Solved

cdburnerxp is infected?

  • 8 February 2016
  • 21 replies
  • 364 views

I've tried 5 different versions of Cdburnerxp.  I've tried downloading from their website and cnet.  Webroot reports an infection the moment I click ANY version to install it.  What's going on?
icon

Best answer by Ssherjj 9 May 2016, 15:40

View original

21 replies

Userlevel 7
Badge +62
Hello ?
 
Welcome to the Webroot Community,
 
Webroot is protecting you from  a malicious download and protecting you from installing this program from these sites.Cnet  isn't safe IMO.
 
Please try this website below:
 
https://cdburnerxp.se/en/home and did not have an issue with installing  from this Website.
 
I have checked this site with Bright Cloud
 
 

https://www.virustotal.com/en/file/8b20da21f03a10bbda432fa1f67a55cb1f6b26f70740be69e1f4dbd640b20cba/analysis/
 
File name:     cdbxp_setup_4.5.6.5931.exe
Detection ratio:     24 / 54
Analysis date:     2016-02-08 08:08:10 UTC
 
To Community guides/experts --- there is no reason to remove this message.   I am not posting comparison to or info on "other" security programs.   I'm posting info to help OP and Webrooters.  
Userlevel 7
Badge +62
Thanks  ?I didn't check this with virus total. But I did install this burner without issue or did Webroot say it was a threat. I appreciate your back up on this matter! 😉 Looks like an uninstall is in order.
Userlevel 7
Badge +35
It is not the CDBurnerXP app that is being detected, it is the OpenCandy PUA that installs with it. You should be able to install and run the app with no issues - just let SecureAnywhere remove the OpenCandy component. 
 
-Dan
Userlevel 7
Badge +62
Hi  @DanP Thankyou so much for assistance :D
In fact the version from the home website www.cdburnerxp.se is polluted with this piece of adware (fairly harmless), but you can find the unpolluted version on https://cdburnerxp.se/en/download  (without opencandy)
Userlevel 7
Badge +62
Hi shimself,
 
Welcome to the Webroot Community,
 
These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.
 

Userlevel 7
Just tried the same, Sherry, and can confirm your findings in trems of (i) removal of the PUA & (ii) the alternate download page not being available. ;)
 
Regards, Baldrick
Userlevel 7
Badge +62
Thanks Baldrick for the added assistance and confirmation. 😉
Userlevel 7
No worries, Sherry...Teamwork, as always...:D
 
I think that the best advice is definitively DanP's in post #5.
 
Regards, Baldrick
Userlevel 7
Badge +62
Well you are absolutely correct Baldrick. 😉
Hi, just found this thread after Clamwin quarantied cdbxp_setup_4.5.4.4954.exe as "infected", then I submitted the latest download URL from CDBurnerXP's website to VirusTotal and it gave me this list (after clicking to view the download file scan beyond the URL):
 
Antivirus Result Update
AegisLab Script.Application.Gen!c 20161230
DrWeb Trojan.InstallCore.2673 20161230
ESETNOD32
a variant of Win32/FusionCore.I potentially unwanted 20161230
Fortinet Riskware/FusionCore 20161230
GData Script.Application.FusionCore.B 20161230
NANOAntivirus
Trojan.Win32.InstallCore.eiwtgp 20161230
Rising PUA.FusionCore!8.1249bzgdGCZcsB
(cloud) 20161230
 
I'm not sure how many of those are actually bad, but I've had CDBurnerXP on every Windows computer I've owned for years, with no detectable problem, and this is literally the first time I've found any problem like this with the program.
 
Are these just data aggregator spyware? Or do they collect identifiable personal information to sell? I always skip installing any "cling-ons" (extra programs they try to fool you into installing), and I understand they're giving away a free product, but now I'm wondering if scanning and removing (potentially) unwanted stuff after install is good enough, or if I should not worry about using this program (even after scan/remove).
Userlevel 7
Badge +62
Hello davewrsa,
 
Welcome to the Webroot Community,
 
I have cdburnerxp on one of my systems and Webroot quarantined the Open Candy and I was able to run this program without any issues.
 
If you are concerned then it's best to Submit a Support Ticket and have them take a look and they will tell you if this program is a threat. This is a free service with a Webroot subscription.
 
Hope this helps?
FWIW
Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].
Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp
[43C427AEC31CD33FB3F056A179C83DEC].
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
YMMV
 
Userlevel 7
Badge +56
@ wrote:
FWIW
Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].
Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp
[43C427AEC31CD33FB3F056A179C83DEC].
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
YMMV
 
Yea a PUA detection! https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.
 
Kudos Webroot.  😃
Userlevel 7
Badge +56
@ wrote:
Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.
 
Kudos Webroot.  :D
It was only concerned about the added PUA not the app in general! ;)
 
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
 
From VT: https://www.virustotal.com/en/file/dc9f6416f7c0f07f470a63bf6a08fcf9c5b30adf92214c8abb7064551bdf7ed1/analysis/
 
And the installer on VT: https://www.virustotal.com/en/file/a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745/analysis/1483327379/
 

Opened filesC:WINDOWSsystem32etmsg.dll (successful)C:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:WINDOWSsystem32shfolder.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful)C:WINDOWSsystem32shell32.dll (successful)\.PIPElsarpc (successful)\.MountPointManager (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Read filesC:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:WINDOWSsystem32shfolder.dll (successful)C:WINDOWSsystem32shell32.dll (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Written filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful) Deleted filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (failed) Created processesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp" /SL5="$0 (successful) Runtime DLLsshell32.dll (successful)comctl32.dll (successful)advapi32.dll (successful)c:windowssystem32imm32.dll (successful)imm32.dll (successful)uxtheme.dll (successful)shfolder.dll (successful)user32.dll (successful)oleaut32.dll (successful)ole32.dll (successful)userenv.dll (successful)setupapi.dll (successful)rpcrt4.dll (successful)c:windowssystem32shlwapi.dll (successful)clbcatq.dll (successful)msftedit.dll (successful)c:docume~1<USER>~1locals~1 empis-c7u3j.tmpfusion.dll (successful)kernel32.dll (successful)kernel32 (successful)user32 (successful)
FWIW ~ CDBurnerXP offers a setup download without PUA. 
The License Agreement offers a setup package without InstallCore. 
Perhaps, InstallCore is a revenue source for the vendor. 



 
Userlevel 7
Badge +62
@ wrote:
FWIW ~ CDBurnerXP offers a setup download without PUA. 
The License Agreement offers a setup package without InstallCore. 
Perhaps, InstallCore is a revenue source for the vendor. 



 
Thank you @!
Userlevel 7
Badge +52
use msi installer
 
MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi
MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi
or
Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
Userlevel 7
Badge +62
@ wrote:
use msi installer
 
MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi
MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi
or
Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
Thank you Pert!:D
 
Edited: Installed it without a hitch!:D

Reply