Display posts from previous
Sort by

#3 by Rschnauzer
SiLencer wrote:false alarm ...just forget it ...
I did an online check with other scanners with no result.
But it sounds bad, I reported it to Avira,
In der Datei 'C:\Program Files\ProgDVB\ProgDvbEngineRun.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Bot.111278' [backdoor] gefunden.
Ausgeführte Aktion: Zugriff erlauben
Edit:
McAffee sagt Heuristic.LooksLike.Win32.NewMalware.L
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0

#4 by Juergen
Heuristics are known to produce false alarms, partly also depending on relevant settings.
A name like "Heuristic.LooksLike.Win32.NewMalware.L" indicates, there is no known virus around, but some kind of code interpretation makes the scanner believe, there could be something wrong with it.
Perhaps the best to do would be, sit back and calm down, wait for an antivirus database update.
If feeing insecure, leave ProgDVB alone until then, or temporarily go back to the previous version..
My signature:

Please read here:
On Bug Reports And Other Complaints
and there:
BOARD RULES - READ THIS!


I don't give support by e-mail or PM.

And I will never assist on PayTV hacking.
PM ME FOR THIS AND YOUR ACCOUNT WILL BE DELETED IMMEDIATELY, WITHOUT ANY WARNING!!!

NEVER EVER DARE TO CONTACT ME FOR PRO VERSION ISSUES!
I am not responsible for that.
Check the 'Activation' section.

Please keep it in English here, or Russian in the Russian section, or German in the German section.

I don't read nor write Klingonian or any other language than English and German.
Addressing me personally in any exotic language will be treated as severe insulting! Be warned!!!

1.)AMD Phenom II x4 940, GA-MA770-UD3, 8 GB DDR2-6400. 7 Pro SP1 x64 + XP Pro SP3 x86
DVB-S2: Cynergy S2 USB HD
2.)P4 3200 i865G (F-S Scenic W600pwr) XP Pro SP3
DVB-S: hauppauge WinTV Nexus-S rev. 2.2, driver TT 2.19h, hardware mode

19.2°,13°,28.x°E,30°W, DiSEqC 1.0


Auf Deutsch:
DVB-Cube <<< Das deutsche DVB-Forum >>>

#5 by sroc
Same here with some more files affected:


C:\Program Files\ProgDVB\IPDev.SkinEditor.Design.dll
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111294

C:\Program Files\ProgDVB\ProgDvbEngineRun.exe
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111278

C:\Program Files\ProgDVB\Modules\Geniatech.eBDA
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111299

C:\Program Files\ProgDVB\Modules\SkyStar2.Device
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111293

C:\Program Files\ProgDVB\Modules\TBS.eBDA
[FUND] Enthält Erkennungsmuster des Wurmes WORM/SdBot.77312.1

need to clear the situation, infected or wrong alarm

#6 by Rschnauzer
Juergen wrote:... wait for an antivirus database update.
If feeing insecure, leave ProgDVB alone until then...
May be the programmers should contact virscan products (Avira, McAffee) to clear the situation.
If it really is a bot, than leaving it will not help, because I already used it and may be infected. :evil:
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0

Results from Avira Check

#7 by Rschnauzer
I did a scan on the whole ProgDVB directory:

Beginne mit der Suche in 'C:\Program Files\ProgDVB'
C:\Program Files\ProgDVB\IPDev.SkinEditor.Design.dll
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111294
C:\Program Files\ProgDVB\ProgDvbEngineRun.exe
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111278
C:\Program Files\ProgDVB\Modules\Geniatech.eBDA
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111299
C:\Program Files\ProgDVB\Modules\PidRecorder.Module
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111303
C:\Program Files\ProgDVB\Modules\SkyStar2.Device
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111293
C:\Program Files\ProgDVB\Modules\TBS.eBDA
[FUND] Enthält Erkennungsmuster des Wurmes WORM/SdBot.77312.1

After that I reported everything to Avira.

PidRecorder.Module -> MALWARE
TBS.eBDA -> MALWARE
all other alarms are false.

Does somebody know how these modules with malware are used?
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0

#9 by sroc
Scanning 6.30 yields the following:

Beginne mit der Suche in 'C:\Downloads\ProgDVB6.30Std.exe'
C:\Downloads\ProgDVB6.30Std.exe
[0] Archivtyp: NSIS
--> ProgramFilesDir/Geniatech.eBDA
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111299
--> ProgramFilesDir/SkyStar2.Device
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bot.111293
--> ProgramFilesDir/TBS.eBDA
[FUND] Enthält Erkennungsmuster des Wurmes WORM/SdBot.77312.1

Beside this there's another oddity with the installed version:
Avira Guard popped up every other minute, which means that something tried to access the files ProgDvbEngineRun.exe and IPDev.SkinEditor.Design.dll

This is kinda weired because ProgDVB wasn't running at that time. Further the files were not accessed as long as i kept the taskmanager open to have a look at the process that tried to access the files.

Any explanation for this behaviour would be greatly appreciated.

Edit: Another oddity: Uninstalling ProgDVB did not remove ProgDvbEngineRun.exe and a couple of other files as well as a subdirectory to the ProgDVB Dir.


I would strongly suggest to refrain from using ProgDVB until these mysteries are solved. Just blaming it on a false heuristic alarm does not explain what happens here.

virus alarm proved

#10 by Rschnauzer
Prog wrote:try use normal antivirus. drweb, kaspersky, nod32...
I checked it with an online virusscanner:

http://www.virustotal.com/de/
:evil: PidRecorder.Module
AntiVir BDS/Bot.111303
AVG IRC/BackDoor.SdBot4.PIZ
McAffee Heuristic.BehavesLike.Win32.Downloader.H
:evil: TBS.eBDA
a-squared Worm.Sdbot!IK
AntiVir Worm/SdBot.77312.1
AVG IRC/BackDoor.SdBot4.PIK
Ikarus Worm.Sdbot
McAfee-GW-Edition Worm.SdBot.77312.1

I put both into quarantine! :arrow:

Can you tell me under which circumstances this modules are called?
I want to estimate, whether I have to clean up my system.
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0

#11 by sroc
Here's the answer from Avira's lab for version 6.30 where Avira formerly reported some backdoors and a worm:

Vielen Dank für Ihre Email an Avira's Virenlabor.


Eine Auflistung der Dateien und Ergebnisse sind im folgenden aufgeführt:
Datei ID Dateiname Größe (Byte) Ergebnis
25536127 ProgDVB6.30Std.exe 7.65 MB CLEAN

Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:

Dateiname Ergebnis
ProgDVB6.30Std.exe CLEAN
Die Datei 'ProgDVB6.30Std.exe' wurde als 'CLEAN' eingestuft.Unsere Analytiker haben in dieser Datei keinen Schadcode gefunden.


With the Avira update from today, the worm warning is gone, however there's still a (false) alarm about a backdoor in PidRecorder.Module. I expect this to be gone with one of the next updates.

#13 by Rschnauzer
sroc wrote:... 25536127 ProgDVB6.30Std.exe 7.65 MB CLEAN ...
No question about this module.
On the both modules above I got a malware answer by Avira and by other scanners.
I do have the modules in quarantine. May somebody else check this again with the online scanner.
I don't have an answer what this modules are doing.
I would like to know that, before I again try to use ProgDVB or install it new.
Edit:
ProgDVB6.30Std.exe check on http://www.virustotal.com/de/ result:
AVG 8.5.0.430 2010.01.01 IRC/BackDoor.SdBot4.PIZ
Ikarus T3.1.1.79.0 2009.12.31 Backdoor.Bot
McAfee+Artemis 5848 2009.12.31 Artemis!88254D556CA7

Avira check - local malware/online clean

no clear results :?:
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0

#14 by sroc
This isn't a module but the installation package containing all the files. Avira unpacks it while scanning.

As of today PidRecorder.Module is still reported as containing a possible backdoor. I expect this being fixed soon.

#15 by Rschnauzer
sroc wrote:This isn't a module but the installation package containing all the files...
Of course, but it executes to unpack and install. And that is called an executable module.
I am still waiting for a new pattern file, that does not raise locally an alarm.
TV: SAA7131, CTX 948 http://www.creatix.de/produkte/multimedia/ctx948.htm
OS: Vista Graph: NVIDIA GeForce 8860 GS, ProgDVB: 6.60.2, Smart MS 94BK DiseqC Multischalter LNB_A: Astra 19.2, LNB_B Hotbird 13.0