Win32/Packed.Themida detected as threat in windows installer?
8,031 views
Skip to first unread message
nab
Jan 10, 2012, 3:46:27 AM1/10/12
to Clementine Music Player
Hi,
I just downloaded the Clementine 1.0 installer for Windows as
Clementine auto-updater told me it's available.
My anti-virus (ESET NOD32) told me there is a spyware or some
potentially unwanted application, called Win32/Packed.Themida.
From what I understand, it's a packager to protect software from
cracking, and is effectively used for malware.
As Clementine is OSS, I don't think it needs any anti cracking
software...
So my question is: is this warning legit? Do you use this Themida in
the Windows Installer, in which case I can ignore that warning?
Thanks,
Urs
I just downloaded the Clementine 1.0 installer for Windows as
Clementine auto-updater told me it's available.
My anti-virus (ESET NOD32) told me there is a spyware or some
potentially unwanted application, called Win32/Packed.Themida.
From what I understand, it's a packager to protect software from
cracking, and is effectively used for malware.
As Clementine is OSS, I don't think it needs any anti cracking
software...
So my question is: is this warning legit? Do you use this Themida in
the Windows Installer, in which case I can ignore that warning?
Thanks,
Urs
Arnaud BIENNER
Jan 10, 2012, 4:09:52 AM1/10/12
to clementi...@googlegroups.com
Hi,
If you got the installer from the official website (http://www.clementine-player.org/ or https://code.google.com/p/clementine-player/downloads/detail?name=ClementineSetup-1.0.0.exe) there is no reason to have this kind of warning.
As the temporary work-around I suggest you to ignore this warning.
As a long-term solution, I suggest you to stop using Windows and move to a real OS, like a GNU/Linux distribution, where you will not be disturbed by annoying viruses alert all the time ;)
Arnaud
If you got the installer from the official website (http://www.clementine-player.org/ or https://code.google.com/p/clementine-player/downloads/detail?name=ClementineSetup-1.0.0.exe) there is no reason to have this kind of warning.
As the temporary work-around I suggest you to ignore this warning.
As a long-term solution, I suggest you to stop using Windows and move to a real OS, like a GNU/Linux distribution, where you will not be disturbed by annoying viruses alert all the time ;)
Arnaud
2012/1/10 nab <urs.schro...@gmail.com>
Daniel Torre
Jan 10, 2012, 4:10:30 AM1/10/12
to clementi...@googlegroups.com
Maybe your Antivirus is giving you a false positive. because I had no problems with a (grrr... crappy) Norton Antivirus.
So far the software has not given any malware-related problem, but if you feel like the file you have got its infected... maybe you need to try to analize it with different antivirus and even maybe give your system an analysis because it may even be your end that is affected (Remember that Windows is very prone to get infected).
Also, you may give a try to the daily builds, and see if this happens with them too.
(Daily builds are located at http://builds.clementine-player.org/win32/release/ for Windows)
nab
Jan 10, 2012, 6:16:43 AM1/10/12
to Clementine Music Player
Yes, I also think there is no reason to get this on the official
installer, that's why I'm asking...
For your long term solution. I'm a long term Debian user, that's why I
know about Clementine, actually... This is my work machine, so I'm
really weary about installing things making spyware warnings...
Getting my whole company to switch from Windows to GNU/Linux will
still take work...
u
> If you got the installer from the official website (http://www.clementine-player.org/orhttps://code.google.com/p/clementine-player/downloads/detail?name=Cle...)
>
> Arnaud
>
> 2012/1/10 nab <urs.schroffeneg...@gmail.com>
installer, that's why I'm asking...
For your long term solution. I'm a long term Debian user, that's why I
know about Clementine, actually... This is my work machine, so I'm
really weary about installing things making spyware warnings...
Getting my whole company to switch from Windows to GNU/Linux will
still take work...
u
> If you got the installer from the official website (http://www.clementine-player.org/orhttps://code.google.com/p/clementine-player/downloads/detail?name=Cle...)
> there is no reason to have this kind of warning.
>
> As the temporary work-around I suggest you to ignore this warning.
> As a long-term solution, I suggest you to stop using Windows and move to a
> real OS, like a GNU/Linux distribution, where you will not be
> disturbed byannoyingviruses alert all the time ;)
>
> As the temporary work-around I suggest you to ignore this warning.
> As a long-term solution, I suggest you to stop using Windows and move to a
> real OS, like a GNU/Linux distribution, where you will not be
>
> Arnaud
>
> 2012/1/10 nab <urs.schroffeneg...@gmail.com>
nab
Jan 10, 2012, 6:21:54 AM1/10/12
to Clementine Music Player
Thanks for the suggestions, looks like the daily build also triggers
the same alert.
I'll try to have a look with another software also, and run antivirus
scans routinely, will run a complete scan to be sure.
I was wondering if the ones working on the installer had any ideas if
something like Themida is used under for the installer. (It's David, I
guess, from the GIT log). In any event, if it's not used, Clementine
should get rid of it, and that's not a warning that gives a good image
to the users...
I'll keep you updated if I find something.
On Jan 10, 10:10 am, Daniel Torre <kada...@gmail.com> wrote:
> Maybe your Antivirus is giving you a false positive. because I had no
> problems with a (grrr... crappy) Norton Antivirus.
> So far the software has not given any malware-related problem, but if you
> feel like the file you have got its infected... maybe you need to try to
> analize it with different antivirus and even maybe give your system an
> analysis because it may even be your end that is affected (Remember that
> Windows is very prone to get infected).
>
> Also, you may give a try to the daily builds, and see if this happens with
> them too.
> (Daily builds are located athttp://builds.clementine-player.org/win32/release/for Windows)
the same alert.
I'll try to have a look with another software also, and run antivirus
scans routinely, will run a complete scan to be sure.
I was wondering if the ones working on the installer had any ideas if
something like Themida is used under for the installer. (It's David, I
guess, from the GIT log). In any event, if it's not used, Clementine
should get rid of it, and that's not a warning that gives a good image
to the users...
I'll keep you updated if I find something.
On Jan 10, 10:10 am, Daniel Torre <kada...@gmail.com> wrote:
> Maybe your Antivirus is giving you a false positive. because I had no
> problems with a (grrr... crappy) Norton Antivirus.
> So far the software has not given any malware-related problem, but if you
> feel like the file you have got its infected... maybe you need to try to
> analize it with different antivirus and even maybe give your system an
> analysis because it may even be your end that is affected (Remember that
> Windows is very prone to get infected).
>
> Also, you may give a try to the daily builds, and see if this happens with
> them too.
David Sansome
Jan 10, 2012, 6:35:46 AM1/10/12
to clementi...@googlegroups.com
This is unfortunately just a false positive - we don't use any packers
on the installer other than the default LZMA compression provided by
NSIS. It looks like only two antivirus engines are picking up this
false positive:
http://www.virustotal.com/file-scan/report.html?id=b98343f7dec7e86ace3e9e32e349f42a5ab9189995d02f26b2af1cfc24f11bd6-1326001431
on the installer other than the default LZMA compression provided by
NSIS. It looks like only two antivirus engines are picking up this
false positive:
http://www.virustotal.com/file-scan/report.html?id=b98343f7dec7e86ace3e9e32e349f42a5ab9189995d02f26b2af1cfc24f11bd6-1326001431
You might want to report this as a false positive to your AV vendor,
maybe they'll add an exception for it.
David
Laura Seabrook
Jan 10, 2012, 6:12:06 AM1/10/12
to clementi...@googlegroups.com
On 10/01/2012 8:09 PM, Arnaud BIENNER wrote:
As a long-term solution, I suggest you to stop using Windows and move to a real OS, like a GNU/Linux distribution, where you will not be disturbed by annoying viruses alert all the time ;)
Of course there are some of us who have ALL OF THE ABOVE, with
multiboot systems. If Adobe released their CS5 suite in Linux I'd
abandon Windows pretty quickly, but my Masters in Fine Art requires
that. I've also had that false positive, but I looked it up and told
the virus checker that it was WRONG. Oddly enough there must be
viruses that attack Linux, because AVG is now selling aa version of
their software for Linux (see
http://free.avg.com/us-en/download.prd-alf)!
--
Laura Ess
--
Laura Ess
Arnaud BIENNER
Jan 11, 2012, 5:17:34 AM1/11/12
to clementi...@googlegroups.com
Well... this was kind of joke...
I prefer Linux but I know that not everyone does, and that's it's sometimes not possible to use something else than Windows.
I definitely do not want to launch a debate here about the pro and cons of Linux vs Windows.
I prefer Linux but I know that not everyone does, and that's it's sometimes not possible to use something else than Windows.
I definitely do not want to launch a debate here about the pro and cons of Linux vs Windows.
2012/1/10 Laura Seabrook <laura.s...@gmail.com>
Jean Michael Bournet
May 12, 2013, 3:31:21 PM5/12/13
to clementi...@googlegroups.com
I think Clementine is a spyware, because my Kubuntu is modified negatively. This is wanton aggression. Now i must reset my Kubuntu and as a result i will lose my saved settings. Be careful! Don't install it! People of Eastern Bloc are dangerous...
10 Ocak 2012 Salı 10:46:27 UTC+2 tarihinde nab yazdı:
10 Ocak 2012 Salı 10:46:27 UTC+2 tarihinde nab yazdı:
Legion 1978
May 13, 2013, 3:07:33 PM5/13/13
to clementi...@googlegroups.com
hi. Clementine jumps right to the middle of a new album, without
finishing the one currently being played.
I dont know if the output below is enough, i just copied the jump part.
13:58:19.187 DEBUG TagReader:590 Saving song
statistics tags to "/media/Music/Therion/2009 - The Miskolc
Experience/11 - Sirius B.mp3"
13:58:19.189 DEBUG TagReader:698 Setting FMPSFrame:
"FMPS_PlayCount" , "7"
13:58:19.189 DEBUG TagReader:698 Setting FMPSFrame:
"FMPS_Rating_Amarok_Score" , "0.43"
13:58:19.190 DEBUG LibraryWatcher:594 Subdir
"/media/Music/Therion/2009 - The Miskolc Experience" changed under
directory "/media/DATA/Music" id 1
13:58:19.191 DEBUG MessageReply<MessageType>:93 Releasing ID 4205
(finished)
13:58:19.978 DEBUG unknown " <lfm status="ok">
13:58:19.978 DEBUG unknown <scrobbles ignored="0" accepted="1">
13:58:19.978 DEBUG unknown <scrobble>
13:58:19.978 DEBUG unknown <track corrected="0">Sirius B</track>
13:58:19.978 DEBUG unknown <artist corrected="0">Therion</artist>
13:58:19.979 DEBUG unknown <album corrected="0">The Miskolc
Experience</album>
13:58:19.979 DEBUG unknown <albumArtist corrected="0"/>
13:58:19.979 DEBUG unknown <timestamp>1368471383</timestamp>
13:58:19.979 DEBUG unknown <ignoredMessage code="0"/>
13:58:19.979 DEBUG unknown </scrobble>
13:58:19.979 DEBUG unknown </scrobbles>
13:58:19.979 DEBUG unknown </lfm>
13:58:19.979 DEBUG unknown "
13:58:20.689 DEBUG LibraryWatcher:340 "/media/Music/Therion/2009 - The
Miskolc Experience/11 - Sirius B.mp3" changed
13:58:20.689 DEBUG TagReader:118 Reading tags from
"/media/Music/Therion/2009 - The Miskolc Experience/11 - Sirius B.mp3"
13:58:20.689 DEBUG _MessageReplyBase:28 Waiting on ID 4206
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_Rating" , "0.8"
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_PlayCount" , "7"
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_Rating_Amarok_Score" , "0.43"
13:58:20.690 DEBUG MessageReply<MessageType>:93 Releasing ID 4206
(finished)
13:58:20.691 DEBUG _MessageReplyBase:30 Acquired ID 4206
13:58:24.073 DEBUG MainWindow:1150 position 120
scrobble point 115 status 1
13:58:34.073 DEBUG MainWindow:1150 position 130
scrobble point 115 status 1
13:58:44.072 DEBUG MainWindow:1150 position 140
scrobble point 115 status 1
13:58:54.072 DEBUG MainWindow:1150 position 150
scrobble point 115 status 1
13:59:04.072 DEBUG MainWindow:1150 position 160
scrobble point 115 status 1
13:59:14.072 DEBUG MainWindow:1150 position 170
scrobble point 115 status 1
13:59:24.075 DEBUG MainWindow:1150 position 180
scrobble point 115 status 1
13:59:34.073 DEBUG MainWindow:1150 position 190
scrobble point 115 status 1
13:59:44.072 DEBUG MainWindow:1150 position 200
scrobble point 115 status 1
13:59:54.073 DEBUG MainWindow:1150 position 210
scrobble point 115 status 1
14:00:04.073 DEBUG MainWindow:1150 position 220
scrobble point 115 status 1
14:00:13.180 DEBUG unknown QMap(("album",
"Killing The Dragon")("artist", "Dio")("context", "")("duration",
"248")("method", "Track.updateNowPlaying")("track", "Push"))
14:00:13.319 DEBUG MainWindow:1150 position 0 scrobble
point 124 status 0
14:00:13.340 DEBUG Playlist:1532 Setting metadata
for QUrl( "file:///media/Music/Dio/2002 - Killing The Dragon/06 -
Push.mp3" ) to "Dio" "Push"
finishing the one currently being played.
I dont know if the output below is enough, i just copied the jump part.
13:58:19.187 DEBUG TagReader:590 Saving song
statistics tags to "/media/Music/Therion/2009 - The Miskolc
Experience/11 - Sirius B.mp3"
13:58:19.189 DEBUG TagReader:698 Setting FMPSFrame:
"FMPS_PlayCount" , "7"
13:58:19.189 DEBUG TagReader:698 Setting FMPSFrame:
"FMPS_Rating_Amarok_Score" , "0.43"
13:58:19.190 DEBUG LibraryWatcher:594 Subdir
"/media/Music/Therion/2009 - The Miskolc Experience" changed under
directory "/media/DATA/Music" id 1
13:58:19.191 DEBUG MessageReply<MessageType>:93 Releasing ID 4205
(finished)
13:58:19.978 DEBUG unknown " <lfm status="ok">
13:58:19.978 DEBUG unknown <scrobbles ignored="0" accepted="1">
13:58:19.978 DEBUG unknown <scrobble>
13:58:19.978 DEBUG unknown <track corrected="0">Sirius B</track>
13:58:19.978 DEBUG unknown <artist corrected="0">Therion</artist>
13:58:19.979 DEBUG unknown <album corrected="0">The Miskolc
Experience</album>
13:58:19.979 DEBUG unknown <albumArtist corrected="0"/>
13:58:19.979 DEBUG unknown <timestamp>1368471383</timestamp>
13:58:19.979 DEBUG unknown <ignoredMessage code="0"/>
13:58:19.979 DEBUG unknown </scrobble>
13:58:19.979 DEBUG unknown </scrobbles>
13:58:19.979 DEBUG unknown </lfm>
13:58:19.979 DEBUG unknown "
13:58:20.689 DEBUG LibraryWatcher:340 "/media/Music/Therion/2009 - The
Miskolc Experience/11 - Sirius B.mp3" changed
13:58:20.689 DEBUG TagReader:118 Reading tags from
"/media/Music/Therion/2009 - The Miskolc Experience/11 - Sirius B.mp3"
13:58:20.689 DEBUG _MessageReplyBase:28 Waiting on ID 4206
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_Rating" , "0.8"
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_PlayCount" , "7"
13:58:20.690 DEBUG TagReader:386 Parsing FMPSFrame
"FMPS_Rating_Amarok_Score" , "0.43"
13:58:20.690 DEBUG MessageReply<MessageType>:93 Releasing ID 4206
(finished)
13:58:20.691 DEBUG _MessageReplyBase:30 Acquired ID 4206
13:58:24.073 DEBUG MainWindow:1150 position 120
scrobble point 115 status 1
13:58:34.073 DEBUG MainWindow:1150 position 130
scrobble point 115 status 1
13:58:44.072 DEBUG MainWindow:1150 position 140
scrobble point 115 status 1
13:58:54.072 DEBUG MainWindow:1150 position 150
scrobble point 115 status 1
13:59:04.072 DEBUG MainWindow:1150 position 160
scrobble point 115 status 1
13:59:14.072 DEBUG MainWindow:1150 position 170
scrobble point 115 status 1
13:59:24.075 DEBUG MainWindow:1150 position 180
scrobble point 115 status 1
13:59:34.073 DEBUG MainWindow:1150 position 190
scrobble point 115 status 1
13:59:44.072 DEBUG MainWindow:1150 position 200
scrobble point 115 status 1
13:59:54.073 DEBUG MainWindow:1150 position 210
scrobble point 115 status 1
14:00:04.073 DEBUG MainWindow:1150 position 220
scrobble point 115 status 1
14:00:13.180 DEBUG unknown QMap(("album",
"Killing The Dragon")("artist", "Dio")("context", "")("duration",
"248")("method", "Track.updateNowPlaying")("track", "Push"))
14:00:13.319 DEBUG MainWindow:1150 position 0 scrobble
point 124 status 0
14:00:13.340 DEBUG Playlist:1532 Setting metadata
for QUrl( "file:///media/Music/Dio/2002 - Killing The Dragon/06 -
Push.mp3" ) to "Dio" "Push"
Reply all
Reply to author
Forward
0 new messages