Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Discussion

Reply
Thread Tools Search this Thread Display Modes
Old 29th June 2014, 21:16   #1
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
Antivirus flagging Winamp on stream (reason currently unknown)

Hello there,

Since a few days my antivirus alerting me about winamp.
It seems that load trojans ...
Are you aware of this problem?
Attached Thumbnails
Click image for larger version

Name:	winamp-cheval.jpg
Views:	255
Size:	31.1 KB
ID:	51246   Click image for larger version

Name:	winamp-cheval2.jpg
Views:	249
Size:	31.5 KB
ID:	51247  
CeJ is offline   Reply With Quote
Old 29th June 2014, 21:26   #2
DrO
 
Join Date: Sep 2003
Posts: 27,873
it's most likely a false-positive (especially if it started to happen in the last few days). make sure you're using the version + plug-in patches from my signature and if the issue persists after doing that then try to report it to Kaspersky as there shouldn't be anything going on which should trigger anything in Winamp being 'bad'.
DrO is offline   Reply With Quote
Old 29th June 2014, 22:29   #3
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,822
Hmm, I don't think it is a false-positive.
indexcpm.org is flagged as an attack page in firefox.

@CeJ

Please could you let us know exactly what you are doing in Winamp when you receive this warning.
Are you viewing one of the Online Services listed under Media Library > Online Services?
Have you installed any extra 3rd-party plug-ins for Winamp which might be trying to access that site?

________________
Attached Thumbnails
Click image for larger version

Name:	indexcpm.jpg
Views:	257
Size:	143.3 KB
ID:	51248  
DJ Egg is offline   Reply With Quote
Old 29th June 2014, 22:31   #4
DrO
 
Join Date: Sep 2003
Posts: 27,873
you've better eyes than me as i couldn't make out anything from the tiny images.
DrO is offline   Reply With Quote
Old 29th June 2014, 22:44   #5
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
I do nothing special. I listen to a radio that is hosted by radionomy.
I never use the browser in winamp.
I have not added any plugins.
CeJ is offline   Reply With Quote
Old 30th June 2014, 04:23   #6
Aminifu
Forum King
 
Aminifu's Avatar
 
Join Date: Aug 2011
Location: Chicago, IL
Posts: 4,632
Hi Cej,

Winamp uses parts of the Windows IE code to play streams. That station may have become infected. What happens if you play that station in your browser, without using Winamp?

Winamp Pro v5.666.3516 fully-patched - Komodo X Touchscreen v1.0 by Victhor skin
Windows 10 Home 64-bit v1809 desktop - Logitech Z906 5.1 speaker system
Aminifu is offline   Reply With Quote
Old 1st July 2014, 17:46   #7
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
@Aminifu: This is my webradio. Do you think the problem comes from the rather Radionomy platform?
CeJ is offline   Reply With Quote
Old 1st July 2014, 18:18   #8
Aminifu
Forum King
 
Aminifu's Avatar
 
Join Date: Aug 2011
Location: Chicago, IL
Posts: 4,632
Quote:
Originally Posted by CeJ View Post
@Aminifu: This is my webradio. Do you think the problem comes from the rather Radionomy platform?
I don't know. Do you still get a warning when you play your station directly in a browser? Have you tested your stuff for infections with more than 1 anti-malware app? Either your station or Radionomy is trying to contact the site Kaspersky's security app is objecting to. Winamp has no reason to directly try to do that. Check with Radionomy's technical support.

Winamp Pro v5.666.3516 fully-patched - Komodo X Touchscreen v1.0 by Victhor skin
Windows 10 Home 64-bit v1809 desktop - Logitech Z906 5.1 speaker system
Aminifu is offline   Reply With Quote
Old 2nd July 2014, 18:17   #9
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
I've never had this problem with a browser other than winamp.
I'll see with radionomy.

Right now I'm more a message like: "Stop the execution of this script?"

Do you know if it is possible to disable winamp browser?
CeJ is offline   Reply With Quote
Old 2nd July 2014, 18:55   #10
Aminifu
Forum King
 
Aminifu's Avatar
 
Join Date: Aug 2011
Location: Chicago, IL
Posts: 4,632
Quote:
Originally Posted by CeJ View Post
Do you know if it is possible to disable winamp browser?
Directly disable it, I don't think so. As just another Winamp user, the best I can tell you is do not install, or use, the features that need to use the internal browser function.

Winamp Pro v5.666.3516 fully-patched - Komodo X Touchscreen v1.0 by Victhor skin
Windows 10 Home 64-bit v1809 desktop - Logitech Z906 5.1 speaker system
Aminifu is offline   Reply With Quote
Old 2nd July 2014, 20:47   #11
DrO
 
Join Date: Sep 2003
Posts: 27,873
i still think all of the details which DJ Egg asked for need to be provided as what is being described is not normal at all and from what can be checked, there is nothing like that coming from anything in the Winamp release or the sites when checked.

so an info tool report (http://forums.winamp.com/showthread....161361#plugins), exactly where / how you're accessing things (screenshot or some clear description) and anything else which was asked for.

the only way to disable the browser part is either to manually edit the Bento skin yourself or change the skin being used.
DrO is offline   Reply With Quote
Old 4th July 2014, 13:29   #12
Satuim
Senior Member
 
Satuim's Avatar
 
Join Date: Jan 2014
Posts: 105
Quote:
Originally Posted by Aminifu View Post
Directly disable it, I don't think so. As just another Winamp user, the best I can tell you is do not install, or use, the features that need to use the internal browser function.
Whats the browser even doing in Winamp?
Would it hurt to remove it?

nobody uses it as their browser/

Hey User! Are you using the latest update w/ The latest patches?
Just check, It won't take too long!

Download v5.666 build 3516
Download JTFE and in_mp3.dll Updates
Satuim is offline   Reply With Quote
Old 4th July 2014, 13:33   #13
DrO
 
Join Date: Sep 2003
Posts: 27,873
it's there for all of the online service view, now playing, the information panel on the podcasts view, the 'show more info' option in some of the library views, the bento skin browser (and anything else vaguely based on it), the winamp updater notification window and anything else i've forgotten about.

so in quite a few places, though most can be disabled / not used, but when certain aspects can only really be done via a browser (without a mass of new code or bundling browser engines e.g. for the podcast info panel), leveraging the OSes browser control is the best compromise between size, code management and usability.

so most parts can be removed (at the cost of some key features) but that's down to a per-user aspect on how to deal with those compromises or not.

and i know people don't like anything to do with IE but there are so many things out there which leverage the web browser control in the OS (so what everyone refers to as IE in Winamp), it's just that some of the Winamp uses of it are obvious and we've been open over the years that that is what we're using. so just because people you know don't use IE (i know quite a lot who do), it's not representive of using IE as a standalone browser vs using it in an embedded scenario where we can control things for what Winamp needs.
DrO is offline   Reply With Quote
Old 4th July 2014, 14:30   #14
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,822
The Bento browser shouldn't even be in use when just listening to music.
Does the same issue occur when using the Modern or Classic skins?

Is the Info Pane in the Local Media Library views enabled?
It shouldn't be, because we forced this setting to "off" for 5.666
Winamp > Prefs > Media Library > Local Library > Options tab: Display 'Show Info' in media & album views.

What Media Library view is active at the time? The "Now Playing" view maybe?
Or does it happen when any view is active (Local Media, History, Bookmarks, Podcasts, etc)?

Other than that, it would be nice to see an Info Tool log, and maybe also a HijackThis log too....
DJ Egg is offline   Reply With Quote
Old 4th July 2014, 14:41   #15
DrO
 
Join Date: Sep 2003
Posts: 27,873
i suspect we'll never find out...
DrO is offline   Reply With Quote
Old 5th July 2014, 12:57   #16
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
Here is the information requested. (attached)
Attached Thumbnails
Click image for larger version

Name:	winamp_local_library.jpg
Views:	150
Size:	145.8 KB
ID:	51257   Click image for larger version

Name:	winamp_bug.jpg
Views:	147
Size:	35.6 KB
ID:	51260  
Attached Files
File Type: zip Winamp_Info_Report_07-05-2014.zip (7.0 KB, 99 views)
File Type: log hijackthis.log (30.3 KB, 219 views)
CeJ is offline   Reply With Quote
Old 5th July 2014, 13:56   #17
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,822
Thanks for the logs.

Let's start with the Winamp Info Report....

The only differences between my Winamp 5.666 set up and yours is that you are using the French language pack and the French Radio plug-in (which comes with the Winamp French installer only).

Do you use the French Radio plug-in?

Could you try disabling it to see if it's the cause of the issue?

With Winamp closed, move gen_LMPwa.dll out of the Winamp\Plugins folder and into some backup folder somewhere else.

Reopen Winamp.

Does the problem still occur?
DJ Egg is offline   Reply With Quote
Old 5th July 2014, 14:02   #18
ChiggyChiggy
Senior Member
 
Join Date: Jan 2014
Posts: 243
Im not sure how radio streaming works or an expert in this, but perhaps its the hosting company of said radio station thats causing this all? Maybe they were hijacked recently?

*If you have issues with Winamp, ensure you have the currently latest version Winamp v5.666 build 3516 & its patches that fix several issues
*To remove the currently dead Winamp online stuff, see here: removing online stuff
*If you miss the Autotag feature: Gracenote CDDB Autotag alternatives
ChiggyChiggy is offline   Reply With Quote
Old 5th July 2014, 14:13   #19
grandpa1948
Junior Member
 
Join Date: Apr 2014
Posts: 7
The same thing happens to me,when i'm listening radio stations,kaspersky blocks some radio
streams.
grandpa1948 is offline   Reply With Quote
Old 5th July 2014, 14:33   #20
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,822
Please could you provide the stream URLs of the streams that Kaspersky blocks.
DJ Egg is offline   Reply With Quote
Old 19th July 2014, 11:19   #21
CeJ
Junior Member
 
Join Date: Jun 2014
Posts: 6
It seems that moving "gen_LMPwa.dll" has solved the problem.
I do not have any messages since my last reply.
I think I will try again with the DLL (to see if it starts).
CeJ is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump