Imgburn False Positive?

Discussion in 'Windows Security' started by seekermeister, Sep 16, 2013.

  1. seekermeister

    seekermeister Honorable Member

    Joined:
    May 29, 2009
    Messages:
    1,499
    Likes Received:
    85
    In the process installing Imgburn on my Think Centre, Outpost Security Suite popped a trojan alert squawking about "Adware.OpenCandy!UQ/lkedzl9U". Several website where I've checked on it showa a relatively low detection rate, something like 4 out of 48. While I understand that tends to point to a false positive, A couple of those detections were by prominent AV Brands. I've been running Imgburn for quite a while on my other computers and haven't ever noticed any adware or anything else wrong, but how can one really be sure? Maybe I'm just being paranoid, but when one knows that there are so many out there to be wary of, it's not easy to just shrug it off.
     
  2. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Where did you download it? The primary download site is:

    http://www.imgburn.com/?act=download

    I used the bottom mirror option (the ImgBurn website), and installed the software for you. I then ran scans with ESET Smart Security 6 and Malwarebytes Pro.

    ESET Results:
    Code:
    Scan Log
    Version of virus signature database: 8809 (20130916)
    Date: 9/16/2013  Time: 8:59:20 PM
    Scanned disks, folders and files: C:\Program Files (x86)\ImgBurn\ImgBurn.exe
    Number of scanned objects: 1
    Number of threats found: 0
    Time of completion: 8:59:20 PM  Total scanning time: 0 sec (00:00:00)
    
    Malwarebytes:
    Code:
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org
    
    Database version: v2013.09.16.08
    
    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16384
    Mike :: SOLID [administrator]
    
    Protection: Enabled
    
    9/16/2013 9:02:11 PM
    mbam-log-2013-09-16 (21-02-11).txt
    
    Scan type: Custom scan (C:\Program Files (x86)\ImgBurn|)
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 6
    Time elapsed: 1 second(s)
    
    Memory Processes Detected: 0
    (No malicious items detected)
    
    Memory Modules Detected: 0
    (No malicious items detected)
    
    Registry Keys Detected: 0
    (No malicious items detected)
    
    Registry Values Detected: 0
    (No malicious items detected)
    
    Registry Data Items Detected: 0
    (No malicious items detected)
    
    Folders Detected: 0
    (No malicious items detected)
    
    Files Detected: 0
    (No malicious items detected)
    
    (end)
    
    There is nothing there. Make sure you did not install any additional, optional software packaged with the installer. From my latest experience, this seemed to come in the form of an online game. While innocuous enough, the creator of ImgBurn is probably paid to promote this stuff, to help fund the continued development of the software. Right now, ImgBurn is easily one of the most popular DVD/CD burning utilities out there, due to the fact that it is freeware and, you could argue, for quite a few years there, people were stuck using Nero Burning Rom until it turned into a gigantic suite of software almost nobody uses.

    With that in mind, I would recheck your download location and quarantine the system until you can make sure this problem you are having is removed. If the ImgBurn website was compromised, this would likely become a big story. I do not think this has happened.
     
  3. seekermeister

    seekermeister Honorable Member

    Joined:
    May 29, 2009
    Messages:
    1,499
    Likes Received:
    85
    #3 seekermeister, Sep 16, 2013
    Last edited: Sep 16, 2013
  4. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    PUP Open Candy is that game associated with the installer. Make sure not to install it. It is considered a potentially unwanted program.

    Here is some more information about this:

    http://www.opencandy.com/faqs/

    This would explain why Malwarebytes did flag it as PUP.Optional.OpenCandy. Very interesting that these are the types of deployment tools being used. At the very least, it should be an annoyance. If accidentally installed, I would quick uninstall any additional things you found. I ran it through again on VirusTotals and got the same result. The actual program itself is not compromised; the installer is just hocking potentially junk software.

    This is similar the "Conduit Toolbar" problem, that became so ridiculous, that seemingly all malware and anti-virus suites, worth their grain of salt, will now actually block it, since it has a fondness of hijacking the browser, after it is bundled with applications, to harvest your data.
     
  5. seekermeister

    seekermeister Honorable Member

    Joined:
    May 29, 2009
    Messages:
    1,499
    Likes Received:
    85
    Great! I'll try the installation again. Previously I aborted as soon as the alert popped up, so I don't know personally if it will give the option to not install that game, but I will find out.
     
  6. BIGBEARJEDI

    BIGBEARJEDI Honorable Member
    Premium Supporter

    Joined:
    Jan 28, 2013
    Messages:
    1,784
    Likes Received:
    214
    Hey Seeker:

    Another note to consider is that IMGBurn, although it is a great Free program and is generally considered safe by major AV companies, it has some OTHER issues. I've mentioned that on a couple of posts here on WindowsForum before.

    Specifically, if you are running Windows7 SP1, there is a known conflict with the Dell SATA disk drivers, which are frequently used for both the hdd and the internal CD/DVD drive. It took me over 10 months to track this problem down on my front-line production computer! I had BSODs occurring at an ever-increasing alarming rate up to several a day. After posting Dump files on another Forum, I had help from one of their Senior MS Analysts with access to internal Windows coding tools that identified the IMGBurn driver as the culprit behind my BSODs. It turns out, at least on Dell's that this is a known problem by Microsoft and they have it in their knowledgebase. The story I was told was that Microsoft has contacted the guys who author IMGBurn about this problem previously and asked them to fix it, and since they are Freeware guys using GPL it takes them a lot longer to fix this type of problem than would a giant Company like Microsoft who can put a whole floor of programmers to work on the problem and get it fixed in a few weeks. ;)

    The fix for me was, use IMGBurn all you want, but you must IMMEDIATELY uninstall it and reboot before returning your PC to normal operating mode. I went a step further, and rebuilt my whole system back on Vista (from Win7) to it's Factory configuration. I reinstalled IMGBurn, and voila, no BSDs. So, I can now leave IMGBurn on my Vista configured PC permanently as it doesn't have the same problem with the Dell device drives for SATA that it does in Win7! However, I do miss some features of Win7 I grew to like. I was thinking of re-doing my PC to Win7 again, and just have to deal with the reinstall-per-use of IMGBurn when I need it, and that's not everyday. But, I think it will be a lot more fun to build up a Win8.1 system on another hdd and test the IMGBurn driver and see whether those guys fixed their problem or not. :noise:

    Now that my story was told, I agree with Mike that when downloading the IMGBurn program, you need to d/load from their site only or from CNET or Softonic; however on those 2 sites, they are now bundling lots of "sneak-in-ware" so you have to make sure it is unchecked or declined prior to download. Also, I've been running into that PUP:Open.Candy spyware on a lot more of my Customers computers in the last few weeks. :tongue: It almost always comes in when people install the various "Free" Games toolbars. If there are Games on your PC, and you are using it for serious computing, you are running a compromised environment IMO. :pirate:

    Take all the Games and Toolbars of any kind out of your PC and Registry and rescan with any of the AV tools you mention (especially MBAM) and you should get rid of any False Positives on IMGBurn. :fdance: The only toolbar in existence that I can say for sure is Safe is the Google Toolbar--all the rest contain some form of spyware, whether your AV scanner picks it up or not. :skull:

    Cheers! :brew:

    BIGBEARJEDI :usa:
     
  7. seekermeister

    seekermeister Honorable Member

    Joined:
    May 29, 2009
    Messages:
    1,499
    Likes Received:
    85
    I will takeyour advice to heart, but at the same time, you make me glad that I don't have a Dell. The only Dell product that I have ever had is a small monitor that I bought used as a secondary for my rig. Imgburn is good, but if I had to choose between it and W7, Imgburn would lose. There are other options available, though which might not be as good, it would be a small sacrifice to make to run the OS of my choice.

    Yes, I run a few games, but they are all of a vintage that malware isn't much of a problem, except for a couple which added some rotten apples to some updates, which I no longer use. I never use toolbar or anything like that. Don't need them, don't want them.
     
  8. Pauli

    Pauli Extraordinary Member
    Premium Supporter

    Joined:
    Mar 1, 2012
    Messages:
    2,499
    Likes Received:
    211
    Since we have a Big Bear, we seem to have an Old Bear too, hence speaking. I repeat myself by saying, What you pay for, is what you get. The computer business is just about the only business where people expect to get things for free - who expects to get fish for free from fishermen? Or meat free from cattle growers? Or potatoes free from farmers?

    Something has happened in our culture, and I don't see the "Free" to be a good point. To school people to raise them to expect it "to be free", I cannot see as a smart move. To gain needs an effort, a very precious tradition we have. To get, one needs to do.
     

Share This Page

Loading...