04/2009 08:13 AM 1,871,360 eac3to.exe
07/04/2009 08:13 AM 38,060 error.wav
07/04/2009 08:13 AM 544,768 hdcd.dll
07/04/2009 08:13 AM 95,232 HookSurcode.dll
07/04/2009 08:13 AM <DIR> legal stuff
07/04/2009 08:13 AM 242,176 libAften.dll
07/04/2009 08:13 AM 151,552 libFLAC.dll
07/04/2009 08:13 AM 130,048 libMatrix.dll
07/04/2009 08:13 AM 144,896 libSsrc.dll
07/04/2009 08:13 AM 3,339 license.txt
07/04/2009 08:13 AM <DIR> plugins
07/04/2009 08:13 AM 219,136 r8b.dll
07/04/2009 08:13 AM 23,186 success.wav
14 File(s) 7,816,286 bytes
4 Dir(s) 172,944,683,008 bytes free
C:\Program Files (x86)\megui\tools\eac3to>
========================================
The reported file size does not match. McAfee reports it as 988,356 bytes. The flagged file on my system is 1/10th the size.
The key [HKEY_CURRENT_USER\Software\HeartWare] does not exist on my system.
Please let me know if I am correct in assuming that this is a false positive.
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hello navilor
Thank you for reporting this. Could you please post a log file from when the file is detected. For more information on how to post a log file please see:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Comparing it with McAfees signature will not give true result as there could be (and in this case there are) several variants of a specific family, all with different size. However if the file is part of a legitimate application, that alone is a much stronger sign of that it caould be a false positive.
Regards
LS Anders
Thank you for reporting this. Could you please post a log file from when the file is detected. For more information on how to post a log file please see:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Comparing it with McAfees signature will not give true result as there could be (and in this case there are) several variants of a specific family, all with different size. However if the file is part of a legitimate application, that alone is a much stronger sign of that it caould be a false positive.
Regards
LS Anders
QUOTE(LS Anders @ Jul 9 2009, 11:55 PM) 
Hello navilor
Thank you for reporting this. Could you please post a log file from when the file is detected. For more information on how to post a log file please see:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Comparing it with McAfees signature will not give true result as there could be (and in this case there are) several variants of a specific family, all with different size. However if the file is part of a legitimate application, that alone is a much stronger sign of that it caould be a false positive.
Regards
LS Anders
Thank you for reporting this. Could you please post a log file from when the file is detected. For more information on how to post a log file please see:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Comparing it with McAfees signature will not give true result as there could be (and in this case there are) several variants of a specific family, all with different size. However if the file is part of a legitimate application, that alone is a much stronger sign of that it caould be a false positive.
Regards
LS Anders
Thank you for your quick reply. My logfile is attached to this post. Please let me know if there is anything else that I may do for you.
Thank you for the report file. This file will be removed from detection with the next definition update.
Regards
LS Anders
Regards
LS Anders
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.