***Virus warning*** TubeWork

[chriss]

Hi there

I´m wiriting here because I couldn´t find an contact to totalcmd.net

Today I saw a new plugin called TubeWork. Because it asked for admin permissions I checked this file at virustotal:

https://www.virustotal.com/de/file/e2abc088f10153204143b232031a3d251e77959c716a8c6235ab65226790ac83/analysis/1495095624/

The link at totalcmd.net is http://totalcmd.net/plugring/TubeWork.html

Be careful!

*edit*
The author - Zmy - also added another tool called ClipWork

At least its suspicious... (https://www.virustotal.com/de/file/0da1d404da632a716aab257400d1a3b540a3fe6ce5e76f56646cc0433345a9bc/analysis/1495096062/

[ghisler(Author)]

These both look like false positives to me. Let's see:

Avira (no cloud) TR/Dldr.Agent.vjx
CrowdStrike Falcon (ML) malicious_confidence_65% (D)
DrWeb Trojan.DownLoader13.10682
Invincea generic.a
SentinelOne (Static ML) static engine - malicious

Looks like they found some kind of download code in the file and treat it as a possible trojan downloader. This means that the plugin itself doesn't contain any malicious code, but could be downloading something.

[deus-ex]

This means that the plugin itself doesn't contain any malicious code, but could be downloading something.

From the plugin's description:

This is a unique program for downloading videos from YouTube.com.
It can download not only one video clip, but also a whole list of downloads.

[chriss]

This is a unique program for downloading videos from YouTube.com.
It can download not only one video clip, but also a whole list of downloads.

Hi

this is no unique program
There are a lot of alternatives. Beginning with stand-alone tools until browser-addons.

However - back OT: It may be a false positive or not. I dont´t believe and don´t see any reason for having admin rights.

Everyone can decide for himself if he wants to use this. I wont.

[MVV]

As for separate downloader, there is no need in admin rights at all, so I wouldn't use such tool too.