Solved

cdburnerxp is infected?

  • 8 February 2016
  • 21 replies
  • 343 views

I've tried 5 different versions of Cdburnerxp.  I've tried downloading from their website and cnet.  Webroot reports an infection the moment I click ANY version to install it.  What's going on?
icon

Best answer by Ssherjj 9 May 2016, 15:40

View original

21 replies

Userlevel 7
Badge +62
Hello ?

 

Welcome to the Webroot Community,

 

Webroot is protecting you from  a malicious download and protecting you from installing this program from these sites.Cnet  isn't safe IMO.

 

Please try this website below:

 

https://cdburnerxp.se/en/home and did not have an issue with installing  from this Website.

 

I have checked this site with Bright Cloud

 

 

https://www.virustotal.com/en/file/8b20da21f03a10bbda432fa1f67a55cb1f6b26f70740be69e1f4dbd640b20cba/analysis/

 

File name:     cdbxp_setup_4.5.6.5931.exe

Detection ratio:     24 / 54

Analysis date:     2016-02-08 08:08:10 UTC

 

To Community guides/experts --- there is no reason to remove this message.   I am not posting comparison to or info on "other" security programs.   I'm posting info to help OP and Webrooters.  
Userlevel 7
Badge +62
Thanks  ?I didn't check this with virus total. But I did install this burner without issue or did Webroot say it was a threat. I appreciate your back up on this matter! 😉 Looks like an uninstall is in order.
Userlevel 7
Badge +35
It is not the CDBurnerXP app that is being detected, it is the OpenCandy PUA that installs with it. You should be able to install and run the app with no issues - just let SecureAnywhere remove the OpenCandy component. 

 

-Dan
Userlevel 7
Badge +62
Hi  @DanP Thankyou so much for assistance :D
In fact the version from the home website www.cdburnerxp.se is polluted with this piece of adware (fairly harmless), but you can find the unpolluted version on https://cdburnerxp.se/en/download  (without opencandy)
Userlevel 7
Badge +62
Hi shimself,

 

Welcome to the Webroot Community,

 

These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.

 

Userlevel 7
Just tried the same, Sherry, and can confirm your findings in trems of (i) removal of the PUA & (ii) the alternate download page not being available. ;)

 

Regards, Baldrick
Userlevel 7
Badge +62
Thanks Baldrick for the added assistance and confirmation. 😉
Userlevel 7
No worries, Sherry...Teamwork, as always...:D

 

I think that the best advice is definitively DanP's in post #5.

 

Regards, Baldrick
Userlevel 7
Badge +62
Well you are absolutely correct Baldrick. 😉
Hi, just found this thread after Clamwin quarantied cdbxp_setup_4.5.4.4954.exe as "infected", then I submitted the latest download URL from CDBurnerXP's website to VirusTotal and it gave me this list (after clicking to view the download file scan beyond the URL):

 

Antivirus Result Update

AegisLab Script.Application.Gen!c 20161230

DrWeb Trojan.InstallCore.2673 20161230

ESETNOD32

a variant of Win32/FusionCore.I potentially unwanted 20161230

Fortinet Riskware/FusionCore 20161230

GData Script.Application.FusionCore.B 20161230

NANOAntivirus

Trojan.Win32.InstallCore.eiwtgp 20161230

Rising PUA.FusionCore!8.1249bzgdGCZcsB

(cloud) 20161230

 

I'm not sure how many of those are actually bad, but I've had CDBurnerXP on every Windows computer I've owned for years, with no detectable problem, and this is literally the first time I've found any problem like this with the program.

 

Are these just data aggregator spyware? Or do they collect identifiable personal information to sell? I always skip installing any "cling-ons" (extra programs they try to fool you into installing), and I understand they're giving away a free product, but now I'm wondering if scanning and removing (potentially) unwanted stuff after install is good enough, or if I should not worry about using this program (even after scan/remove).
Userlevel 7
Badge +62
Hello davewrsa,

 

Welcome to the Webroot Community,

 

I have cdburnerxp on one of my systems and Webroot quarantined the Open Candy and I was able to run this program without any issues.

 

If you are concerned then it's best to Submit a Support Ticket and have them take a look and they will tell you if this program is a threat. This is a free service with a Webroot subscription.

 

Hope this helps?
FWIW

Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].

Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp

[43C427AEC31CD33FB3F056A179C83DEC].

Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]

Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]

YMMV

 
Userlevel 7
Badge +56
@ wrote:

FWIW

Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].

Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp

[43C427AEC31CD33FB3F056A179C83DEC].

Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]

Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]

YMMV

 

Yea a PUA detection! https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.

 

Kudos Webroot.  😃
Userlevel 7
Badge +56
@ wrote:

Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.

 

Kudos Webroot.  :D

It was only concerned about the added PUA not the app in general! ;)

 

Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]

Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]

 

From VT: https://www.virustotal.com/en/file/dc9f6416f7c0f07f470a63bf6a08fcf9c5b30adf92214c8abb7064551bdf7ed1/analysis/

 

And the installer on VT: https://www.virustotal.com/en/file/a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745/analysis/1483327379/

 



Opened filesC:WINDOWSsystem32etmsg.dll (successful)C:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:WINDOWSsystem32shfolder.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful)C:WINDOWSsystem32shell32.dll (successful)\.PIPElsarpc (successful)\.MountPointManager (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Read filesC:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:WINDOWSsystem32shfolder.dll (successful)C:WINDOWSsystem32shell32.dll (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Written filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful) Deleted filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (failed) Created processesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp" /SL5="$0 (successful) Runtime DLLsshell32.dll (successful)comctl32.dll (successful)advapi32.dll (successful)c:windowssystem32imm32.dll (successful)imm32.dll (successful)uxtheme.dll (successful)shfolder.dll (successful)user32.dll (successful)oleaut32.dll (successful)ole32.dll (successful)userenv.dll (successful)setupapi.dll (successful)rpcrt4.dll (successful)c:windowssystem32shlwapi.dll (successful)clbcatq.dll (successful)msftedit.dll (successful)c:docume~1<USER>~1locals~1 empis-c7u3j.tmpfusion.dll (successful)kernel32.dll (successful)kernel32 (successful)user32 (successful)
FWIW ~ CDBurnerXP offers a setup download without PUA. 

The License Agreement offers a setup package without InstallCore. 

Perhaps, InstallCore is a revenue source for the vendor. 





 
Userlevel 7
Badge +62
@ wrote:

FWIW ~ CDBurnerXP offers a setup download without PUA. 

The License Agreement offers a setup package without InstallCore. 

Perhaps, InstallCore is a revenue source for the vendor. 





 

Thank you @!
Userlevel 7
Badge +51
use msi installer

 

MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi

MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi

or

Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
Userlevel 7
Badge +62
@ wrote:

use msi installer

 

MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi

MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi

or

Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip

Thank you Pert!:D

 

Edited: Installed it without a hitch!:D

Reply