Download Challenge "Failed - Virus Detected"
Forum rules
★ Download the latest EPG123 here: https://garyan2.github.io/ <> Setup guide here: https://garyan2.github.io/install.html ★
★ Download the latest EPG123 here: https://garyan2.github.io/ <> Setup guide here: https://garyan2.github.io/install.html ★
-
- Posts: 5
- Joined: Tue Dec 31, 2019 12:37 am
- Location:
- HTPC Specs:
Download Challenge "Failed - Virus Detected"
This has become a bit of a challenge.
I may not even remember the exact order that got me to this place.
During configuration Microsoft Security Essentials popped up an alert to a file in my epg folder: Behavior:Win32/Presistence.EA!mi Alert level severe
Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
file:C:\Program Files (x86)\epg123\epg123Client.exe
file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk
startup:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk
Also: containerfile:C:\xxxx\epg123Setup_v1.3.3.40.zip
file:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip|
http://epg123.garyan2.net/downloads/epg ... chrome.exe
Do I just need to allow this?
Thanks for any advice you can offer.
Niles
I may not even remember the exact order that got me to this place.
During configuration Microsoft Security Essentials popped up an alert to a file in my epg folder: Behavior:Win32/Presistence.EA!mi Alert level severe
Category: Suspicious Behavior
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
file:C:\Program Files (x86)\epg123\epg123Client.exe
file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk
startup:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk
Also: containerfile:C:\xxxx\epg123Setup_v1.3.3.40.zip
file:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip|
http://epg123.garyan2.net/downloads/epg ... chrome.exe
Do I just need to allow this?
Thanks for any advice you can offer.
Niles
- garyan2
- Posts: 7480
- Joined: Fri Nov 27, 2015 7:23 pm
- Location:
- HTPC Specs:
It's been a while since any AV tool flagged my stuff. You can check VirusTotal... there are 2 engines that flag it. MSSE for some kind of trojan, and Trapmine because of a low score (never seen before). There are 69 other AV engines that don't detect anything.
Couple questions though: Why would you have the client link in the startup? Why does the link you are providing including the chrome executable?
Couple questions though: Why would you have the client link in the startup? Why does the link you are providing including the chrome executable?
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io
Keeping WMC alive beyond January 2020. https://garyan2.github.io
-
- Posts: 5
- Joined: Tue Dec 31, 2019 12:37 am
- Location:
- HTPC Specs:
I copied that dialog directly MS Security Essentials. I have no idea why any of it, but if you have any ideas what my next step should be I would appreciate it.
I would like to install the product and make it work so I can use the guide in Media Center.
I would like to install the product and make it work so I can use the guide in Media Center.
-
- Posts: 5
- Joined: Tue Dec 31, 2019 12:37 am
- Location:
- HTPC Specs:
I think I know why chrome.exe. Because now it MSSE cleans the downloaded Setup file.
- garyan2
- Posts: 7480
- Joined: Fri Nov 27, 2015 7:23 pm
- Location:
- HTPC Specs:
Well, there's nothing to clean because there is no virus or trojan. I haven't used MSSE in forever so can't remember how you can get something out of quarantine and tell it to ignore the false detects.
Can anyone chime in here? Anyone else using MSSE will probably get this as well today/tomorrow.
Can anyone chime in here? Anyone else using MSSE will probably get this as well today/tomorrow.
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io
Keeping WMC alive beyond January 2020. https://garyan2.github.io
-
- Posts: 723
- Joined: Mon Nov 05, 2012 8:05 pm
- Location: Longmont, CO
- HTPC Specs:
I run MSSE (currently up to date definitions) and I have no problem downloading or extracting the installer.
-
- Posts: 2841
- Joined: Sun Jun 02, 2013 9:44 pm
- Location:
- HTPC Specs:
You can "restore" a quarantined item in MSE using the procedure on this page:
https://smallbusiness.chron.com/remove- ... 52112.html
You can start MSE by clicking on the MSE icon in the system tray:
https://smallbusiness.chron.com/remove- ... 52112.html
You can start MSE by clicking on the MSE icon in the system tray:
-
- Posts: 5
- Joined: Tue Dec 31, 2019 12:37 am
- Location:
- HTPC Specs:
When I download the 1.3.3.30 zip file no problem. When I download 1.3.3.40 zip It flags it:
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip
file:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip|http://epg123.garyan2.net/downloads/epg ... xplore.exe
Deletes it immediately
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip
file:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip|http://epg123.garyan2.net/downloads/epg ... xplore.exe
Deletes it immediately
- garyan2
- Posts: 7480
- Joined: Fri Nov 27, 2015 7:23 pm
- Location:
- HTPC Specs:
If it will let you do 1.3.3.30, go for it. The differences are very minor and may not apply to your setup.
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io
Keeping WMC alive beyond January 2020. https://garyan2.github.io
-
- Posts: 5
- Joined: Tue Dec 31, 2019 12:37 am
- Location:
- HTPC Specs:
Will give it a try.