cancel
Showing results for 
Search instead for 
Did you mean: 
Anonymous User
Not applicable

Latest NowTV update being flagged, and removed due to Malware, by MalwareBytes

Malwarebytes
www.malwarebytes.com

 

-Log Details-
Protection Event Date: 30/07/2021
Protection Event Time: 20:45
Log File: bab34ab8-f16e-11eb-8a28-d8cb8ac2f7e5.json

 

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43726
Licence: Premium

 

-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: System

 

-Blocked Malware Details-
File: 1
Malware.Heuristic.1001, C:\Users\chris\AppData\Roaming\NOW TV\NOW TV Player\resources\app.asar.unpacked\node_modules\@sky-uk-ott\client-lib-electron-videoguard\bin\win32\gsttspplugin.dll, Quarantined, 1000001, 0, 1.0.43726, 0000000000000000000003E9, dds, 01356064, 40C31D698CABF224105F57A0ED0C8695, 5BAB84E792278E1E74AA37226A50D7363ACAD2DD12888FCED4DF8769347B0B02


(end)

6 REPLIES 6
Anonymous User
Not applicable

Now TV support advice was 'to delete browser cookies!'

RoyB
Legend

@Anonymous User 

 

Not to get yourself a less capable antivirus? 😛

 

But I can see why an MWB heuristic would give a false positive on this program, because it is very virus-like in its operation.

 

No doubt you know that the correct procedure is to reinstall Now from a trustworthy source, to be sure this program really is a part of it, then to whitelist it, and finally to let MWB know this is happening?

Set a Payment PIN on your account so that no-one but you can buy memberships on it. Check your bank accounts monthly for any other unexpected payments to Now. That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
Anonymous User
Not applicable

I hate it when people try and answer questions that they clearly haven't got a clue about..

 

(1) The update was installed by Now TV, from Now TV.

 

(2) A .dll file isn't a program. And I doubt very much that you disassembled this file and then stepped through its code instructions, in order to state "because it is very virus-like in its operation".

 

(3) I dont whitelist files that MB tells me are malware. You would have to be pretty dumb to do that.

 

(4) I dont work for Now TV so why on earth do you think I would start sending files to MB for analyse to check if a false positive has happened.

 

Lets be honest, Now TV is rubbish compared to Netflix, Amazon, Disney, Blinkbox, etc. So the simple thing to do was to just cancel our subscription.

 

 

RoyB
Legend

@Anonymous User 

 

You said:-

 

I hate it when people try and answer questions that they clearly haven't got a clue about.

 

I hate it when people mark their own postings as the ‘solution’ when the problem clearly isn’t solved.

 

And if you think I don’t have a clue here, then you had better tell my major manufacturer employer of the last eight years that they are employing me under false pretences, and had better look more closely at the CV I gave them, with more than 20 years prior professional IT experience 😛

 

(1) The update was installed by Now TV, from Now TV.

 

The update was installed by you, unless you let Now push it to you without your say-so. In which case, you are in no position to tell me how to conduct any software updating.

 

(2) A .dll file isn't a program.

 

That’s a hair that won’t split. It’s an executable. And who do you think wrote it? A .DLLer, and not a programmer?

 

And I doubt very much that you disassembled this file and then stepped through its code instructions, in order to state "because it is very virus-like in its operation".

 

I know enough about what this .dll does, and what viruses do, to comfortably make that assertion without tools. And @Amiga1200 seems to agree with me here.

 

(3) I don't whitelist files that MB tells me are malware. You would have to be pretty dumb to do that.

 

Then do you think that MalwareBytes must think they have some pretty dumb customers, since they provide the means to do this? Or do you think, like me that they know that with the best will in the world, they will occasionally throw a false positive? Especially from a heuristic? Paradoxically, perhaps, I would be less inclined to ignore the MalwareBytes warning if this .dll wasn’t doing the least thing virus-like.

 

Maybe I would check it through Virus Total first though…..

 

(4) I dont work for Now TV so why on earth do you think I would start sending files to MB for analyse to check if a false positive has happened.

 

Isn't that what you are supposed to do, if you are worried? I’m sure most MWB submissions are from users, not suppliers.

 

Lets be honest, Now TV is rubbish compared to Netflix, Amazon, Disney, Blinkbox, etc. So the simple thing to do was to just cancel our subscription.

 

That certainly solves the problem for you. But it is also cutting off your nose to spite your face, when Now has content that nobody else has; and even when other streaming services have the  content, Now normally has it cheaper, often significantly cheaper. Worth putting up with a few glitches from time to time for that, for me.

Set a Payment PIN on your account so that no-one but you can buy memberships on it. Check your bank accounts monthly for any other unexpected payments to Now. That way you can at least nip them in the bud, while you and Now figure out whose fault they are.
Saint1976
Elite 3

@Anonymous User see the below thread where a user has given instructions on how to create an exception

 

https://community.nowtv.com/t5/PC-Mac/Error-Code-20000/m-p/502593#M5751

Amiga1200
Scholar 2

I think the heuristic scan part of AV software is where it is trying to find currently unknown viruses so is looking for virus like activity.

 

I can see why the NowTV app would be flagged as malware. From what I've read on these forums, the desktop app looks deep into your system for software it doesn't like ie. Screen recorders. It then demands you remove or disable it before it allows you to watch. It's likely actively scanning your system for other programs it doesn't like aswell.

 

DRM like this is kinda behaving like malware by looking at parts of your computer other software doesn't. There have been particularly harsh gaming DRM in the past that infects people's machines without their knowledge and is difficult to remove.

 

In short. Your anti virus is doing its job and alerting you to an app that IS acting suspiciously. I guess it's up to you whether you want to allow Now TVs Big Brother in or not.