Tech Support > Computers & Technology > Software & Applications > Imgburn query
Imgburn query
Posted by bertieboy on April 16th, 2008


This evening, I installed Imgburn as I had seen it mentioned frequently
here. sure enough it copied a disk for me but then Prevx popped up say
it had quarantined uninstall.exe as it was critical. I foolwed the link
in Prevx and got this back:
UNINSTALL.EXE

Disagree with this determination?

This executable program has a file size of 66,350 bytes, it is most
frequently called UNINSTALL.EXE and is most frequently located in the
%programfiles%\imgburn\ folder.
The file header contains the following information:
Vendor : LIGHTNING UK!
Product: ImgBurn Installer
Version: 2.4.1.

This file is considered unsafe and is part of the malware group,
Generic.Dropper.xCodec. It was first seen on Tuesday, Apr 1 2008. It has
been seen by 6 users in this section of the community. The file was
first seen in The EUROPEAN UNION but has been seen in other locations,
including RUSSIAN FEDERATION.
UNINSTALL.EXE has been seen to perform the following behaviors:
- This Process Deletes Other Processes From Disk
- Executes Processes stored in Temporary Folders
- This Process Creates Other Processes On Disk
- Executes a Process
UNINSTALL.EXE has been the subject of the following behaviors:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Executed from Temporary Folders
- Terminated as a Process
- Copied to multiple locations on the system

Is this a genuine nasty or not?
I'm using v2.4.1.0
--
bertieboy

Posted by bealoid on April 16th, 2008


bertieboy <mtg@rosbert.freeserve.co.uk> wrote in news:gK$l0TAnRmBIFwX6
@rosbert.freeserve.co.uk:

[snip]

You downloaded imgburn from the real imgburn website?

This thread seems to say that Prevx gives a false positive.
http://forum.imgburn.com/index.php?s...979&hl=malware

Posted by bertieboy on April 17th, 2008


In message <Xns9A82E949B1E57YAsfKJXSTO@69.16.176.253>, bealoid
<signup@bealoid.co.uk> writes
Well, I went to their but I think I used one of the mirrors.
I've downloaded again and used the Imgburn server.
Yes, it appears to be writer by the author. I've sent all this stuff to
Prevx for them to sort out.
thanks for that Bealoid.
--
bertieboy


Similar Posts