AnyDVD and virus/malware warning - READ before posting!

Discussion in 'General Chat' started by Ch3vr0n, Jun 17, 2017.

  1. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    Dear user,

    Due to an issue that happened multiple weeks ago where a hacker compromised a DNS caching server (with a DNS poisoning attack) a portion of the AnyDVD users were redirected to a fake website on a hacker THIRD PARTY server. The AnyDVD website itself was NOT compromised in any way.

    This fake website served a modified AnyDVD 8140 version where neither the setup file icon looked right or had an intact digital signature. This was after a while picked up by your AV software and/or browser and triggered a virus/malware warning. This currently can still produce a FALSE POSITIVE with the latest releases.

    Due to how DNS records work and the time they're saved in such a DNS caching server this can take multiple weeks to fully resolve. RedFox has taken every possible measure they could to resolve this from their end (in fact the issue was found & fixed from the redfox side, mere hours after it first happened).

    It is now up to your Antivirus software and your browser developer (whichever program you use) to fix this warning. Nothing more can be done from the RedFox side. YOU, the user however can do something. Report the false positive to you browser / AV developer and it will hopefully resolve itself soon.

    In the mean time there's 2 options

    1) If your AV program is giving the warning: Temporarily disable it and it should download and install just fine. Reactivate after installation
    2) If your browser is throwing the warning: disable your browser's "malicious website" setting and it should let you connect and download just fine. Then simply install.
    3) Some AV products are claiming AnyDVDTray.exe (or sometime another anydvd exe) is malicious. This is NOT the case if the install file has the proper digital signature. In that case, before you reactivate your virus, i recommend creating a AV file scanner FOLDER exclusion for the entire AnyDVD install directory! That way no files in the AV directory will be scanned and classed as malware. Afterwards reactivate your AV.

    Note: before you run the actual install you can rightclick the file > properties > digital signature to see if the digital signature is intact.

    No signature or signature invalid > do not install

    This post servers as a clarification for the currently ongoing issues. Please do NOT create any further topics. The RedFox staff nor forum staff can continue to repeat this. New topics if found will be moved and/or locked and linked to this message.
    vze2mp9g, FurryGuy, d00zah and 4 others like this.
  2. marcus1971

    marcus1971 New Member

    Thank you for your clarfification. Just to be sure: the signature for my file is "Shenzhen RedFox Project Technology Co.,Ltd." Is that correct? I thought so far, Redfox is situated in South America?
  3. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    It is correct and no it's not. The DOMAIN name is registered in Belize. That's it, no more no less. RedFox isn't located anywhere, they have no central location. (Which is also part of the reason why it's hard to get a good PSP)

    Sent from my Nexus 6P with Tapatalk
  4. CKENN19

    CKENN19 Well-Known Member

    This is also happening with Happening to me right now.
  5. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    Then do what post tells you.

    Verstuurd vanaf mijn Nexus 7 met Tapatalk
  6. CKENN19

    CKENN19 Well-Known Member

    Telling people to disable AV to allow the program to download is not comforting.
  7. LeGen

    LeGen New Member

    More fun. works fine with no website blocked. I just downloaded with no download issue, but now AVG insists on identifying anydvdtray as a virus and deleting it. I have the AVG antivirus file updates from June 22, 2017. I rolled back to and it is working fine. I tried multiple relaxations on virus checking and blocked scanning of the anydvd folders. No luck. I'll give it a few days and then replace AVG with an antivirus that is not pissing me off. And just as a heads up. The first time AVG found the updated anydvdtray it went into an endless virus warning loop and I had to hit the reset button on my compputer to break out. Task manager could not shut down the processes. Good luck.
  8. lions123

    lions123 Active Member

    I have ADVAST and it is blocking ANYDVD too. I did what you requested ( 1) If your AV program is giving the warning: Temporarily disable it and it should download and install just fine. Reactivate after installation) and yes it will install the program but as soon as you turn ADVAST back on and click on Anydvd icon to open it up ADVAST blocks the program from opening and puts it in the chest!
  9. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    Then I'd put a file exclusion on the entire AnyDVD installation folder. Should fix that

    Sent from my Nexus 6P with Tapatalk
  10. d00zah

    d00zah Well-Known Member

    AND report it to Avast (or any other vendor) as a 'False Positive'... please!.
  11. mmdavis

    mmdavis Well-Known Member

    After sending a couple of emails and screenshots, Eset Nod32 is no longer blocking the AnyDVD download. It was yesterday.
  12. RedFox 1

    RedFox 1 Super Moderator

    I know I send it the file to them, the day it came out, I use Eset Internet Security and they responded by testing the file and found it was not dangerous.
    autodidact likes this.
  13. Calvin Wu

    Calvin Wu New Member

    I did what you told us to do about creating an Exclusion Folder on my Avast antiviral, and it seemed worked. But the following files are still bugging me : What is" C:\programfiles(x86)\Slysoft\AnyDVD\trzA531.tmp is infected by win32:xpajgen" means ?
    It appeared after I ran a thorough boot scan with Avast and of course it was put into the chest. It looks like a Trojan to me !!
  14. d00zah

    d00zah Well-Known Member

    You installed AnyDVD & it's not unusual for an installer to create .tmp files. ZIP it up along with the installer & a download link & submit it to Avast with an explanation of how you KNOW it got there. Force 'em to clean it up, or explain why they won't.

    This has been going on for > a month now & the target just moves around.
  15. Ch3vr0n

    Ch3vr0n Translator NL & Mod

    Just delete it, AnyDVD does not use such a file. Probably a leftover from installation. You could try a clean install (remove the old installation, install fresh. That will also have it install in the RedFox folder and not the old slysoft one)