Does contain a virus...or false positive... either way ?



This is what I got when I downloaded it.

This file definitely seems fishy. I ran it through two online virus scanners that use multiple engines to determine the probability of a file being malicious.

Virustotal reports 25 positives out of a possible 42.


Jotti found 10 positives out of 20.


All the scanners had different names for it, but the most common was Trojan/Compact/Generic/Win32.

I also got a warning immediately once it finished downloading from AVG saying the runtime was packed with upack. I assume this is similar to UPX exe packing, but I cba to dig through the file and figure it out.



The Winamp mods/admins should take a look at this visualization plugin, The Recapture Suite.

(I shrunk the URLs because the permalinks to the virus sites were to huge)

pogue

Definitely still malicious.

As per virustotal,

File name:
the_recapture_suite.exe
Submission date:
2011-11-07 06:31:58 (UTC)
Current status:
finished
Result:
28 /42 (66.7%)

just my 2 cents

Just wanted to add that as of Feb 13th 2012 10:20 pm Norton etc. still reports this as bad, after seeing how many ppl are reporting this one I have to wonder why it is still here. I have been using winamp since it came out and this is the first time i found a virus in any plugin i wanted to download. I know you guys take care of this stuff, so if you know then why is it here? Just curious...

oh, and i don't have my Norton settings very high, but it blocks the download completely, doesn't even give me an option to tell it otherwise ...

Sorry for not posting here earlier but I figured false warnings and NSIS installers were discussed often enough already throughout the forums...

I'm the reviewer who put it on the site and I could (and certainly would) take it down if I had any doubts about the safety of the file.

I got the warning as well but I guarantee you guys that the download is absolutely safe.

I'll try to explain why:
The installer is created with Pimpbot, which is used for 99% of all AVS installers. It is open-source and absolutely safe. Pimpbot is basically NSIS with a GUI to easily create AVS, SPS and milkdrop installers. Older versions of pimpbot are known to give false positives - just search the NSIS sub forums for false positives and pick any thread. Also read this thread and especially post #24.

If you're after this still afraid of running the installer, you can also simply open it in 7-zip instead and choose to install it manually.

You don't need to extract the files in the $[pluginsdir] directory as they are only meant for the installer itself.
Extract the files in $[32] and $[33] to ..\winamp\plugins\avs\
Extract the files in $_OUTDIR to ..\winamp\plugins\avs\frames.of.reality\

I hope this makes things clear because it really is worth the trouble.


But still, thanks for reporting, especially those who signed up for this

It happened to me too. When I tried to install the same plug in,The recapture Suite on Windows 8,I got an alert warning from Windows Defender,telling me it was malware.

Windows Defender also said it was a severe threat and quarantined and removed the file from my system. I tested the download on my other Windows 7 and Windows XP computer and got the same alert warning from Windows Defender.

It seems that this has happened to other people as well. So I advise that the plug in should be removed from the site as it has been detected by Windows Defender and other anti virus programs as malware. Andrea Borman.

ok, so here's an official response, i'm the developer of pimpbot. at the time when the recapture suite was used, pimpbot still used a header compression called upack. this compressor has two problems: 1. it's not open source and 2. it's used by a lot of true malware. combined, that's the reason why a lot of antivirus software treats as malware, even if it's not. since upack isn't open source, it's not very easy for software developers to interpret it.

anyway, all later pimpbot installers use the open source upx compressor. a couple of tests on virustotal showed there hasn't been a single false positive. we at visbot always made sure our installers are clean, and your antivirus software likely found a false positive.

as i wouldn't want to rely on a word by a stranger, feel invited to download the recapture suite from the visbot website. all installers on the site are using the latest pimpbot version. unfortunately, i cannot force individual visbot members to update the installers they submit to winamp.com on their own (i tried, though!)

hope this clears up the situation!