The Snowman
Premium
join:2007-05-20
 ·Verizon Online DSL
| reply to Blue Turtle
Re: Clsid FFDShow modifying Windows Explorer.
ffdshow is installed on my computers without any problems...in fact, I would not be found without ffdshow....its a very good codec. But where a person obtains the codec from.....any codec or any program...means a major thing....there are lots of bad download websites out there.
Blue Turtle all security issues are taken very seriously by the Members of this Forum.......and without a little humor now and then most of us would just plain not help other people....this can be very stressful business.
Of course you always have the option of paying someone for security advice.....it the end most likely their advice wont be as good as the advise found here.....but please try it if you find our humor is offensive. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
| reply to Blue Turtle
said by Blue Turtle :
No winking or hammer on head smilies please.
This is very serious to me.
The "hammer on head smilies" and the "Doctor, it hurts when I do this." vaudeville joke I posted in another of your threads was in reference to your continued use of a specific model modem/router which was causing you problems, even though you had in your possession a different model which did not have any problems. It was not an attempt to ridicule your security concerns (although using a modem/router which did not have the reported symptoms would probably also have solved the security concerns as well)
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
4 edits | reply to Blue Turtle
said by Blue Turtle :
I hope I tested the right explorer.exe. I searched and found a few.
How many is "a few" and exactly where were they found?
Here is a sample screen capture of a search for "explorer.ex?" from the Windows XP workstation I am using.
The copy in the "c:\windows" folder is the only one that should really matter, but if you really have multiple copies, it is not impossible that registry changes could force your Windows installation to use one of the other copies, and where those other copies are located can often be used as a guide to their validity.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Blue Turtle
@telus.net
| reply to Blue Turtle
I tested FFDshow 1805 from the afterdawn site, the latest 1817 from ffdshow.info, and version 1771.
I had the hash from before I installed ffdshow and after.
The hash for explorer.exe in c:\windows in vista 32 bit stayed the same after trying each version out.
I hope I tested the right explorer.exe. I searched and found a few.
This was using the hash software Cudni linked too.
Thanks Cudni. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to Blue Turtle
I just downloaded the most recent 'ffdshow sse' version a little while ago. I'm looking forward to installing it.
I have zero concerns about it doing anything in the least malicious to my machine.
These codecs do good things!  |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
 ·Cogeco Cable
2 edits | reply to Blue Turtle
Even the site you linked to says that some AntiVirus claim that FFDSHOW rev 1805 contains a trojan which they the website says is a FP.
I use K-Lite Mega Codec Pack 3.7.0 that contains
• ffdshow:
- ffdshow [revision 1805]
and on top of that i use Avast and i get no warning from it saying i have a trojan. I say it's a FP.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to Blue Turtle
drop dead easy approach
take md5 hash of explore.exe before install and after install and compare the 2
»www.beeblebrox.org/hashtab/
i doubt you will see a difference.
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
MVP, Microsoft Consumer Security 2006-2007 |
|
Blue Turtle
@telus.net | reply to Blue Turtle
Cudni, I want to know how I can test if when I install ffdshow is it or is it not modifying Windows Explorer.
Drop dead easy question.
But I will try your test engine too. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to Blue Turtle
he might be lying or his tools are misreporting. Upload and test with the 2 sites
»www.virustotal.com/
»virusscan.jotti.org/
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
MVP, Microsoft Consumer Security 2006-2007 |
|
Blue Turtle
@telus.net
| "You read all this junk about "ffdshow is not a trojan," well it triggers Avast (latest updated version) AND it triggers Windows Data Protection. FFDShow attempted to modify Windows Explorer. I would suggest that if you have a brain in your head stay a thousand miles away from ffdshow from clsid."
»www.afterdawn.com/software/video···show.cfm
I want to know how this fellow found out that ffdshow was attempting to modify Windows Explorer.
Did he use a special software tool?
I would like to test this out, and I'm hoping for a simple answer.
No winking or hammer on head smilies please.
This is very serious to me. |
|
