DVDFab 8.0.1.5 Beta is out

vbimport

#1

Dear all,

DVDFab 8.0.1.5 Beta is out (September 20, 2010):

http://www.dvdfab.com/mlink/download.php?g=DVDFAB_BETA

To report problem of this version, please start your own thread at specific sub-forum, with 8015 in prefix or title, thanks.

What’s New:

DVDFab 8.0.1.5 Beta (September 20, 2010)

New: Updated English language file.
New: Reconstructed “Process” window, added “Info”, “Preview” and “Option” tabs.
New: Added “Preview” to check the output image when copying or converting.

DVD Ripper:
Fix: A playback stutter problem when converting to iPad or iPhone 4 in certain cases.

Blu-ray Copy:
Fix: A problem that Blu-ray disc cannot be opened on certain computers.


#2

Thanks [B]SJ[/B].

I’m back…Just got home from the hospital today and relaxing infront of my computer.First time on it in amost 3 weeks.Long story no biggie i’m fine now and glad to be back.I take it I missed afew new updates?

Hugs.
Kimberley


#3

Welcome back Kimberley :iagree: :flower:

Sorry to hear :frowning: you was in the hospital but really glad to hear :bigsmile: you are fine now.

And yes you did miss a few :smiley:


#4

[QUOTE=Kimberley_1987;2545674]Thanks [B]SJ[/B].

I’m back…Just got home from the hospital today and relaxing infront of my computer.First time on it in amost 3 weeks.Long story no biggie i’m fine now and glad to be back.I take it I missed afew new updates?

Hugs.
Kimberley[/QUOTE]

Hey my little rincess

Hope it wasn’t anything major :frowning: and like bean said great to have you back :flower::kiss::kiss::kiss:


#5

Many thanks for the update SJ.

@Kimberly…glad to hear that you’re okay. :wink:


#6

Thanks SJ!:bigsmile:


#7

A bunch of AV scanners are reporting FabCore.exe is infected. There is an UPX packed file in the Resources. I exported out the resources, unpacked the UPX and this is what is flagging the scanners. Doesn’t look good.
http://www.virustotal.com/file-scan/report.html?id=cd7078a355d466720d1af2eccff03fa562e79a85642211f6f32b0a61485f85c0-1285032040


#8

[QUOTE=redblkjck;2545731]A bunch of AV scanners are reporting FabCore.exe is infected. There is an UPX packed file in the Resources. I exported out the resources, unpacked the UPX and this is what is flagging the scanners. Doesn’t look good.
http://www.virustotal.com/file-scan/report.html?id=cd7078a355d466720d1af2eccff03fa562e79a85642211f6f32b0a61485f85c0-1285032040[/QUOTE]

It a false positive and you need to report it to your Anti-Virus program makers so they can update their Virus definitions


#9

[QUOTE=redblkjck;2545731]A bunch of AV scanners are reporting FabCore.exe is infected. There is an UPX packed file in the Resources. I exported out the resources, unpacked the UPX and this is what is flagging the scanners. Doesn’t look good.
http://www.virustotal.com/file-scan/report.html?id=cd7078a355d466720d1af2eccff03fa562e79a85642211f6f32b0a61485f85c0-1285032040[/QUOTE]

Most likely it is a false positive report, I have Zone Alarm extrem security and it comes up with nothing I sugguest you contact your AV manufacturer and tell them your getting a false positive report and let them check into it, also you state “A bunch of AV scanners” if your talking off the internet scans it could be related to [B]Scareware[/B]

Also if there was a problem it would be widespread and whould be getting reported by other users/members, however files and/or installers have been known to become corupt during download but I don’t think this is your problem.


#10

Hey AGJ didn’t see you typing while I was :bigsmile:


#11

Not so sure on the false pos. This is a dll file that has calls to access the internet and some heavy kernel32 process calls. None of these were in the previous version of FabCore.exe There shouldn’t be any reason to hide a UPX packed DLL inside the resources of the exe. All the other DLLs needed seem to be in the install path. A DLL would need to be loaded into memory before executing calls. Meaning another process would need to load this and run any calls. I have not gone through to see if such a call is in the FabCore but it’s not listed in the imports sections. It’s compiled file name is OutSupNW.DLL Chinese Lang compiled.
Maybe nothing but normally false positives are from packers and encryptors. The resource was packed with UPX but it is flagging the AV scanners unpacked. This is file concealed in the FabCore.exe


#12

[QUOTE=redblkjck;2545751]Not so sure on the false pos. This is a dll file that has calls to access the internet and some heavy kernel32 process calls. None of these were in the previous version of FabCore.exe There shouldn’t be any reason to hide a UPX packed DLL inside the resources of the exe. All the other DLLs needed seem to be in the install path. A DLL would need to be loaded into memory before executing calls. Meaning another process would need to load this and run any calls. I have not gone through to see if such a call is in the FabCore but it’s not listed in the imports sections. It’s compiled file name is OutSupNW.DLL Chinese Lang compiled.
Maybe nothing but normally false positives are from packers and encryptors. The resource was packed with UPX but it is flagging the AV scanners unpacked. This is file concealed in the FabCore.exe[/QUOTE]

I’m going to have Fengtao get with you on this :wink:


#13

To look at what I am talking about. Open up fabcore.exe in hex editor. Go to offset 0x3F460 (MZ is the start of the PE header) and copy out range size of 0x95FF into a new file. Save it to exe or dll and use UPX to unpack it with the -d cmd line. Or just use a program like CFF Explorer to save the resource section to an exe file and reopen the saved file in CFF, use the UPX option to unpack it with CFF.
There is no file hidden in the resources of the previous build of fabcore.exe which makes it more strange… The AV scans are reporting it as a dropper used to grab a payload and manipulate the system. Dropped it by Sandbox and this DLL checks for a few things with scheduler service, network connection NETAPI, HTTP socket sessions WININET, hostname WS2_32, file checks autoexec.bat and index.dat. It does some registry checks with msvideo and currentcontrolset\services "test_server"
Hopefully Fengtao will clarify if it should be in the file… :slight_smile: Thanks


#14

Like I stated before “I will have Fengtao get with you on this matter” :smiley:


#15

Thanks for posting the update SJ :clap:

@Kimberley I really hope it was nothing serious and glad to hear you are
back home so just set back and take it easy for a while and I was begging
to wonder where you were glad you are back now. :flower:


#16

@ redblkjck

Fengtao has read your replies and is looking into this matter :cool:

[B]SJ[/B]


#17

[QUOTE=StormJumper;2545769]@ redblkjck

Fengtao has read your replies and is looking into this matter :cool:

[B]SJ[/B][/QUOTE]
Thanks. I’m about done messing with the file. The fabcore.exe does write the dll from the resources but is looking for some Chinese chat/remote program to be installed first. Tencent\RTXC\RTX.EXE Makes no sense for a video converting program… Thx


#18

[QUOTE=redblkjck;2545771]Thanks. I’m about done messing with the file. The fabcore.exe does write the dll from the resources but is looking for some [B]Chinese[/B] chat/remote program to be installed first. Tencent\RTXC\RTX.EXE Makes no sense for a video converting program… Thx[/QUOTE]

On the above in bold is must likely because the author lives in China :smiley:


#19

[QUOTE=StormJumper;2545774]On the above in bold is must likely because the author lives in China :D[/QUOTE]
LOL yeah kinda figured that.
Couldn’t find a Eng version of that program to see what it does but there is some malware that uses the same RDX.exe filename to hide anyway… I kind of doubt this DLL has much to do with the video encoding fabcore.exe does but its getting beyond my knowhow. Last time I stepped to see what a questionable file was didn’t go well… Not risking it on this box anyway. Hopefully its nothing.


#20

[QUOTE=redblkjck;2545778]LOL yeah kinda figured that.
Couldn’t find a Eng version of that program to see what it does [B]but there is some malware that uses the same RDX.exe filename to hide anyway[/B]… I kind of doubt this DLL has much to do with the video encoding fabcore.exe does but its getting beyond my knowhow. Last time I stepped to see what a questionable file was didn’t go well… Not risking it on this box anyway. Hopefully its nothing.[/QUOTE]

That is way you was told it is a false positive report :iagree: and if your AV program is detecting it as such this then that is also why I suggested you to get with your AV software provider…which they will most likely need the file path and other info so they can update their Virus definitions :bigsmile:

[B]SJ[/B]