trojan horse in official download (AVG false-positive)

[cwrb]

In my download from winamp, my anti-virus pgm picked upSHeur.CLZE in zlib.dll. Download file attached.
I never expect to see trojan horses in official downloads...
Is this a problem or have I missed something?

p.s. It took a lot of effort to become a member in order to help you by identifying this potential problem. Isn't there an easier way to allow someone to help WinAmp without going thru the registration process first???

[Asser]

I have the same problem. But also Winamp doesn't work anymore. When I want to open Winamp I get the 'Send Error Report / Don't Send' thing.

Please help.

[pikaxno]

I suddenly have this problem too. Are you also using AVG Anti-virus? This is what came up after I reinstalled Winamp and opened it:

[Sawg]

it would be a false positive. Please report it to your Anti-virus provider.

[Cefte]

Same here, with AVG

[meta4ical]

Turned on my computer about 15 minutes ago and after googling and running a virus scan etc I'm encountering the exact same problem.

[Peretz]

Temporary solution (until AVG fixes their virus definitions):

1. Re-install latest version of Winamp.

2. Right-click AVG icon in lower-right corner of screen.

3. Click Open AVG User Interface.

4. Click the Tools menu, then click Advanced Settings.

5. Click Exceptions under the Resident Shield section.

6. Click Add Path.

7. Navigate to C:\Program Files\Winamp (or the path where you've installed Winamp)

8. Click OK.

9. Click OK.

10. Run Winamp.

EDIT: Moderator: I cross-posted this guide in hopes of helping other users having problems with AVG and false positives. The original post is located at http://forums.winamp.com/showthread....05#post2414705 - Please feel free to delete this repost.

[lsdeimos]

Is there anyway to get around this with the AVG free version? There is no tools menu and you can't alter anything in Residential Shield.

[anotherhassle]

I also got this trojan pop-up with AVG tonight. I was using Winamp just fine earlier today but now when I try to open, I get an error asking me to close it along with a pop-up from AVG telling me it's a trojan. I also can't go through the steps that other user mentioned because I have AVG free. Ugh, what a hassle. Now I'm forced to use iTunes.

[pikaxno]

Are you using the latest version of AVG; version 8? I'm using the free version of that and could add the exception no problem. Check download dot com for the most recent version.

[Inundated]

I also did the workaround/exception, and I have AVG Free 8.0. No problem.

I'd like to see this addressed, either by Winamp or by AVG, if it's a false positive.

[Bilbo9955]

Submitted file to virustotal.com. AVG was the only av program of the 36 used that reported any problem. Sounds like a false positive!

[lsdeimos]

Ok I got AVG 8 and followed the directions but it didn't work..

[stewscotia]

I even tried shutting avg off completely and it still crashes on startup after many reinstalls of winamp. This just started happening today for me. I was fine last night. Now today I get the avg kicking on. But as i said i did the work around and still no good. Still crashes even with avg off now.

[Cymbaline]

I just had this start happening and was about to start a thread when I saw this one.

I'm having the same exact problem with Winamp 5.531 and AVG 8. I did the workaround and now it works.

[furiouszed]

I read this about three hours ago, having had no similar problems myself, but interested in the discussion. Now all of a sudden Winamp crashes and when I try to restart I'm getting all the same messages mentioned above. It won't start, it crashes before it gets anywhere and AVG pops up telling me it found a possible trojan... even after I've "healed" the file and told AVG to ignore it, it still pops up and prevents Winamp from loading up. (And that's even after two fresh installs, the latest installing directly from winamp.com)

I had been using Winamp on my brand new machine and I was so happy with it I decided not to install WMP. It's 4.15am so I'm not doing that now, so it's off to bed without my lullabys. Not a happy bunny.

[one final thought, to the other people with this problem: did this happen to you after you visited winamp.com? I haven't been here for a while until tonight... could there be a case for suspecting a drive-by download from the site?? If anyone discovers anything or has an idea I'd like to hear it]

[Tarsus Endri]

Well, at least I supplemented the discovery of this problem with a screen shot of my desktop when the virus alarm came up.

I doubt its a false positive because I have downloaded Winamp Pro using my laptop that runs the NOD32 Anti-virus system and IT TOO detects the virus. Either some Schmuck in Winamp decided to piss everyone off, or a hacker made its way into the site.

Eh... lots of possibilities.

[Sawg]

That same download has been up for months now, it is virus free. report the false positive to your antivirus vendor.


http://www.virustotal.com/analisis/c...88604c56fc11e9

Only AVG misdetects this file.

[stewscotia]

Well idk about you guys but even with avg OFF and not even functioning I cant get winamp to open now after the avg episode.

[stewscotia]

ok guys figured out another way, I put my whole winamp folder as an exception, now its working.

[Niverive]

oh thanks, it still wouldn't work until I uninstalled and and cleaned my registry tho, but now its working

[KenmanDK]

For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/

[salsaDMA]

I find it curious how fast people are to just throw away their antivirus as soon as it is limiting their use of one of their programs.

I had used Winamp current version for a while with no problems, then all of a sudden when I start up my pc today, I get the virus warning too. When I tried installing fresh to "repair" my winamp, I even get virus warnings during the install progress.

Either winamp makes sure the problem is fixed, or I stop using winamp. There is no way in hell I'm gonna let even the doubt of a trojan access to my machine.

[Sawg]

Winamp has ZERO control over AVG and their anti-virus definitions. Winamp does not have access to the AVG code to make the fixes required. Now if you want to start using one program because an Antivirus program is not infallible, go right a head, your loss.

http://www.virustotal.com/analisis/c...88604c56fc11e9

35 vs 1.

Quote:

Originally posted by KenmanDK
For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/

(Just so the URL is exposed to all)

[TimbreWolf]

Quote:

Originally posted by KenmanDK
For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/

Thanks for the help. Hit this problem today and was very happy to avoid a re-installation.

Now, does anyone know how we report it to AVG as a false positive? I couldn't see an option for it anywhere.

[KenmanDK]

Quote:

Originally posted by TimbreWolf
Thanks for the help. Hit this problem today and was very happy to avoid a re-installation.

Now, does anyone know how we report it to AVG as a false positive? I couldn't see an option for it anywhere.

I'm glad it helped

To report it as a false positive, you need to have the full and not free version of AVG and contact Grisoft using their support: http://www.avg.com/support

However, the guys at Nullsoft should be the ones contacting Grisoft and have it fixed

[JadeTora]

How can you guys be sure it's a false positive? What if it /is/ an actual Trojan and you end up getting your passwords stolen?

I dunno.. Until I get confirmation either which way I'm using iTunes - I'll switch back to winamp when and if they confirm that it's false or true. I don't want to act hastily and end up getting a virus.. Especially not if this many people are suddenly receiving such a report from AVG and all. I just got it too.

[KenmanDK]

We can't, its simple.

However, A company like Nullsoft have zero interest in getting caught by having released a trojan with their software which several million computer users around the globe are using.

furthermore, its only AVG who detects it as a trojan.
Still awaiting some official reply from Nullsoft though.

[Sawg]

Plus AVG detects the same file in previous versions as well. The file hasn't changed, nor can the file from previous versions change. Files cannot magically generate viruses on their own. what is worrisome is how much faith someone is willing to put into one antivirus scanner. In the end, they are looking for patterns and guessing if a file is effected or not.

Plus 35 other AV programs don't see any issue with the file, and the latest definitions from AVG fixes the issues. I am still awaiting an apology from AVG.

[tcbgr]

I removed the new version when this virus showed up. I also experienced it when I tried to re-install it to repair it. So I removed it completely and downloaded version 5.24 and it is clean. I scanned it before I installed it. So there is definetly a problem with the new version. If I was you guys here at Winamp, I would check this out. And by the way I do not use AVG I used Norton, and it picked it up as well.

UPDATE: Well that didn't last long, as soon as I went to use the older version got the error again and this time it caused everything on my computer to freeze. I will no longer use Winamp. fake virus or not, I am not taking any chances, I have to many valuable files to take that risk!

[JadeTora]

Quote:

Originally posted by tcbgr
I removed the new version when this virus showed up. I also experienced it when I tried to re-install it to repair it. So I removed it completely and downloaded version 5.24 and it is clean. I scanned it before I installed it. So there is definetly a problem with the new version. If I was you guys here at Winamp, I would check this out. And by the way I do not use AVG I used Norton, and it picked it up as well.

UPDATE: Well that didn't last long, as soon as I went to use the older version got the error again and this time it caused everything on my computer to freeze. I will no longer use Winamp. fake virus or not, I am not taking any chances, I have to many valuable files to take that risk!

I hear you. So many people here that are risking their computers off blind speculation, stating that it's a 'false positive' and such. Not me.

No, when winamp randomly announces that some hacker or an employee decided to be cute and Trojan Horse winamp and now some few thousand/million/billion computers world-wide are infected, I'm going to sit back and say 'but not mine'.

Of course it'd be nice if this was all 'false positives' and whatnot. If it wasn't true and everything, but we /are/ talking on the official winamp forums. If you don't think someone that works for winamp hasn't read this thread, I think you're being too optimistic. And if that is the case, why haven't they made an official statement yet? No one has.. Not as far as I am aware, everyone has just kinda kept quiet. I've heard no official statement from either AVG or from winamp which says to me that perhaps this is a real threat and perhaps winamp is taking it's time in saying "OH SHIIIIIIIIIII"

[Inundated]

Quote:

Originally posted by stewscotia
ok guys figured out another way, I put my whole winamp folder as an exception, now its working.

Yes, if you do the exception route, you have to put the whole Winamp folder/path in...not just individual files in it.

I'm still not comfortable with the whole thing, and wish either Nullsoft, AVG or both would figure this out.

[TimbreWolf]

Eh...? Did neither of you read any of Sawg's posts or look at the link he provided?

Just turned off my AVG exception and it's working fine now without it.

[PhabulousPhoton]

I'm not having such great luck. Yesterday I followed the directions for the workaround and after that everything worked fine. But this morning when I went to fire up Winamp I got the same error message. For the record, AVG did an automatic scan overnight but did not report any problems. The exception is still there. At this point I don't know what to do.

[DJ Egg]

Sticky: AVG false-positive (SHeur.CLZE trojan in zlib.dll)

[bodger999]

Like most people here I suspect, I use AVG Free v8.0. I've got definition 1702 that contains the fix. After AVG flagged up the file as having the infection, it wouldn't heal it of course, and moved it over to the AVG Virus Vault which is where, right now, my 'zlib.dll' file is sitting.

Can someone advise me - do I just move the file back to the Winamp folder and Winamp will start to work normally again, or is there something else I need to be doing first?

Thanks

[DJ Egg]

Yes. Move it back or just reinstall Winamp 5.541.

zlib.dll is an essential library. Winamp won't work without it.

From 5.53 Whatsnew
* Misc: Moved shared zlib.dll compression library out of winamp.exe

[bodger999]

DJ Egg,

Thanks for the advice.

Bodger