• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

Malware Detection in 8.1.2.0 Download

Indyrod

Indyrod

Well-Known Member
Thread Starter
Joined
May 2, 2012
Messages
219
Likes
5
I got a malware detection for "I.EXE" when attempting to install SetupAnyDVD.exe for 8.1.2.0. I also received a popup saying I was running 8.1.2.0 and the current version is 8.1.2.3 . I clicked the Setup EXE a second time, and got the malware detection "I.EXE" again. Both times, Webroot quarantined I.EXE. 8.1.2.0 did install, but there is definitely a problem somewhere within the new Anydvd install program. what's going on?

EDIT:
I researched I.EXE and it says it is Malware coming from China.
 
Check if the digital signature is intact. That said, that version is obsolete. 8130 is out. We see this frequently. Probably as always a false positive.

Verstuurd vanaf mijn Nexus 7 met Tapatalk
 
WARNING - I think you may have been hacked !!

if you go to https://redfox.bz/download you get a different page to https://WWW.redfox.bz (no WWW on first link

The rogue page is offering 8.1.2 as a download and it doesn't look like a very nice program !

The rogue page is also the one that opens if you answer "Yes" to the automatic update prompt !!!
 
Indyrod said:
I got a malware detection for "I.EXE" when attempting to install SetupAnyDVD.exe for 8.1.2.0. I also received a popup saying I was running 8.1.2.0 and the current version is 8.1.2.3 . I clicked the Setup EXE a second time, and got the malware detection "I.EXE" again. Both times, Webroot quarantined I.EXE. 8.1.2.0 did install, but there is definitely a problem somewhere within the new Anydvd install program. what's going on?

EDIT:
I researched I.EXE and it says it is Malware coming from China.
Click to expand...
We are investigating this problem.
 
Ch3vr0n said:
Check if the digital signature is intact. That said, that version is obsolete. 8130 is out. We see this frequently. Probably as always a false positive.

Verstuurd vanaf mijn Nexus 7 met Tapatalk
Click to expand...


How do I do that? These are popups, how do I check a digital signature?


somebody must have hacked or duplicated your Forum too, because when I downloaded the older version from that page, it said 8130 was beta. I did download and install 8130 from the corrected web page, and had no problems. Wonder how they got the popups to fool us. glad my Webroot caught the hacked EXE. Users need to be warned about this.
 
Indyrod said:
I'm uploading the hacked EXE file so you can examine it. Now I see the main difference, it does not have the version number as part of the file name.
Click to expand...

I home someone EXAMINES it and explains EXACTLY what it may have done and how to check - PLEASE??
-W
 
Clams said:
I home someone EXAMINES it ...
Click to expand...
One of our devs is doing this right now inside a VM. I lack both the skill and the courage to do it...
 
James said:
One of our devs is doing this right now inside a VM. I lack both the skill and the courage to do it...
Click to expand...

Thank you - I'll be back to look in a bit.
I mean I get that the file in the file was called "1.exe" but from there..........
-W
 
hehe, though on a VM the worst it can do is cripple the VM. Delete VM instance, start again, problem solved :D

Though we all are glad you're defying who you are ;) (k) :love:
 
Clams said:
Thank you - I'll be back to look in a bit.
I mean I get that the file in the file was called "1.exe" but from there..........
-W
Click to expand...

it's I-EXE not 1.exe (wrong)



EDIT: wrong info on my part, it is 1.exe
 
Last edited:
Just tried to download 8.1.2.0 and got a message from google chrome "this file is dangerous so chrome blocked it" even thou i
had downloaded it from red fox site a while ago and have used it. Seems like a recent problem. So far no issues on the computer.
 
Ch3vr0n said:
hehe, though on a VM the worst it can do is cripple the VM. Delete VM instance, start again, problem solved :D

Though we all are glad you're defying who you are ;) (k) :love:
Click to expand...

Actually, these days there exists attack vectors that can cross the barrier between the VM and host machine. They can also attack machines on the network they are connected to (like WannaCry does using the SMB exploit).
 
I guess you have been hacked.
You have two different sites depending on me going to www.redfox.bz or just redfox.bz. Seems like someone have replaced part of you web. domain.
The sertificate is OK on both sites, so I assume this is located on your server.
I downloaded from www.redfox.bz - where the downloadable product was redfox anydvd hd 8.1.2.0.
That caused several warnings and as you can see windows defender detected and quarantined a trojan virus.

I have to say that I'm not very happy about this - and that is very gently put!
Your site is currently spreading virus. You should take your system offline right now until you get control over the situation! Or is this on purpose?
 

Attachments

  • fake redfox.png
    fake redfox.png
    385.5 KB · Views: 22
  • redfox-trojan.png
    redfox-trojan.png
    116.9 KB · Views: 18
You must log in or register to reply here.
Back
Top