30-07-2021 20:56 - edited 30-07-2021 20:57
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 30/07/2021
Protection Event Time: 20:45
Log File: bab34ab8-f16e-11eb-8a28-d8cb8ac2f7e5.json
-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43726
Licence: Premium
-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: System
-Blocked Malware Details-
File: 1
Malware.Heuristic.1001, C:\Users\chris\AppData\Roaming\NOW TV\NOW TV Player\resources\app.asar.unpacked\node_modules\@sky-uk-ott\client-lib-electron-videoguard\bin\win32\gsttspplugin.dll, Quarantined, 1000001, 0, 1.0.43726, 0000000000000000000003E9, dds, 01356064, 40C31D698CABF224105F57A0ED0C8695, 5BAB84E792278E1E74AA37226A50D7363ACAD2DD12888FCED4DF8769347B0B02
(end)
30-07-2021 21:25
Now TV support advice was 'to delete browser cookies!'
30-07-2021 22:53
@Anonymous User
Not to get yourself a less capable antivirus? 😛
But I can see why an MWB heuristic would give a false positive on this program, because it is very virus-like in its operation.
No doubt you know that the correct procedure is to reinstall Now from a trustworthy source, to be sure this program really is a part of it, then to whitelist it, and finally to let MWB know this is happening?
30-07-2021 23:47
I hate it when people try and answer questions that they clearly haven't got a clue about..
(1) The update was installed by Now TV, from Now TV.
(2) A .dll file isn't a program. And I doubt very much that you disassembled this file and then stepped through its code instructions, in order to state "because it is very virus-like in its operation".
(3) I dont whitelist files that MB tells me are malware. You would have to be pretty dumb to do that.
(4) I dont work for Now TV so why on earth do you think I would start sending files to MB for analyse to check if a false positive has happened.
Lets be honest, Now TV is rubbish compared to Netflix, Amazon, Disney, Blinkbox, etc. So the simple thing to do was to just cancel our subscription.
31-07-2021 23:32 - edited 31-07-2021 23:37
@Anonymous User
You said:-
I hate it when people try and answer questions that they clearly haven't got a clue about.
I hate it when people mark their own postings as the ‘solution’ when the problem clearly isn’t solved.
And if you think I don’t have a clue here, then you had better tell my major manufacturer employer of the last eight years that they are employing me under false pretences, and had better look more closely at the CV I gave them, with more than 20 years prior professional IT experience 😛
(1) The update was installed by Now TV, from Now TV.
The update was installed by you, unless you let Now push it to you without your say-so. In which case, you are in no position to tell me how to conduct any software updating.
(2) A .dll file isn't a program.
That’s a hair that won’t split. It’s an executable. And who do you think wrote it? A .DLLer, and not a programmer?
And I doubt very much that you disassembled this file and then stepped through its code instructions, in order to state "because it is very virus-like in its operation".
I know enough about what this .dll does, and what viruses do, to comfortably make that assertion without tools. And @Amiga1200 seems to agree with me here.
(3) I don't whitelist files that MB tells me are malware. You would have to be pretty dumb to do that.
Then do you think that MalwareBytes must think they have some pretty dumb customers, since they provide the means to do this? Or do you think, like me that they know that with the best will in the world, they will occasionally throw a false positive? Especially from a heuristic? Paradoxically, perhaps, I would be less inclined to ignore the MalwareBytes warning if this .dll wasn’t doing the least thing virus-like.
Maybe I would check it through Virus Total first though…..
(4) I dont work for Now TV so why on earth do you think I would start sending files to MB for analyse to check if a false positive has happened.
Isn't that what you are supposed to do, if you are worried? I’m sure most MWB submissions are from users, not suppliers.
Lets be honest, Now TV is rubbish compared to Netflix, Amazon, Disney, Blinkbox, etc. So the simple thing to do was to just cancel our subscription.
That certainly solves the problem for you. But it is also cutting off your nose to spite your face, when Now has content that nobody else has; and even when other streaming services have the content, Now normally has it cheaper, often significantly cheaper. Worth putting up with a few glitches from time to time for that, for me.
30-07-2021 23:28
@Anonymous User see the below thread where a user has given instructions on how to create an exception
https://community.nowtv.com/t5/PC-Mac/Error-Code-20000/m-p/502593#M5751
31-07-2021 11:53
I think the heuristic scan part of AV software is where it is trying to find currently unknown viruses so is looking for virus like activity.
I can see why the NowTV app would be flagged as malware. From what I've read on these forums, the desktop app looks deep into your system for software it doesn't like ie. Screen recorders. It then demands you remove or disable it before it allows you to watch. It's likely actively scanning your system for other programs it doesn't like aswell.
DRM like this is kinda behaving like malware by looking at parts of your computer other software doesn't. There have been particularly harsh gaming DRM in the past that infects people's machines without their knowledge and is difficult to remove.
In short. Your anti virus is doing its job and alerting you to an app that IS acting suspiciously. I guess it's up to you whether you want to allow Now TVs Big Brother in or not.