Malware within VLC 2.2.4 for Windows

Microsoft Windows specific usage questions
Forum rules
Please post only Windows specific questions in this forum category. If you don't know where to post, please read the different forums' rules. Thanks.
NeroBR
New Cone
New Cone
Posts: 1
Joined: 18 Jul 2016 07:20

Malware within VLC 2.2.4 for Windows

Postby NeroBR » 18 Jul 2016 07:37

Both the ZIP and 7ZIP archives of VLC 2.2.4 for Windows contain a file named "spad-setup.exe", which Avira and Avast identify as containing the "TR/Crypt.ZPACK.Gen2" malware. At the same time VLC writes the following registry keys intended to hide the icon for "spad-setup.exe" and reinstall it if it gets deleted (see below).
I am certain that this is not a false positive. Is the presence of this file intentional?

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\VLC\InstallInfo]
"HideIconsCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /HideIcons /S"
"ShowIconsCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /ShowIcons /S"
"ReinstallCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /Reinstall /S"
"IconsVisible"=dword:00000001

ParrotSlave
New Cone
New Cone
Posts: 2
Joined: 09 Apr 2013 20:06

Re: Malware within VLC 2.2.4 for Windows

Postby ParrotSlave » 08 Sep 2016 09:43

This is strange. I was using Registry First Aid (which I've used for 15-odd years) to check the registry, and found this: https://scontent.fhou1-2.fna.fbcdn.net/ ... e=5838298A, showing three invalid values related to VLC. (I haven't finished looking through those yet; there might be more elsewhere.) Naturally, I looked in C:\Program Files\VideoLAN\VLC for spad-setup.exe, but couldn't find it.

Then I asked my friend Google about spad-setup.exe, which led me here. So I took the exe file for VLC, vlc-2.2.4-win64.exe, and used 7-zip to extract all the files in into a new folder, then searched that folder. I couldn't find spad-setup.exe there either. The reg entries must be left over from a previous installation.

The 64-bit installer is only available as an .exe file, not a zip, so, since NeroBR mentioned the zip files, I downloaded the 7zip version. Yes, it does contain spad-setup.exe. However, my Kaspersky, my Malwarebytes Pro, and my SuperAntiSpyware Pro [full versions each, simultaneously active, on Win8.1] all said that the file's clean, so I submitted it to VirusTotal, which found only one out of 57 of the available scanners counted it as a positive. That was from "Rising," an anti-virus I've never heard of, which thought it was Malware.Generic!2mU7ABVkVjL@2 (thunder). See the analysis at https://www.virustotal.com/ro/file/11f7 ... /analysis/.

In other words, I wouldn't worry about it being malware.

Rapy
New Cone
New Cone
Posts: 3
Joined: 19 Nov 2016 06:13

Re: Malware within VLC 2.2.4 for Windows

Postby Rapy » 19 Nov 2016 08:16

I would'nt think this is a maleware .. it comes with the latest build .. look for youself:
http://download.videolan.org/pub/videol ... 2.4/win64/ (pick any build, open the archive and you'll see this very spad-setup.exe file along with their .nsi files)

Now is this legit, well i'm pretty sure it is, otherwise the whole VideoLan organisation would be corrupt.
Of course, some confirmation from them on the legitimacy of this file on this very thread would be appreciated..

Rémi Denis-Courmont
Developer
Developer
Posts: 15265
Joined: 07 Jun 2004 16:01
VLC version: master
Operating System: Linux
Contact:

Re: Malware within VLC 2.2.4 for Windows

Postby Rémi Denis-Courmont » 19 Nov 2016 17:00

The normal installer does contain spad-setup.exe.
Rémi Denis-Courmont
https://www.remlab.net/
Private messages soliciting support will be systematically discarded

ParrotSlave
New Cone
New Cone
Posts: 2
Joined: 09 Apr 2013 20:06

Re: Malware within VLC 2.2.4 for Windows

Postby ParrotSlave » 19 Nov 2016 22:51

Exe files are archives. The easy way to see what's in them is to open them with 7Zip. Right-click on the exe file, click on 7-Zip, then select--Extract to "vlc-2.2.4-win64\" --(for a 64-bit system). You will then have the entire exe file as an archive, a folder named vlc-2.2.4-win64, and are free to peruse it as you wish. There is no spad-setup.exe among those files. There is no spad-anything in them.

The base folder contains five sub-folders, $PLUGINSDIR, locale, lua, plugins, and skins, as well as the individual files, AUTHORS.txt, axvIc.d11, axvlc.dll.manifest, COPYING.txt, libvlc.dll, libvlccore.dll, NEWS.txt, npvIc.d11, npvlc.dll.manifest, README.txt, THANKS.txt, uninstall.exe.nsis, vlc.exe, vlc.exe.manifest, and vlc-cache-gen.exe.

None of those sub-folders or their sub-folders contain spad.exe. On the off-chance that there might be a spad.exe in the two exe files within the archive, vlc.exe and vld-cache-gen.exe, since no normal search is going to look inside an exe file, open both of those with 7-zip and examine those archives also: there is no spad-setup.exe in them. There is no spad-anything in them.

I checked VLC 1.1.9 also. It is available here as vlc-1.1.9.tar.bz2. Open that with 7Zip, extract the tar file, then open the tar files as an archive. It's easier to do a complete search by extracting it as an archive (i.e., into a folder) than it is to "open inside" of 7Zip. There is no spad-setup.exe or spad-anything in it either.


Return to “VLC media player for Windows Troubleshooting”

Who is online

Users browsing this forum: No registered users and 74 guests