Old 30th September 2008, 21:27   #1
cwrb
Junior Member
 
Join Date: Sep 2008
Posts: 1
trojan horse in official downlood

In my download from winamp, my anti-virus pgm picked upSHeur.CLZE in zlib.dll. Download file attached.
I never expect to see trojan horses in official downloads...
Is this a problem or have I missed something?

p.s. It took a lot of effort to become a member in order to help you by identifying this potential problem. Isn't there an easier way to allow someone to help WinAmp without going thru the registration process first???
cwrb is offline   Reply With Quote
Old 30th September 2008, 21:30   #2
Asser
Junior Member
 
Join Date: Sep 2008
Posts: 3
I have the same problem. But also Winamp doesn't work anymore. When I want to open Winamp I get the 'Send Error Report / Don't Send' thing.

Please help.
Asser is offline   Reply With Quote
Old 30th September 2008, 21:45   #3
pikaxno
Junior Member
 
Join Date: Sep 2008
Posts: 2
I suddenly have this problem too. Are you also using AVG Anti-virus? This is what came up after I reinstalled Winamp and opened it:

pikaxno is offline   Reply With Quote
Old 30th September 2008, 21:58   #4
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
it would be a false positive. Please report it to your Anti-virus provider.

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 30th September 2008, 22:06   #5
Cefte
Junior Member
 
Join Date: Sep 2008
Posts: 1
Same here, with AVG
Cefte is offline   Reply With Quote
Old 30th September 2008, 22:15   #6
meta4ical
Junior Member
 
Join Date: Sep 2008
Posts: 1
Turned on my computer about 15 minutes ago and after googling and running a virus scan etc I'm encountering the exact same problem.
meta4ical is offline   Reply With Quote
Old 30th September 2008, 22:29   #7
Peretz
Junior Member
 
Join Date: Sep 2008
Posts: 2
Temporary solution (until AVG fixes their virus definitions):

1. Re-install latest version of Winamp.

2. Right-click AVG icon in lower-right corner of screen.

3. Click Open AVG User Interface.

4. Click the Tools menu, then click Advanced Settings.

5. Click Exceptions under the Resident Shield section.

6. Click Add Path.

7. Navigate to C:\Program Files\Winamp (or the path where you've installed Winamp)

8. Click OK.

9. Click OK.

10. Run Winamp.

EDIT: Moderator: I cross-posted this guide in hopes of helping other users having problems with AVG and false positives. The original post is located at http://forums.winamp.com/showthread....05#post2414705 - Please feel free to delete this repost.
Peretz is offline   Reply With Quote
Old 30th September 2008, 22:56   #8
lsdeimos
Junior Member
 
Join Date: May 2004
Location: NY
Posts: 4
Send a message via AIM to lsdeimos
Is there anyway to get around this with the AVG free version? There is no tools menu and you can't alter anything in Residential Shield.
lsdeimos is offline   Reply With Quote
Old 30th September 2008, 23:57   #9
anotherhassle
Junior Member
 
Join Date: Sep 2008
Posts: 1
I also got this trojan pop-up with AVG tonight. I was using Winamp just fine earlier today but now when I try to open, I get an error asking me to close it along with a pop-up from AVG telling me it's a trojan. I also can't go through the steps that other user mentioned because I have AVG free. Ugh, what a hassle. Now I'm forced to use iTunes.
anotherhassle is offline   Reply With Quote
Old 1st October 2008, 00:12   #10
pikaxno
Junior Member
 
Join Date: Sep 2008
Posts: 2
Are you using the latest version of AVG; version 8? I'm using the free version of that and could add the exception no problem. Check download dot com for the most recent version.
pikaxno is offline   Reply With Quote
Old 1st October 2008, 01:06   #11
Inundated
Junior Member
 
Join Date: Oct 2008
Location: Northeast Ohio
Posts: 5
I also did the workaround/exception, and I have AVG Free 8.0. No problem.

I'd like to see this addressed, either by Winamp or by AVG, if it's a false positive.
Inundated is offline   Reply With Quote
Old 1st October 2008, 01:53   #12
Bilbo9955
Senior Member
 
Join Date: Jan 2007
Posts: 223
Submitted file to virustotal.com. AVG was the only av program of the 36 used that reported any problem. Sounds like a false positive!
Bilbo9955 is offline   Reply With Quote
Old 1st October 2008, 01:59   #13
lsdeimos
Junior Member
 
Join Date: May 2004
Location: NY
Posts: 4
Send a message via AIM to lsdeimos
Ok I got AVG 8 and followed the directions but it didn't work..
lsdeimos is offline   Reply With Quote
Old 1st October 2008, 02:19   #14
stewscotia
Junior Member
 
Join Date: May 2008
Posts: 6
Even after doing your work around no good

I even tried shutting avg off completely and it still crashes on startup after many reinstalls of winamp. This just started happening today for me. I was fine last night. Now today I get the avg kicking on. But as i said i did the work around and still no good. Still crashes even with avg off now.
stewscotia is offline   Reply With Quote
Old 1st October 2008, 02:37   #15
Cymbaline
Junior Member
 
Join Date: Oct 2008
Location: Buda, TX
Posts: 3
I just had this start happening and was about to start a thread when I saw this one.

I'm having the same exact problem with Winamp 5.531 and AVG 8. I did the workaround and now it works.
Cymbaline is offline   Reply With Quote
Old 1st October 2008, 03:21   #16
furiouszed
Junior Member
 
Join Date: Nov 2002
Posts: 12
I read this about three hours ago, having had no similar problems myself, but interested in the discussion. Now all of a sudden Winamp crashes and when I try to restart I'm getting all the same messages mentioned above. It won't start, it crashes before it gets anywhere and AVG pops up telling me it found a possible trojan... even after I've "healed" the file and told AVG to ignore it, it still pops up and prevents Winamp from loading up. (And that's even after two fresh installs, the latest installing directly from winamp.com)

I had been using Winamp on my brand new machine and I was so happy with it I decided not to install WMP. It's 4.15am so I'm not doing that now, so it's off to bed without my lullabys. Not a happy bunny.

[one final thought, to the other people with this problem: did this happen to you after you visited winamp.com? I haven't been here for a while until tonight... could there be a case for suspecting a drive-by download from the site?? If anyone discovers anything or has an idea I'd like to hear it]
furiouszed is offline   Reply With Quote
Old 1st October 2008, 03:35   #17
Tarsus Endri
Junior Member
 
Join Date: Oct 2008
Posts: 2
Well, at least I supplemented the discovery of this problem with a screen shot of my desktop when the virus alarm came up.

I doubt its a false positive because I have downloaded Winamp Pro using my laptop that runs the NOD32 Anti-virus system and IT TOO detects the virus. Either some Schmuck in Winamp decided to piss everyone off, or a hacker made its way into the site.

Eh... lots of possibilities.
Tarsus Endri is offline   Reply With Quote
Old 1st October 2008, 03:39   #18
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
That same download has been up for months now, it is virus free. report the false positive to your antivirus vendor.


http://www.virustotal.com/analisis/c...88604c56fc11e9

Only AVG misdetects this file.

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 1st October 2008, 04:03   #19
stewscotia
Junior Member
 
Join Date: May 2008
Posts: 6
Well idk about you guys but even with avg OFF and not even functioning I cant get winamp to open now after the avg episode.
stewscotia is offline   Reply With Quote
Old 1st October 2008, 04:11   #20
stewscotia
Junior Member
 
Join Date: May 2008
Posts: 6
ok guys figured out another way, I put my whole winamp folder as an exception, now its working.
stewscotia is offline   Reply With Quote
Old 1st October 2008, 06:38   #21
Niverive
Junior Member
 
Join Date: Oct 2008
Posts: 2
oh thanks, it still wouldn't work until I uninstalled and and cleaned my registry tho, but now its working
Niverive is offline   Reply With Quote
Old 1st October 2008, 08:29   #22
KenmanDK
Junior Member
 
Join Date: Oct 2008
Posts: 3
For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/

Last edited by KenmanDK; 1st October 2008 at 11:03.
KenmanDK is offline   Reply With Quote
Old 1st October 2008, 09:02   #23
salsaDMA
Junior Member
 
Join Date: Oct 2008
Posts: 1
I find it curious how fast people are to just throw away their antivirus as soon as it is limiting their use of one of their programs.

I had used Winamp current version for a while with no problems, then all of a sudden when I start up my pc today, I get the virus warning too. When I tried installing fresh to "repair" my winamp, I even get virus warnings during the install progress.

Either winamp makes sure the problem is fixed, or I stop using winamp. There is no way in hell I'm gonna let even the doubt of a trojan access to my machine.
salsaDMA is offline   Reply With Quote
Old 1st October 2008, 10:23   #24
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
Winamp has ZERO control over AVG and their anti-virus definitions. Winamp does not have access to the AVG code to make the fixes required. Now if you want to start using one program because an Antivirus program is not infallible, go right a head, your loss.

http://www.virustotal.com/analisis/c...88604c56fc11e9

35 vs 1.


Quote:
Originally posted by KenmanDK
For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/
(Just so the URL is exposed to all)

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 1st October 2008, 10:38   #25
TimbreWolf
Member
 
Join Date: Jul 2008
Posts: 55
Quote:
Originally posted by KenmanDK
For all the users with AVG Free (8) I have made a little guide, to add the winamp folder to AVG's Exception list.
The guide is located here: http://kenman.dk/avgwinamp/
Thanks for the help. Hit this problem today and was very happy to avoid a re-installation.

Now, does anyone know how we report it to AVG as a false positive? I couldn't see an option for it anywhere.
TimbreWolf is offline   Reply With Quote
Old 1st October 2008, 11:02   #26
KenmanDK
Junior Member
 
Join Date: Oct 2008
Posts: 3
Quote:
Originally posted by TimbreWolf
Thanks for the help. Hit this problem today and was very happy to avoid a re-installation.

Now, does anyone know how we report it to AVG as a false positive? I couldn't see an option for it anywhere.
I'm glad it helped

To report it as a false positive, you need to have the full and not free version of AVG and contact Grisoft using their support: http://www.avg.com/support

However, the guys at Nullsoft should be the ones contacting Grisoft and have it fixed
KenmanDK is offline   Reply With Quote
Old 1st October 2008, 11:26   #27
JadeTora
Junior Member
 
Join Date: Oct 2008
Posts: 2
How can you guys be sure it's a false positive? What if it /is/ an actual Trojan and you end up getting your passwords stolen?

I dunno.. Until I get confirmation either which way I'm using iTunes - I'll switch back to winamp when and if they confirm that it's false or true. I don't want to act hastily and end up getting a virus.. Especially not if this many people are suddenly receiving such a report from AVG and all. I just got it too.
JadeTora is offline   Reply With Quote
Old 1st October 2008, 13:11   #28
KenmanDK
Junior Member
 
Join Date: Oct 2008
Posts: 3
We can't, its simple.

However, A company like Nullsoft have zero interest in getting caught by having released a trojan with their software which several million computer users around the globe are using.

furthermore, its only AVG who detects it as a trojan.
Still awaiting some official reply from Nullsoft though.
KenmanDK is offline   Reply With Quote
Old 1st October 2008, 20:54   #29
Sawg
Forum King
 
Join Date: Jun 2000
Location: Phoenix, AZ
Posts: 7,456
Send a message via ICQ to Sawg Send a message via AIM to Sawg Send a message via Yahoo to Sawg
Plus AVG detects the same file in previous versions as well. The file hasn't changed, nor can the file from previous versions change. Files cannot magically generate viruses on their own. what is worrisome is how much faith someone is willing to put into one antivirus scanner. In the end, they are looking for patterns and guessing if a file is effected or not.

Plus 35 other AV programs don't see any issue with the file, and the latest definitions from AVG fixes the issues. I am still awaiting an apology from AVG.

| Brought to you by ^V ^C | The one... the original... no seriously!
Sawg is offline   Reply With Quote
Old 1st October 2008, 21:04   #30
tcbgr
Junior Member
 
Join Date: Jun 2007
Location: Alabama
Posts: 2
I downgraded and got rid of it

I removed the new version when this virus showed up. I also experienced it when I tried to re-install it to repair it. So I removed it completely and downloaded version 5.24 and it is clean. I scanned it before I installed it. So there is definetly a problem with the new version. If I was you guys here at Winamp, I would check this out. And by the way I do not use AVG I used Norton, and it picked it up as well.

UPDATE: Well that didn't last long, as soon as I went to use the older version got the error again and this time it caused everything on my computer to freeze. I will no longer use Winamp. fake virus or not, I am not taking any chances, I have to many valuable files to take that risk!

Last edited by tcbgr; 1st October 2008 at 22:08.
tcbgr is offline   Reply With Quote
Old 1st October 2008, 22:52   #31
JadeTora
Junior Member
 
Join Date: Oct 2008
Posts: 2
Re: I downgraded and got rid of it

Quote:
Originally posted by tcbgr
I removed the new version when this virus showed up. I also experienced it when I tried to re-install it to repair it. So I removed it completely and downloaded version 5.24 and it is clean. I scanned it before I installed it. So there is definetly a problem with the new version. If I was you guys here at Winamp, I would check this out. And by the way I do not use AVG I used Norton, and it picked it up as well.

UPDATE: Well that didn't last long, as soon as I went to use the older version got the error again and this time it caused everything on my computer to freeze. I will no longer use Winamp. fake virus or not, I am not taking any chances, I have to many valuable files to take that risk!
I hear you. So many people here that are risking their computers off blind speculation, stating that it's a 'false positive' and such. Not me.

No, when winamp randomly announces that some hacker or an employee decided to be cute and Trojan Horse winamp and now some few thousand/million/billion computers world-wide are infected, I'm going to sit back and say 'but not mine'.

Of course it'd be nice if this was all 'false positives' and whatnot. If it wasn't true and everything, but we /are/ talking on the official winamp forums. If you don't think someone that works for winamp hasn't read this thread, I think you're being too optimistic. And if that is the case, why haven't they made an official statement yet? No one has.. Not as far as I am aware, everyone has just kinda kept quiet. I've heard no official statement from either AVG or from winamp which says to me that perhaps this is a real threat and perhaps winamp is taking it's time in saying "OH SHIIIIIIIIIII"
JadeTora is offline   Reply With Quote
Old 1st October 2008, 23:40   #32
Inundated
Junior Member
 
Join Date: Oct 2008
Location: Northeast Ohio
Posts: 5
Quote:
Originally posted by stewscotia
ok guys figured out another way, I put my whole winamp folder as an exception, now its working.
Yes, if you do the exception route, you have to put the whole Winamp folder/path in...not just individual files in it.

I'm still not comfortable with the whole thing, and wish either Nullsoft, AVG or both would figure this out.
Inundated is offline   Reply With Quote
Old 1st October 2008, 23:42   #33
TimbreWolf
Member
 
Join Date: Jul 2008
Posts: 55
Eh...? Did neither of you read any of Sawg's posts or look at the link he provided?

Just turned off my AVG exception and it's working fine now without it.
TimbreWolf is offline   Reply With Quote
Old 2nd October 2008, 13:39   #34
PhabulousPhoton
Junior Member
 
Join Date: Jan 2008
Posts: 1
I'm not having such great luck. Yesterday I followed the directions for the workaround and after that everything worked fine. But this morning when I went to fire up Winamp I got the same error message. For the record, AVG did an automatic scan overnight but did not report any problems. The exception is still there. At this point I don't know what to do.
PhabulousPhoton is offline   Reply With Quote
Old 2nd October 2008, 14:12   #35
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Sticky: AVG false-positive (SHeur.CLZE trojan in zlib.dll)
DJ Egg is offline   Reply With Quote
Old 2nd October 2008, 14:33   #36
bodger999
Junior Member
 
Join Date: Jul 2008
Posts: 39
Advice needed on next steps please

Like most people here I suspect, I use AVG Free v8.0. I've got definition 1702 that contains the fix. After AVG flagged up the file as having the infection, it wouldn't heal it of course, and moved it over to the AVG Virus Vault which is where, right now, my 'zlib.dll' file is sitting.

Can someone advise me - do I just move the file back to the Winamp folder and Winamp will start to work normally again, or is there something else I need to be doing first?

Thanks
bodger999 is offline   Reply With Quote
Old 2nd October 2008, 14:48   #37
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,821
Yes. Move it back or just reinstall Winamp 5.541.

zlib.dll is an essential library. Winamp won't work without it.

From 5.53 Whatsnew
* Misc: Moved shared zlib.dll compression library out of winamp.exe
DJ Egg is offline   Reply With Quote
Old 2nd October 2008, 14:52   #38
bodger999
Junior Member
 
Join Date: Jul 2008
Posts: 39
DJ Egg,

Thanks for the advice.

Bodger
bodger999 is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump