epg123.exe detected as a trojan

An evolving, supported alternative to Rovi
Forum rules
★ Download the latest EPG123 here: https://garyan2.github.io/ <> Setup guide here: https://garyan2.github.io/install.html
User avatar
garyan2

Posts: 7438
Joined: Fri Nov 27, 2015 7:23 pm
Location:

HTPC Specs: Show details

epg123.exe detected as a trojan

#1

Post by garyan2 » Sun Aug 21, 2016 2:38 am

Evidently Microsoft Security Essentials (Antivirus) now detects the original binaries of 1.0.0 as containing a trojan (Win32/Codinx.B!cl). Rather than rush a new build out that I am working on, I just recompiled the same code of 1.0.0 with a slight change in order to not be detected as a virus.

The rebuilt binary now performs the cache directory cleanup immediately after creating the mxf file rather than waiting until after the mxf file has been imported into the WMC database. That change was enough to be determined "clean". What a PITA.

You can get the new files from the website (http://epg123.garyan2.net)
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io

doniuppa@gmail.com

Posts: 7
Joined: Tue May 31, 2016 1:42 pm
Location:

HTPC Specs: Show details

#2

Post by doniuppa@gmail.com » Sun Aug 21, 2016 5:47 pm

Thank you , Gary! Works great now!

Sammy2

Posts: 1708
Joined: Fri Aug 24, 2012 7:35 pm
Location:

HTPC Specs: Show details

#3

Post by Sammy2 » Tue Aug 23, 2016 4:15 pm

Mine has run alright these past few nights. I'll check my MSE logs and download the latest compilation.

I'm willing to bet that MS just doesn't want us working around their system. This is why I have been denying windows updates for most of this year now. I do update MSE definition files though..

User avatar
STC

Posts: 6808
Joined: Mon Jun 06, 2011 4:58 pm
Location:

HTPC Specs: Show details

#4

Post by STC » Tue Aug 23, 2016 5:53 pm

MS won't have done anything to sabotage EPG. it's just one of those PITAs that can and does occur with any AV and any random clean bit of code.
By the Community, for the Community. 100% Commercial Free.

Want decent guide data back? Check out EPG123

User avatar
lachape_one

Posts: 74
Joined: Fri May 06, 2016 10:54 am
Location: Versailles, France

HTPC Specs: Show details

#5

Post by lachape_one » Tue Aug 23, 2016 6:43 pm

I have the original v1 under W10 Anniversary update, it works fine, no pb with windows defender :thumbup:

denmonta

Posts: 7
Joined: Fri Oct 26, 2012 10:09 pm
Location:

HTPC Specs: Show details

#6

Post by denmonta » Sat Sep 24, 2016 2:06 pm

Gary,
I have the latest release v1.0.1 installed and it seems that the epg123.exe is still detected as a trojan on my Windows 7 system.
Is there a fix for the latest version as well ?
Thanks.

User avatar
garyan2

Posts: 7438
Joined: Fri Nov 27, 2015 7:23 pm
Location:

HTPC Specs: Show details

#7

Post by garyan2 » Sat Sep 24, 2016 3:33 pm

Well, [insert expleteive]. Here we go again. Using MS Security Essentials.

I'll check it out.
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io

User avatar
STC

Posts: 6808
Joined: Mon Jun 06, 2011 4:58 pm
Location:

HTPC Specs: Show details

#8

Post by STC » Sat Sep 24, 2016 5:09 pm

They don't call him 'Rootkit Gary' for nothing you know.... :wave:
By the Community, for the Community. 100% Commercial Free.

Want decent guide data back? Check out EPG123

User avatar
garyan2

Posts: 7438
Joined: Fri Nov 27, 2015 7:23 pm
Location:

HTPC Specs: Show details

#9

Post by garyan2 » Sat Sep 24, 2016 8:37 pm

denmonta wrote:Gary,
I have the latest release v1.0.1 installed and it seems that the epg123.exe is still detected as a trojan on my Windows 7 system.
Is there a fix for the latest version as well ?
Thanks.
What are using that detects epg123 as a trojan? MSSE (Win7) and Defender (Win10) here are not complaining.
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io

Space

Posts: 2838
Joined: Sun Jun 02, 2013 9:44 pm
Location:

HTPC Specs: Show details

#10

Post by Space » Sat Sep 24, 2016 9:08 pm

You can use http://www.virustotal.com to scan a file with multiple anti-virus softwares.

Code: Select all

Antivirus     Result 	                       Update
Qihoo-360     HEUR/QVM03.0.0000.Malware.Gen    20160924

elorimer

Posts: 5
Joined: Sun Sep 13, 2015 2:43 pm
Location:

HTPC Specs: Show details

#11

Post by elorimer » Sat Sep 24, 2016 9:51 pm

Win7 Pro with MSE 1.229.138.0 detects and removes it as Codinx.B!cl

Reinstalled 1.01 and it immediately removed it again. 1.0 is OK.

User avatar
garyan2

Posts: 7438
Joined: Fri Nov 27, 2015 7:23 pm
Location:

HTPC Specs: Show details

#12

Post by garyan2 » Sat Sep 24, 2016 10:34 pm

All right, yah ... I'm getting the same thing now. I'm going to have to make up some new swear words ... MS is killing me with this crap.

The files are clean. MS doesn't like something about my code.
- Gary
Keeping WMC alive beyond January 2020. https://garyan2.github.io

DSperber

Posts: 359
Joined: Thu Jan 16, 2014 1:35 am
Location: Marina Del Rey, CA

HTPC Specs: Show details

#13

Post by DSperber » Sun Sep 25, 2016 9:31 am

elorimer wrote:Win7 Pro with MSE 1.229.138.0 detects and removes it as Codinx.B!cl

Reinstalled 1.01 and it immediately removed it again. 1.0 is OK.
I have 1.0.1 installed, and my Win7 Pro MSE shows version 1.229.160.0. No problem with EPG123.exe here.

denmonta

Posts: 7
Joined: Fri Oct 26, 2012 10:09 pm
Location:

HTPC Specs: Show details

#14

Post by denmonta » Sun Sep 25, 2016 10:54 am

I have Win 7 Home Premium and MSE 4.9.218.0
Virus detection: 1.229.186.0
Spyware definition version: 1.229.186.0
and it is detected as:
Trojan:Win32/Codinx.B!cl

elorimer

Posts: 5
Joined: Sun Sep 13, 2015 2:43 pm
Location:

HTPC Specs: Show details

#15

Post by elorimer » Sun Sep 25, 2016 1:46 pm

v1.0.2 seems to work fine now on W7, MSE definitions updated to .207

v1.0.2 is showing an update to 1.0.1 is available.

User avatar
IT Troll

Posts: 1172
Joined: Sun Nov 27, 2011 9:42 am
Location: Edinburgh, UK

HTPC Specs: Show details

#16

Post by IT Troll » Mon Sep 26, 2016 4:39 pm

garyan2 wrote:The files are clean. MS doesn't like something about my code.
They don't like the fact that it is keeping Media Center alive. They are trying their hardest to kill it off by starving it of EPG.
Are you a Recorded TV HD user or want to give it a try? Check out the new community-made update; Recorded TV HD v2.1.1

captain_video

Posts: 121
Joined: Sun Aug 21, 2011 8:52 pm
Location:

HTPC Specs: Show details

#17

Post by captain_video » Wed Sep 28, 2016 5:56 pm

Glad I saw this thread. I was wondering why the epg123.exe file kept disappearing on me. I'll have to see if I can exclude the file from being wiped by MSE.

mldenison

Posts: 287
Joined: Tue Sep 11, 2012 1:36 am
Location:

HTPC Specs: Show details

#18

Post by mldenison » Sat Oct 01, 2016 11:14 am

You'll be disappointed to know that there was a MS Securities Essential program update last Tuesday. When it ran its scan last night, it flagged v1.02 as a trojan. I had to authorize it and should be OK now.

User avatar
STC

Posts: 6808
Joined: Mon Jun 06, 2011 4:58 pm
Location:

HTPC Specs: Show details

#19

Post by STC » Sat Oct 01, 2016 12:18 pm

Luckily for me I run WMC on W7 with no AV. Is there a way to submit the false positive issue to MS?
By the Community, for the Community. 100% Commercial Free.

Want decent guide data back? Check out EPG123

mldenison

Posts: 287
Joined: Tue Sep 11, 2012 1:36 am
Location:

HTPC Specs: Show details

#20

Post by mldenison » Sat Oct 01, 2016 1:25 pm

STC wrote:Luckily for me I run WMC on W7 with no AV. Is there a way to submit the false positive issue to MS?
There's a setting in Essentials that automatically uploads flagged items to MS. There's no way that I see to interact with this to tell tham that a file is inappropriately flagged.

Post Reply