Post subject: Direct264 Virus?!
Joined: 4/30/2008
Posts: 89
Location: Northeast Kansas USA, GMT -06:00
Uhh guys, I think we might have a slight problem here. I was trying to get Direct264 on my own computer, but Avast! Free Antivirus got a bit too touchy and, well... Recently I'm concerned, it could be the result of an infected x264.exe file. If this concerns the safety of some of our Windows-user encoders, this should be discussed. In the meantime, the warning probably should be raised over at sourceforge just for a good measure. x264 is a CLI program for video-compression; it doesn't intend to use the internet or modify the registry; it only will create (or modify) video files if you give it command-line arguments, but it does not modify or replace any Windows system files.
Post subject: Assembly code being checked...
Joined: 4/30/2008
Posts: 89
Location: Northeast Kansas USA, GMT -06:00
We're trying to review the assembly code of x264, but it may take us a while to figure out what's triggering the virus warnings in the VirusTotal report file. You may wish to follow our live discussion in the chat.
Senior Moderator
Joined: 8/4/2005
Posts: 5777
Location: Away
From the "live discussion" in the chat: <omnipotententity> http://www.virustotal.com/en/analisis/08ef333126bcd365aa0c82ca5b407792db6e811a302d03bb0d9063b25a52d6f3-1274951764 <omnipotententity> GuidMorrow: I ran the executable inside a debugger on my virtual machine, I did not pass any arguments, it accessed no files on my computer, it created no files on my computer and it opened no internet connections. <omnipotententity> ... GuidMorrow, I ran it in a debugger and I'm looking at the assembly code, it's not a virus. I seriously consider the issue resolved.
Warp wrote:
Edit: I think I understand now: It's my avatar, isn't it? It makes me look angry.
Joined: 4/30/2008
Posts: 89
Location: Northeast Kansas USA, GMT -06:00
Virus definition version 100527-1 installed 13 minutes ago. Same result.
Senior Moderator
Joined: 8/4/2005
Posts: 5777
Location: Away
Changing definition won't help because it's the heuristic algorithm that detects a virus. You know what heuristics is? "This is not a known virus but it looks similar."
Warp wrote:
Edit: I think I understand now: It's my avatar, isn't it? It makes me look angry.
arflech
He/Him
Joined: 5/3/2008
Posts: 1120
I also know it can't be the result of UPX compression, because I tried compressing and got "NotCompressibleException"
i imgur com/QiCaaH8 png
Sir_VG
He/Him
Player (40)
Joined: 10/9/2004
Posts: 1913
Location: Floating Tower
Kinda sounds like the issue that McAfee had with svchost.exe. Be thankful that it's not rebooting your computer constantly.
Taking over the world, one game at a time. Currently TASing: Nothing
Patashu
He/Him
Joined: 10/2/2005
Posts: 4043
Soon we'll have antivirus programs detecting you to be a potential threat to the computer and terminating you. Maybe.
My Chiptune music, made in Famitracker: http://soundcloud.com/patashu My twitch. I stream mostly shmups & rhythm games http://twitch.tv/patashu My youtube, again shmups and rhythm games and misc stuff: http://youtube.com/user/patashu
arflech
He/Him
Joined: 5/3/2008
Posts: 1120
Sir VG wrote:
Kinda sounds like the issue that McAfee had with svchost.exe. Be thankful that it's not rebooting your computer constantly.
It also sounds like the issue that Norton had with plugin-container.exe, which Firefox 3.6.4 uses to host the out-of-process plugins; that's the main thing pushing the release date back almost a month, from 4 May to 1 June.
i imgur com/QiCaaH8 png
Sir_VG
He/Him
Player (40)
Joined: 10/9/2004
Posts: 1913
Location: Floating Tower
Patashu wrote:
Soon we'll have antivirus programs detecting you to be a potential threat to the computer and terminating you. Maybe.
Well, the thing about viruses now is that a LOT of them are installed by taking advantage of people's ignorance. Why do you think those "Your Paypal account has been locked down, please log in to deal with this" emails are so prominent? Hell, there's a "facebook virus" that is caused by people being promised an upskirt video if you click a certain link on Facebook.
Taking over the world, one game at a time. Currently TASing: Nothing