Trojan in On2 Flix Pro v8.545? Where da md5s at?!

I just loaded On2 Flix Pro (video conversion software to create Flash videos) and was told there was an update.

The application doesn’t have the smarts to update itself directly, instead sending you to the website to download a zip file containing the new update.

It installed successfully (well, the first attempt failed trying to register itself online to make sure I wasn’t copying it – super annoying DRM ties each install to a particular piece of hardware, making it hard to move between computers), but then when I went to run it I got an AVG error informing me that there was a trojan horse in the file winprojector8.exe – PSW.Ldpinch.VKM to be exact.

I’m fairly confident this is a false positive, but I can’t be sure, because there’s no digital signature or md5 or anything for this file, OR the zip file that I downloaded the application in, OR the self-installing .exe that came out of the zip file.

In case anyone else is running into this error, here are the md5s for each file:

577cbe65ae7f718b365b560e5109773b SetupFlixProPC_8_545.exe
260e655dd577e54cd3a215feb60aa021 winprojector8.exe (the allegedly infected file)

Currently Googling for the md5 of the infected file yields this URL, which indicates a few other applications detect a trojan in this file as well.

I have contacted On2 support (usually I get a response within 24 hours) and await what I hope will just be a ‘false positive’ response.

If they’d published an md5 hash of these files, I wouldn’t need to be worried. But they didn’t, so I am.

If you’re putting a file on the Internet up for download, please always publish a hash of the file – md5sum or sha1sum would be best – so that people can verify that what they think they’re getting is what you want them to be getting.

2hash for Windows

I’ve compiled up a version of Thomas Akin’s 2hash for Windows for my own nefarious deeds and thought other people might find it handy. You can download it (including source, which is mostly unmodified) right here. It can crash unexpectedly if you don’t provide proper input; I haven’t bothered carefully sanitising user input just yet. If anyone else other than me actually uses it I’ll put some more effort into it.

2hash – Simultaneous md5 and sha1 Hashing

Discovered 2hash yesterday – a simple GPL’ed tool to calculate the md5 and sha1 hashes of a file in a single read. If you’re regularly checking/calculating hashes of large files this’ll save you a lot of disk IO.

Update: The source site is down, so I have mirrored it here.

Update 2007/10/26: 2hash, by default, doesn’t support large files. If you compile it with the CFLAGS updated with ‘-D_FILE_OFFSET_BITS=64’ (as recommended by this page), it will work.