Author Topic: Possible false positive  (Read 1336 times)

0 Members and 2 Guests are viewing this topic.

December 17, 2023, 09:40:51 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Possible false positive
« on: December 17, 2023, 09:40:51 PM »
Hello, I have BS player installed, what roguekiller found is Packed.Gen in bsplay.exe. Likely a false positive.
Can you fix this/get you confirm please if this is indeed false positive?
Thanks

Attaching a log.

Reply #1December 20, 2023, 08:18:56 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Possible false positive
« Reply #1 on: December 20, 2023, 08:18:56 PM »
Hi Faergor,

BS.Player forcefully install BS.ControlBar, which is Adw.Conduit.
The binary itself is not malicious but since the installer install malware, we have decided to flag it as Packed.Gen.

If you know what you are doing, you can saftly restore the file but please be warry when updating this application or running the installer in any way.

Regards.

Reply #2December 20, 2023, 08:25:00 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Re: Possible false positive
« Reply #2 on: December 20, 2023, 08:25:00 PM »
Is adw conduit harmful?
I deleted both files that were flagged as malicious.

I am not sure why has that appeared because I had bsplayer installed for a long time and it never showed anything like that before. Not sure if it updated by itself if it does that at all and therefore it installed bs controlbar, but IMO it might have been on my pc for a long time since I installed bsplayer months/years ago but roguekiller detected it only now?

Reply #3December 20, 2023, 08:31:13 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Possible false positive
« Reply #3 on: December 20, 2023, 08:31:13 PM »
Hi Faergor,

Not really anymore.
The build BS.Player install is old and most of the hardcoded domains are down now.

Could you please check the Add/Remove list of your Windows install for "BS Player Control Bar" ?

Regards.

Reply #4December 20, 2023, 11:06:47 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Re: Possible false positive
« Reply #4 on: December 20, 2023, 11:06:47 PM »
Hi Faergor,

Not really anymore.
The build BS.Player install is old and most of the hardcoded domains are down now.

Could you please check the Add/Remove list of your Windows install for "BS Player Control Bar" ?

Regards.

I checked and there was no bs player control bar, only bs player free.
So, what is the conclusion? It was not harmful and it is ok?
I have both files deleted anyway.
Thanks :)

Reply #5December 20, 2023, 11:54:27 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Possible false positive
« Reply #5 on: December 20, 2023, 11:54:27 PM »
Hi Faergor,

If no toolbar is installed, it is safe.
Could I ask you why you prefer it to well-known media players ?

Regards.

Reply #6December 21, 2023, 05:03:41 PM

Faergor

  • Newbie

  • Offline
  • *

  • 48
  • Reputation:
    0
    • View Profile
Re: Possible false positive
« Reply #6 on: December 21, 2023, 05:03:41 PM »
Hi Faergor,

If no toolbar is installed, it is safe.
Could I ask you why you prefer it to well-known media players ?

Regards.
Oh, I thought it was well known. I have been using it for years along with vlc. But I have not noticed such behaviour until now. Weird that they are forcing toolbar.

Reply #7December 22, 2023, 04:25:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Possible false positive
« Reply #7 on: December 22, 2023, 04:25:25 PM »
Hi Faergor,

Thanks.
Toolbar was used to monetize their Free version.

Regards.