MM 4.1.1.1703.exe flagged as malicious by Symantec

[EvilPeppard]

I quickly looked around, but did not see another post on this.

I just downloaded the MediaMonkey 4.1.1.1703 installer and Symantec is flagging the install file as malicious. Screenshot included.

I tried this on my work machine using Symantec Endpoint Protection 12.1.4013.4013, and on my home media computer running Norton Internet Security 21.2.0.38. Both with the same result (see included screenshot).

Using my game rig running BitDefender Total Security, version 17.27.0.1146, the file downloaded and installed fine.

Hope all this helps.

[Lowlander]

It's not uncommon to see this, they always end up being false positives. Make sure you do keep your signatures up to date as sometimes new signatures already have fixed the problem.

http://www.mediamonkey.com/support/inde ... icleid=110

[Phil_bassman]

I'm trying to install 4.1.1.1703, but Norton says it has the "Suspicious.Cloud.9" Trojan/Virus.

Not fun...

[EvilPeppard]

It's not uncommon to see this, they always end up being false positives. Make sure you do keep your signatures up to date as sometimes new signatures already have fixed the problem.

http://www.mediamonkey.com/support/inde ... icleid=110

Thanks Lowlander.

My definitions are up to date on both machines running Symantec. I will wait for another definition update, then try again.

Thanks for the quick response.

[rusty]

Thanks for the reports--I've confirmed that the downloaded file is indeed the same one that was posted a couple of weeks ago, and have also tested the file against Avast Antivirus. It's definitely a false positive.

If want to verify that you've downloaded the correct file, the MD5 checksum for the mediamonkey 4.1.1.1703 setup file should be: 698d0ae16fa03cb3f900edeedd674eec

I've just filed a false positive report with Norton/Symantec, so hopefully they'll fix this shortly.

-Rusty

[EvilPeppard]

fyi, if you're concerned about whether you've downloaded the correct file, the MD5 checksum for the mediamonkey 4.1.1.1703 setup file should be: 698d0ae16fa03cb3f900edeedd674eec

I've just filed a false positive report with Norton/Symantec.

-Rusty

Thanks, Rusty.

Have a great weekend.

[Peke]

Just to add more complete Hash values to Rusty MD5:
MultiAnalyze kink https://www.virustotal.com/file/33d253b ... /analysis/

Code: Select all

MediaMonkey_4.1.1.1703.exe:
Verified:	Signed
Signing date:	20:13 31.3.2014
Publisher:	Ventis Media
Description:	MediaMonkey Setup                                           
Product:	MediaMonkey                                                 
Prod version:	4.1                 
File version:	                    
Machine Type:	32-bit
CRC-32: 701CC314
MD4: C7916C1F81534D8103FE7DA43EB91175
MD5: 698D0AE16FA03CB3F900EDEEDD674EEC
SHA1: EBC136183043CB435204AE7D8E9791A4C194B1A2
PESHA1: A6D2620BB5624279E899CCE185D95CED6E317A30
PE256: D515BADF7399E972AD4770CD726BF17264BA8E1134FECDFFCBD5CB3B3C18FFF5
SHA256: 33D253BD2FC69ECFBCEF031EF222940665279F250C8106ABA70AB9F724D1452B

and

Code: Select all

MediaMonkey_4.1.1.1703.exe:
	Verified:	Signed
	Catalog:	MediaMonkey_4.1.1.1703.exe
	Signers:
	   Ventis Media
		Status:		Valid
		Valid Usage:	Code Signing, 1.3.6.1.4.1.311.2.1.22
		Serial Number:	47 F8 7C F4 9B 28 AC 9C 34 F3
				B6 E5 78 5C 97 15
		Thumbprint:	F5019766380C726DB6A3E219E33C6941C92BE679
		Algorithm:	SHA1
		Valid from:	2:00 20.8.2013
		Valid to:	1:59 20.10.2015
	   Thawte Code Signing CA - G2
		Status:		Valid
		Valid Usage:	Client Auth, Code Signing
		Serial Number:	47 97 4D 78 73 A5 BC AB 0D 2F
				B3 70 19 2F CE 5E
		Thumbprint:	808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
		Algorithm:	SHA1
		Valid from:	2:00 8.2.2010
		Valid to:	1:59 8.2.2020
	   thawte
		Status:		Valid
		Valid Usage:	Server Auth, Client Auth,
				Email Protection, Code Signing
		Serial Number:	34 4E D5 57 20 D5 ED EC 49 F4
				2F CE 37 DB 2B 6D
		Thumbprint:	91C6D6EE3E8AC86384E548C299295C756C817B81
		Algorithm:	SHA1
		Valid from:	2:00 17.11.2006
		Valid to:	1:59 17.7.2036
	Signing date:	20:13 31.3.2014
	Counter Signers:
	   Symantec Time Stamping Services Signer - G4
		Status:		Valid
		Valid Usage:	Timestamp Signing
		Serial Number:	0E CF F4 38 C8 FE BF 35 6E 04
				D8 6A 98 1B 1A 50
		Thumbprint:	65439929B67973EB192D6FF243E6767ADF0834E4
		Algorithm:	SHA1
		Valid from:	2:00 18.10.2012
		Valid to:	1:59 30.12.2020
	   Symantec Time Stamping Services CA - G2
		Status:		Valid
		Valid Usage:	Timestamp Signing
		Serial Number:	7E 93 EB FB 7C C6 4E 59 EA 4B
				9A 77 D4 06 FC 3B
		Thumbprint:	6C07453FFDDA08B83707C09B82FB3D15F35336B1
		Algorithm:	SHA1
		Valid from:	2:00 21.12.2012
		Valid to:	1:59 31.12.2020
	   Thawte Timestamping CA
		Status:		Valid
		Valid Usage:	Timestamp Signing
		Serial Number:	00
		Thumbprint:	BE36A4562FB2EE05DBB3D32323ADF445084ED656
		Algorithm:	MD5
		Valid from:	2:00 1.1.1997
		Valid to:	1:59 1.1.2021
	Publisher:	Ventis Media
	Description:	MediaMonkey Setup                                           
	Product:	MediaMonkey                                                 
	Prod version:	4.1                 
	File version:	                    
	MachineType:	32-bit
	Binary Version:	0.0.0.0
	Original Name:	n/a
	Internal Name:	n/a
	Copyright:	Copyright © 2000-2011 Ventis Media Inc.                                                            
	Comments:	This installation was built with Inno Setup.
	MD5:	698D0AE16FA03CB3F900EDEEDD674EEC
	SHA1:	EBC136183043CB435204AE7D8E9791A4C194B1A2
	PESHA1:	A6D2620BB5624279E899CCE185D95CED6E317A30
	PE256:	D515BADF7399E972AD4770CD726BF17264BA8E1134FECDFFCBD5CB3B3C18FFF5
	SHA256:	33D253BD2FC69ECFBCEF031EF222940665279F250C8106ABA70AB9F724D1452B
	VT detection:	0/51
	VT link:	https://www.virustotal.com/file/33d253bd2fc69ecfbcef031ef222940665279f250c8106aba70ab9f724d1452b/analysis/
	Manifest:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">

<assemblyIdentity

    name="JR.Inno.Setup"

    processorArchitecture="x86"

    version="1.0.0.0"

    type="win32"/>

<description>Inno Setup</description>

<dependency>

    <dependentAssembly>

        <assemblyIdentity

            type="win32"

            name="Microsoft.Windows.Common-Controls"

            version="6.0.0.0"

            processorArchitecture="x86"

            publicKeyToken="6595b64144ccf1df"

            language="*"
        />
    </dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker"            uiAccess="false"/>
        </requestedPrivileges>
    </security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
        <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
</application>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
        <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
        <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
    </application>
</compatibility>
</assembly>