The VideoLAN Forums

Both the ZIP and 7ZIP archives of VLC 2.2.4 for Windows contain a file named "spad-setup.exe", which Avira and Avast identify as containing the "TR/Crypt.ZPACK.Gen2" malware. At the same time VLC writes the following registry keys intended to hide the icon for "spad-setup.exe" and reinstall it if it gets deleted (see below).
I am certain that this is not a false positive. Is the presence of this file intentional?

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\VLC\InstallInfo]
"HideIconsCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /HideIcons /S"
"ShowIconsCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /ShowIcons /S"
"ReinstallCommand"="\"C:\\Program Files\\VLC\\spad-setup.exe\" /Reinstall /S"
"IconsVisible"=dword:00000001

This is strange. I was using Registry First Aid (which I've used for 15-odd years) to check the registry, and found this: https://scontent.fhou1-2.fna.fbcdn.net/ ... e=5838298A, showing three invalid values related to VLC. (I haven't finished looking through those yet; there might be more elsewhere.) Naturally, I looked in C:\Program Files\VideoLAN\VLC for spad-setup.exe, but couldn't find it.

Then I asked my friend Google about spad-setup.exe, which led me here. So I took the exe file for VLC, vlc-2.2.4-win64.exe, and used 7-zip to extract all the files in into a new folder, then searched that folder. I couldn't find spad-setup.exe there either. The reg entries must be left over from a previous installation.

The 64-bit installer is only available as an .exe file, not a zip, so, since NeroBR mentioned the zip files, I downloaded the 7zip version. Yes, it does contain spad-setup.exe. However, my Kaspersky, my Malwarebytes Pro, and my SuperAntiSpyware Pro [full versions each, simultaneously active, on Win8.1] all said that the file's clean, so I submitted it to VirusTotal, which found only one out of 57 of the available scanners counted it as a positive. That was from "Rising," an anti-virus I've never heard of, which thought it was Malware.Generic!2mU7ABVkVjL@2 (thunder). See the analysis at https://www.virustotal.com/ro/file/11f7 ... /analysis/.

In other words, I wouldn't worry about it being malware.

I would'nt think this is a maleware .. it comes with the latest build .. look for youself:
http://download.videolan.org/pub/videol ... 2.4/win64/ (pick any build, open the archive and you'll see this very spad-setup.exe file along with their .nsi files)

Now is this legit, well i'm pretty sure it is, otherwise the whole VideoLan organisation would be corrupt.
Of course, some confirmation from them on the legitimacy of this file on this very thread would be appreciated..

The normal installer does contain spad-setup.exe.

Exe files are archives. The easy way to see what's in them is to open them with 7Zip. Right-click on the exe file, click on 7-Zip, then select--Extract to "vlc-2.2.4-win64\" --(for a 64-bit system). You will then have the entire exe file as an archive, a folder named vlc-2.2.4-win64, and are free to peruse it as you wish. There is no spad-setup.exe among those files. There is no spad-anything in them.

The base folder contains five sub-folders, $PLUGINSDIR, locale, lua, plugins, and skins, as well as the individual files, AUTHORS.txt, axvIc.d11, axvlc.dll.manifest, COPYING.txt, libvlc.dll, libvlccore.dll, NEWS.txt, npvIc.d11, npvlc.dll.manifest, README.txt, THANKS.txt, uninstall.exe.nsis, vlc.exe, vlc.exe.manifest, and vlc-cache-gen.exe.

None of those sub-folders or their sub-folders contain spad.exe. On the off-chance that there might be a spad.exe in the two exe files within the archive, vlc.exe and vld-cache-gen.exe, since no normal search is going to look inside an exe file, open both of those with 7-zip and examine those archives also: there is no spad-setup.exe in them. There is no spad-anything in them.

I checked VLC 1.1.9 also. It is available here as vlc-1.1.9.tar.bz2. Open that with 7Zip, extract the tar file, then open the tar files as an archive. It's easier to do a complete search by extracting it as an archive (i.e., into a folder) than it is to "open inside" of 7Zip. There is no spad-setup.exe or spad-anything in it either.