Solved
cdburnerxp is infected?
I've tried 5 different versions of Cdburnerxp. I've tried downloading from their website and cnet. Webroot reports an infection the moment I click ANY version to install it. What's going on?
Best answer by Ssherjj
Hi shimself,
Welcome to the Webroot Community,
These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.
Welcome to the Webroot Community,
These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.
+62Hello ?
Welcome to the Webroot Community,
Webroot is protecting you from a malicious download and protecting you from installing this program from these sites.Cnet isn't safe IMO.
Please try this website below:
https://cdburnerxp.se/en/home and did not have an issue with installing from this Website.
I have checked this site with Bright Cloud
Welcome to the Webroot Community,
Webroot is protecting you from a malicious download and protecting you from installing this program from these sites.Cnet isn't safe IMO.
Please try this website below:
https://cdburnerxp.se/en/home and did not have an issue with installing from this Website.
I have checked this site with Bright Cloud
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
https://www.virustotal.com/en/file/8b20da21f03a10bbda432fa1f67a55cb1f6b26f70740be69e1f4dbd640b20cba/analysis/
File name: cdbxp_setup_4.5.6.5931.exe
Detection ratio: 24 / 54
Analysis date: 2016-02-08 08:08:10 UTC
To Community guides/experts --- there is no reason to remove this message. I am not posting comparison to or info on "other" security programs. I'm posting info to help OP and Webrooters.
File name: cdbxp_setup_4.5.6.5931.exe
Detection ratio: 24 / 54
Analysis date: 2016-02-08 08:08:10 UTC
To Community guides/experts --- there is no reason to remove this message. I am not posting comparison to or info on "other" security programs. I'm posting info to help OP and Webrooters.
+62Thanks ?I didn't check this with virus total. But I did install this burner without issue or did Webroot say it was a threat. I appreciate your back up on this matter! 😉 Looks like an uninstall is in order.
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+35- OpenText Employee
It is not the CDBurnerXP app that is being detected, it is the OpenCandy PUA that installs with it. You should be able to install and run the app with no issues - just let SecureAnywhere remove the OpenCandy component.
-Dan
-Dan
Webroot Threat Research
+62Hi @DanP Thankyou so much for assistance :D
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
In fact the version from the home website www.cdburnerxp.se is polluted with this piece of adware (fairly harmless), but you can find the unpolluted version on https://cdburnerxp.se/en/download (without opencandy)
+62Hi shimself,
Welcome to the Webroot Community,
These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.
Welcome to the Webroot Community,
These threats were quarantined ...from when installing cdburnerxp. Open candy was found and removed from cdburnerxp from this site when installing https://www.cdburnerxp.se/ and the site you posted https://cdburnerxp.se/en/download%C2%A0 page could not be found.
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Just tried the same, Sherry, and can confirm your findings in trems of (i) removal of the PUA & (ii) the alternate download page not being available. ;)
Regards, Baldrick
Regards, Baldrick
+62Thanks Baldrick for the added assistance and confirmation. 😉
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
No worries, Sherry...Teamwork, as always...:D
I think that the best advice is definitively DanP's in post #5.
Regards, Baldrick
I think that the best advice is definitively DanP's in post #5.
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
+62Well you are absolutely correct Baldrick. 😉
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Hi, just found this thread after Clamwin quarantied cdbxp_setup_4.5.4.4954.exe as "infected", then I submitted the latest download URL from CDBurnerXP's website to VirusTotal and it gave me this list (after clicking to view the download file scan beyond the URL):
Antivirus Result Update
AegisLab Script.Application.Gen!c 20161230
DrWeb Trojan.InstallCore.2673 20161230
ESETNOD32
a variant of Win32/FusionCore.I potentially unwanted 20161230
Fortinet Riskware/FusionCore 20161230
GData Script.Application.FusionCore.B 20161230
NANOAntivirus
Trojan.Win32.InstallCore.eiwtgp 20161230
Rising PUA.FusionCore!8.1249bzgdGCZcsB
(cloud) 20161230
I'm not sure how many of those are actually bad, but I've had CDBurnerXP on every Windows computer I've owned for years, with no detectable problem, and this is literally the first time I've found any problem like this with the program.
Are these just data aggregator spyware? Or do they collect identifiable personal information to sell? I always skip installing any "cling-ons" (extra programs they try to fool you into installing), and I understand they're giving away a free product, but now I'm wondering if scanning and removing (potentially) unwanted stuff after install is good enough, or if I should not worry about using this program (even after scan/remove).
Antivirus Result Update
AegisLab Script.Application.Gen!c 20161230
DrWeb Trojan.InstallCore.2673 20161230
ESETNOD32
a variant of Win32/FusionCore.I potentially unwanted 20161230
Fortinet Riskware/FusionCore 20161230
GData Script.Application.FusionCore.B 20161230
NANOAntivirus
Trojan.Win32.InstallCore.eiwtgp 20161230
Rising PUA.FusionCore!8.1249bzgdGCZcsB
(cloud) 20161230
I'm not sure how many of those are actually bad, but I've had CDBurnerXP on every Windows computer I've owned for years, with no detectable problem, and this is literally the first time I've found any problem like this with the program.
Are these just data aggregator spyware? Or do they collect identifiable personal information to sell? I always skip installing any "cling-ons" (extra programs they try to fool you into installing), and I understand they're giving away a free product, but now I'm wondering if scanning and removing (potentially) unwanted stuff after install is good enough, or if I should not worry about using this program (even after scan/remove).
+62Hello davewrsa,
Welcome to the Webroot Community,
I have cdburnerxp on one of my systems and Webroot quarantined the Open Candy and I was able to run this program without any issues.
If you are concerned then it's best to Submit a Support Ticket and have them take a look and they will tell you if this program is a threat. This is a free service with a Webroot subscription.
Hope this helps?
Welcome to the Webroot Community,
I have cdburnerxp on one of my systems and Webroot quarantined the Open Candy and I was able to run this program without any issues.
If you are concerned then it's best to Submit a Support Ticket and have them take a look and they will tell you if this program is a threat. This is a free service with a Webroot subscription.
Hope this helps?
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
FWIW
Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].
Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp
[43C427AEC31CD33FB3F056A179C83DEC].
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
YMMV
Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].
Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp
[43C427AEC31CD33FB3F056A179C83DEC].
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
YMMV
+56Yea a PUA detection! https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744@ wrote:
FWIW
Sun 2017-01-01 Monitoring process cdbxp_setup_4.5.7.6452.exe [14DB52A67449164AC84F14CFC8E8381F].
Sun 2017-01-01 Monitoring process Tempis-CN31P.tmpcdbxp_setup_4.5.7.6452.tmp
[43C427AEC31CD33FB3F056A179C83DEC].
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
YMMV
Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.
Kudos Webroot. 😃
Kudos Webroot. 😃
+56It was only concerned about the added PUA not the app in general! ;)@ wrote:
Yes, it's really great to watch Webroot pass on the setup download and pounce on the setup launch.
Kudos Webroot. :D
Sun 2017-01-01 Infection detected: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46] [3/08000000] [Pua.Fusion.Core]
Sun 2017-01-01 Infection found in realtime: tempis-qd6os.tmpfusion.dll [MD5: 79C1A7F4FB6B26E90C09CDAE90B5DC46, Size: 848896 bytes] [134217728/00000003] [Pua.Fusion.Core]
From VT: https://www.virustotal.com/en/file/dc9f6416f7c0f07f470a63bf6a08fcf9c5b30adf92214c8abb7064551bdf7ed1/analysis/
And the installer on VT: https://www.virustotal.com/en/file/a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745/analysis/1483327379/
Opened filesC:WINDOWSsystem32etmsg.dll (successful)C:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:WINDOWSsystem32shfolder.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful)C:WINDOWSsystem32shell32.dll (successful)\.PIPElsarpc (successful)\.MountPointManager (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Read filesC:a4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745 (successful)C:WINDOWSsystem32shfolder.dll (successful)C:WINDOWSsystem32shell32.dll (successful)C:WINDOWSRegistrationR000000000007.clb (successful) Written filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmp_isetup_shfoldr.dll (successful)C:DOCUME~1<USER>~1LOCALS~1Tempis-C7U3J.tmpFusion.dll (successful) Deleted filesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp (failed) Created processesC:DOCUME~1<USER>~1LOCALS~1Tempis-UEDGP.tmpa4c5ccca3162cf5f081f75bab4c98218b7ff20fac11e7f3aead7452bbc9ad745.tmp" /SL5="$0 (successful) Runtime DLLsshell32.dll (successful)comctl32.dll (successful)advapi32.dll (successful)c:windowssystem32imm32.dll (successful)imm32.dll (successful)uxtheme.dll (successful)shfolder.dll (successful)user32.dll (successful)oleaut32.dll (successful)ole32.dll (successful)userenv.dll (successful)setupapi.dll (successful)rpcrt4.dll (successful)c:windowssystem32shlwapi.dll (successful)clbcatq.dll (successful)msftedit.dll (successful)c:docume~1<USER>~1locals~1 empis-c7u3j.tmpfusion.dll (successful)kernel32.dll (successful)kernel32 (successful)user32 (successful)
FWIW ~ CDBurnerXP offers a setup download without PUA.
The License Agreement offers a setup package without InstallCore.
Perhaps, InstallCore is a revenue source for the vendor.
The License Agreement offers a setup package without InstallCore.
Perhaps, InstallCore is a revenue source for the vendor.
+62Thank you@ wrote:
FWIW ~ CDBurnerXP offers a setup download without PUA.
The License Agreement offers a setup package without InstallCore.
Perhaps, InstallCore is a revenue source for the vendor.
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+52use msi installer
MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi
MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi
or
Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi
MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi
or
Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
+62Thank you Pert!:D@ wrote:
use msi installer
MSI x32: https://download.cdburnerxp.se/msi/cdbxp_setup_4.5.7.6499.msi
MSI x64: https://download.cdburnerxp.se/msi/cdbxp_setup_x64_4.5.7.6499.msi
or
Portable x32/x64: https://download.cdburnerxp.se/portable/CDBurnerXP-4.5.7.6499.zip
Edited: Installed it without a hitch!:D
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.