Jump to content
c627627

ImgBurn 2.5.8.0 Setup file is now officially confirmed as a virus by Avira AntiVir

Recommended Posts

    [0] Archive type: NSIS
    --> [PluginsDir]/OCSetupHlp.dll
        [DETECTION] Contains patterns of software PUA/OpenCandy.Gen
        [WARNING]   Infected files in archives cannot be repaired

 

I immediately submitted this as a false positive and requested Avira remove this designation immediately.

I just got a reply this morning. They are not removing the virus designation.

 

I have the Setup file in way too many places to zip and password protect them all, thereby not allowing them to be scanned by antivirus engines.

I will eventually do that but if you guys wanted to do something about this, Avira has one of the best freeeware antivirus engines, it is a *very* popular freeware antivirus program, I post in multiple computer forums and base my opinion on its popularity on that. Good luck, I hope you figure this out, this just started happening recently....

 

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.

 

A listing of files alongside their results can be found below:

File ID Filename Size (Byte) Result 28656078 SetupImgBurn_2580.exe 3.31 MB RISK

Please find a detailed report concerning each individual sample below:

Filename Result SetupImgBurn_2580.exe RISK

The file 'SetupImgBurn_2580.exe' has been determined to be 'RISK'. Our analysts named the threat PUA/OpenCandy.Gen. This class of detection flags, Potentially Unwanted Applications (PUA), may compromise the user’s privacy and the security of the local system.
These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted.
A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties. A full PUA list is available at http://www.avira.com/en/potentially-unwanted-applications.
This detection doesn't mean that the file is malicious. However, if the file was installed on the system without the user's knowledge, the user’s privacy or system secur ity might be compromised.
Disabling this detection is only recommended for advanced users that understand the risks and how to use these applications. This file is detected by a special detection routine from the engine module.

Alternatively you can see the analysis result here:
https://analysis.avira.com/en/status?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx&incidentid=1949650

An overview of all your submissions can be found here:
https://analysis.avira.com/en/overview?uniqueid=BUD4b376sJtU9B8GkLFGCsIpktLOgBIx


Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details.

Kind regards
Avira Virus Lab

---------------------------------------------
Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com

CEO: Travis Witteveen
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992

Edited by c627627

Share this post


Link to post
Share on other sites

The reason they wont remove the virus designation is because opencandy is indeed malware, that deliberately uses deceptive tactics (like greyed out boxes, designed to look like you can't click on them) to trick people into installing software they don't want.

 

Lightning UK, the author of Imgburn, knows this, but refuses to do anything about it, or even admit that he is now helping distribute malware. He is apparently happy to take a cut of the money made by deceiving people.

 

 

From the response you recieved:

 

"These are legitimate applications that often try to use social engineering to make the user install additional offers during the installation of the software the user originally wanted.
A PUA classification of an application is the result of software, an advert or a website exhibiting one or more offending behaviors and/or properties."

 

http://www.avira.com/en/potentially-unwanted-applications

 

 

Tell me, what possible reason can you think of to grey out the boxes people need to click to avoid the instalation of software they don't want, other than to decieve them into thinking they have no choice?

 

They do this so that they can trick as many people as possible, while deflecting criticizm by saying "hey, technically you could opt out, if you realized you could click the options we greyed out so you would think you couldn't click them"

 

Their business is to trick as many people as possible, while avoiding prosecution, and having a bunch of clueless people defend them on the basis of the fact that you can technically avoid their offers.

Edited by drumphil

Share this post


Link to post
Share on other sites

Opencandy is crap and they are telling the truth. It seems OP has trouble reading, as they clearly state as much in the reply he posted.

If imgburn would STOP bundling their software with UTTER SHIT then perhaps they'd have a more favourable review.

I'd rather pay than have a malware installer...like a lot of folk.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

By using this site, you agree to our Terms of Use.