Hi everyone!

First a disclaimer:

I'm one of those guys who like to keep their DAW PC clean, offline etc.
I'm very neat and tidy with software, do regular maintenance and generally have a high level of awareness regarding computer security, proper configuration etc. Also, I'm not a newbie and am more than aware of the false positives phenomenon when speaking about warez releases.

Having said this, both my Comodo Antivirus and the Virus Total website have just reported some of the Xfer Serum's LFO shape files (basic and sidechained) to be malware.
I googled the problem, but could not find anyone else reporting it. However, the Virus Total website says people have been scanning these files already, so it seems someone was aware of this after all.

EDIT: I repeat, I KNOW what false positives are, but they usually apply to keygens and patchers, not these kinds of files.

The LFO shapes in question are installed with the original v1.00 from the R2R package.
They are located in "C:\Users\*******\My Documents\Xfer\Serum Presets\LFO Shapes"
Like I mentioned earlier, only the "basic" and "sidechained" are affected.
Apparently, it is some kind of backdoor trojan/rootkit., described by McAfee (v VirusTotal) as a "ZeroAccess!cfg" type.

I'm really not sure what to think about this, any feedback would be appreciated.

Cheers

 

Here's a screenshot of the Virus Total scan

 

pretty sure they are false, never known an official R2R release be infected, but that depends on where you actually got it from, I have a feeling Steve is being extra grumpy and paying the antivirus companies to list it as a virus

the keygen/patch/whatever uses code patterns that are simliar to how a virus is written, hence the alarm bells

 

Thanks for your reply.

I got the release from AudioZ.
I do understand what you're saying, but what concerns me is the fact that only those few shapes are "affected".

 

using avast here, scanned and nothing showing

 

I know, only McAfee and Comodo are reporting these.
Not sure if that means anything.

 

http://forums.esri.com/Thread.asp?c=93&f=982&t=126008

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/email-attachment-is-shp-file-windows-vista-states/2598cf19-7006-406d-8497-263172861e6b

Most likely a false positive. (Maybe due to the unusual extension of the file the scanner gets confused) [It could resemble something like the .scr (screensaver) viruses; but that's just an assumption]

 

Thanks for your replies again guys.
I would though appreciate if someone uploaded and checked their shapes at the Virus Total (especially those who have a retail version installed)
just to be sure if it's really a false positive, or related to the R2R release.

Cheers.

 

Well if you use warezed software, you should not be too paranoid about virus warnings. I wonder how you managed to get no malware warnings with other warez till now. Or is LFO shaper your first warez? A lot of warez victim companies are working together with antivirus developers getting them in their boat to fight the warez scene. So false warnings and the uncertainty about our system's security is one price we have to pay using k'ed software.

 

I'm not too paranoid and like I said, I ain't no newbie. This is a very unique case, hence my post.

This thread is about Xfer Serum, not Xfer LFO Tool (there is no such thing as LFO Shaper).
First warez? Did you even read any of the posts?

Like I said in the subtitle, I'm quite aware of that.

 

got the same on my lfo ? ho and is R2R version same as yours,

https://www.virustotal.com/en/file/9f3753785316a8ef3e5f8b4d37d318101e6896d405081f6ac10a3ff3f44f9093/analysis/1424549825/

 

Thanks for reporting.

EDIT: I see, I wonder if the retail is affected too.

 

So if you dont trust the warezed version why dont you simply install the demo and check it again.

Demo can be downloaded from developers site:
http://xferrecords.com/products/serum

or direct link:
http://162.243.159.86/payloads/Install_Xfer_Serum_Demo.exe

If this show the same behavior in you AV or Firewall you can be sure its simply a false positive and not a real trojan.

And btw...these LFO shape files have a filesize of 3Kb...This would be really a small trojan. And when I open one of them with a hexeditor, there is definetely nothing executable in it.

 

Thank you, I will try that.

 

was just about to say try the demo version
cause they could get into deep sh@t if they put any malware in it and would make sure its clean,

 

OK guys, major news; I have just installed the retail demo as provided by lukehh in the post above (cheers fella!) and guess what?

THE RETAIL SHAPES ARE *NOT* INFECTED, which leaves us with only one conclusion and that is that the R2R release is unfortunately compromised.

I have packed the clean files, here you go:

http://lenfile.com/8llazgo65lyk

cheers

Update: Virus Total still reports them as infected, so it must be a case of false positives.

I apologize for wasting your time gentlemen.

Thank you

 

DAWkncl - I'm the same as you and like to keep my PC lean & clean.

Data files such as .wav, .aiff, .mo3, .jpg, wavetables, LFO shapes (wavetables of a different form), VST patches & banks fxp fxb etc. contain binary data only. Usually with some form of metadata as a header wrapped around the data. This is processed by specific programs only and IS NOT EXECUTABLE.

Other files eg. Office documents (.doc, .docx, .xls) can contain snippets of code / script which can be executable and therefore become malicious = beware.

I hope this clears it up

 

Keeping the DAW machine offline is the best defence, and no need to run an anti-virus either which also messes with the performance.

 

So data files like PNG, JPEG, or MP3 cannot be infected?