United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton Internet Security / Norton AntiVirus

Reply
Topic Options
Super Contributor
Ardmore
Posts: 177
Registered: ‎04-30-2009

NIS suddenly deleting long-used media player as keylogger??

[ Edited ]
Options

‎04-27-2012 10:20 PM - edited ‎04-27-2012 10:26 PM

I use what I believe is a popular and reputable media player called Zoom Player, from Inmatrix.  They offer several versions, and while the version I use ("Premium") has not been sold for awhile, Inmatrix still offers updates for it.  The executable is zplayer.exe.  I had been using update 811 of Zoom Player Premium for months, and NIS never had any problem with it, either in virus scans or when I used it.  But tonight, shortly after I started playing a video file Sonar detected zplayer.exe as a high risk file,  supposedly due to suspicious behavior -- keylogging attempts --  and deleted it.

So I downloaded and installed the latest update of Zoom Player Premium from Inmatrix (v 816), and again as soon as I started playing a file Sonar flagged and deleted the latest update of zplayer.exe for the same reason.  It said "very few users" (less than five), but that's probably because it is a just-released update of a legacy version of the product.

This smells like a "false positive" to me.  Or is it possible that version 811 suddenly became infected with a keylogger after months with no problems, and version 816 was keylogging immediately upon installation?

Any thoughts or advice?  I have used Zoom Player for years and definitely trust it.  It seems odd that a media player would suddenly be the target of infection by a keylogger.  Windows XP SP3, NIS 2011.  Thanks

Report Inappropriate Content
Message 1 of 4 (427 Views)
0 Kudos
Super Spam Squasher
Bombastus
Posts: 1,686
Registered: ‎11-16-2009

Re: NIS suddenly deleting long-used media player as keylogger??

Options

‎04-28-2012 03:14 AM

I am sure it contains keylogging technology. Many many legitimate programs do - indeed, many can't function without it. Imagine playing a pinball game that wasn't allowed to capture your keystrokes. No highscore today. Keylogging activity in itself isn't malicious, but can be quite necessary for a program to function.

 

The problem here is that Norton mistakes it for malicious keylogging activity. I installed it and tested it, and it does indeed do what you describe, and it is assuredly a false positive.

Report Inappropriate Content
Message 2 of 4 (387 Views)
dickevans
Posts: 9,196
Registered: ‎04-08-2008

Re: NIS suddenly deleting long-used media player as keylogger??

Options

‎04-28-2012 10:19 AM

Ardmore wrote:

I use what I believe is a popular and reputable media player called Zoom Player, from Inmatrix.  They offer several versions, and while the version I use ("Premium") has not been sold for awhile, Inmatrix still offers updates for it.  The executable is zplayer.exe.  I had been using update 811 of Zoom Player Premium for months, and NIS never had any problem with it, either in virus scans or when I used it.  But tonight, shortly after I started playing a video file Sonar detected zplayer.exe as a high risk file,  supposedly due to suspicious behavior -- keylogging attempts --  and deleted it.

So I downloaded and installed the latest update of Zoom Player Premium from Inmatrix (v 816), and again as soon as I started playing a file Sonar flagged and deleted the latest update of zplayer.exe for the same reason.  It said "very few users" (less than five), but that's probably because it is a just-released update of a legacy version of the product.

This smells like a "false positive" to me.  Or is it possible that version 811 suddenly became infected with a keylogger after months with no problems, and version 816 was keylogging immediately upon installation?

Any thoughts or advice?  I have used Zoom Player for years and definitely trust it.  It seems odd that a media player would suddenly be the target of infection by a keylogger.  Windows XP SP3, NIS 2011.  Thanks

Hi,

Here's where to submit the file for evaluation and a possible change of status

https://submit.symantec.com/false_positive/

Hope this helps

Dick
Win7x64 SP1 current NIS V20
Report Inappropriate Content
Message 3 of 4 (361 Views)
Super Contributor
Ardmore
Posts: 177
Registered: ‎04-30-2009

Re: NIS suddenly deleting long-used media player as keylogger??

[ Edited ]
Options

‎04-28-2012 12:55 PM - edited ‎04-28-2012 01:08 PM

Both responses helpful, thanks

 

I agree with Bombastus that this has got to be a safe file, but I'll go ahead and submit it to the link Dick provided.  anyway.  However, even if the file were initiating keylogging (maliciously or not), is that something that Norton could evaluate just from examining the file or comparing to prior community reports?

 

One interesting twist to this:  Shortly after my original post last night I had NIS change the status for zplayer.exe (update 816) to trusted.  Then I used the player a few times.  Then I went back and removed trusted status, and NIS reverted its Insight assessment back to "Untrusted - Bad."  Then I proceeded to use the player some more, but NIS no longer aborts and deletes it (i.e., it's back to the way things always were before yesterday in that regard).  The pattern is perplexing.

 

EDITED TO ADD:  Just did another Insight check of zplayer.exe, and see that the status has changed from Untrusted-Bad to Trusted-Good without any further intervention on my part.

 

Report Inappropriate Content
Message 4 of 4 (343 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+