No announcement yet.

The recapture suite (add on) visualization

  • Filter
  • Time
  • Show
Clear All
new posts

  • The recapture suite (add on) visualization

    My McAfee program found a trojan virus in this add on.. please fix or remove it from the list. thanks.

  • #2
    Does contain a virus...or false positive... either way ?

    MMPC, Microsoft Malware Protection Center, WDSI, virus, malware, encyclopedia entry, threat description, clean up, removal, infection, arrival, analysis, research, protection, remediation

    This is what I got when I downloaded it.


    • #3
      This file definitely seems fishy. I ran it through two online virus scanners that use multiple engines to determine the probability of a file being malicious.

      Virustotal reports 25 positives out of a possible 42.

      Jotti found 10 positives out of 20.
      virus, spyware, malware, scan, online, online virus scan, virusscan, trojan scan, spyware scan, virus test, online virus test, hijack this, hijackthis, trojan, rootkit, spam, antivir, avast, avg, bitdefender, clamav, drweb, f-prot, f-secure, fortinet, kaspersky, nod32, virusbuster, panda antivirus, sophos, trend micro, infected, online scan, online scanner, virusscanner, free online scan, virus scanner, free online scanner, spyware scanner, free spyware check

      All the scanners had different names for it, but the most common was Trojan/Compact/Generic/Win32.

      I also got a warning immediately once it finished downloading from AVG saying the runtime was packed with upack. I assume this is similar to UPX exe packing, but I cba to dig through the file and figure it out.

      The Winamp mods/admins should take a look at this visualization plugin, The Recapture Suite.

      (I shrunk the URLs because the permalinks to the virus sites were to huge)



      • #4
        Definitely still malicious.

        As per virustotal,

        File name:
        Submission date:
        2011-11-07 06:31:58 (UTC)
        Current status:
        28 /42 (66.7%)


        • #5
          just my 2 cents

          Just wanted to add that as of Feb 13th 2012 10:20 pm Norton etc. still reports this as bad, after seeing how many ppl are reporting this one I have to wonder why it is still here. I have been using winamp since it came out and this is the first time i found a virus in any plugin i wanted to download. I know you guys take care of this stuff, so if you know then why is it here? Just curious...

          oh, and i don't have my Norton settings very high, but it blocks the download completely, doesn't even give me an option to tell it otherwise ...
          Last edited by shdwfox; 14 February 2012, 05:31. Reason: just a bit more to say


          • #6
            Sorry for not posting here earlier but I figured false warnings and NSIS installers were discussed often enough already throughout the forums...

            I'm the reviewer who put it on the site and I could (and certainly would) take it down if I had any doubts about the safety of the file.

            I got the warning as well but I guarantee you guys that the download is absolutely safe.

            I'll try to explain why:
            The installer is created with Pimpbot, which is used for 99% of all AVS installers. It is open-source and absolutely safe. Pimpbot is basically NSIS with a GUI to easily create AVS, SPS and milkdrop installers. Older versions of pimpbot are known to give false positives - just search the NSIS sub forums for false positives and pick any thread. Also read this thread and especially post #24.

            If you're after this still afraid of running the installer, you can also simply open it in 7-zip instead and choose to install it manually.

            You don't need to extract the files in the $[pluginsdir] directory as they are only meant for the installer itself.
            Extract the files in $[32] and $[33] to ..\winamp\plugins\avs\
            Extract the files in $_OUTDIR to ..\winamp\plugins\avs\frames.of.reality\

            I hope this makes things clear because it really is worth the trouble.

            But still, thanks for reporting, especially those who signed up for this
            Jesus loves you [yes, you] so much, he even died for you so that you will not need to die, but live forever


            • #7
              It happened to me too. When I tried to install the same plug in,The recapture Suite on Windows 8,I got an alert warning from Windows Defender,telling me it was malware.

              Windows Defender also said it was a severe threat and quarantined and removed the file from my system. I tested the download on my other Windows 7 and Windows XP computer and got the same alert warning from Windows Defender.

              It seems that this has happened to other people as well. So I advise that the plug in should be removed from the site as it has been detected by Windows Defender and other anti virus programs as malware. Andrea Borman.


              • #8
                ok, so here's an official response, i'm the developer of pimpbot. at the time when the recapture suite was used, pimpbot still used a header compression called upack. this compressor has two problems: 1. it's not open source and 2. it's used by a lot of true malware. combined, that's the reason why a lot of antivirus software treats as malware, even if it's not. since upack isn't open source, it's not very easy for software developers to interpret it.

                anyway, all later pimpbot installers use the open source upx compressor. a couple of tests on virustotal showed there hasn't been a single false positive. we at visbot always made sure our installers are clean, and your antivirus software likely found a false positive.

                as i wouldn't want to rely on a word by a stranger, feel invited to download the recapture suite from the visbot website. all installers on the site are using the latest pimpbot version. unfortunately, i cannot force individual visbot members to update the installers they submit to on their own (i tried, though!)

                hope this clears up the situation!
                NSIS IDE for Atom | NSIS for Visual Studio Code | NSIS for Sublime Text | NSIS.docset