13 replies to this topic

[Conable]

I'm not sure what you recommend for the whole "Developer Mode" since it wasn't the scan that caught it..it was the Protection client..

Anyway Foobar2000 is a media player application -- http://www.foobar2000.org/

When I opened an mp3 of mine the Protection put up a warning that said Foo_Unpack.dll which is intended to allow me to listen to music that's compressed in a .zip, .rar, .7z..etc..& called it a Worm(Auto) I believe it was..

I ignored it but I don't see it in the ignore list..& I played the same track several times & can't get the warning to reproduce..

[nosirrah]

Let me know if you can reproduce this , I fixed one earlier that could have been this so if it does not come back it was likely the same issue .

[Conable]

Well a little good news the error popped up again when I restarted my computer..this time I got a screen shot it so at least you know it's legitimate ;-)

Is there anything I can do to help more..I've ran scans before with 0 results..this has never occurred before since my database update to 2803 - 9.15.2009

It's the protection module catching it not the scans..

I've played this song before..on this machine..in Foobar..with Malwarebytes running..but I'll do what I can to help :-)

[nosirrah]

Please zip and attach a copy of the file being detected to your next post .

[Conable]

Huh well it won't let me post the file without some text in the post..so here's some text ^^

Attached Files

•  foo_unpack.zip   91.31KB   49 downloads

[Conable]

I don't see an option to edit my post so..if it matter to you..it's a default plugin with Foobar too..not some custom 3P plugin

[e.s]

Hi, after updating to the newest version I also am getting this foo unpack.dll autorun worm warning.

it wasnt the manual scanner that caught it, it was either the IP protection or the protection module.

it lists this IP as the outgoing IP 94.75.209.35

But as stated previously, foo_unpack.dll is part of the foobar media player software.

Maybe it is infected from the very start and its only now that we are able to pick it up, since I cant understand why its auto-running in the background when foo bar isnt even turned on, but there ya go.

I have put it in quarantine until I find out if its legit or not, I can send a copy of the file to you if you wish ?

[nosirrah]

This has already been corrected , make sure you update before rechecking .

[yapaksa]

 nosirrah, on Sep 16 2009, 11:41 AM, said:

This has already been corrected , make sure you update before rechecking .

Hi all, using
Database version : 2828 Date : 9/19/2009
and have the same alert with Foo_Unpack.dll

[nosirrah]

Zip and attach a copy of that file here please .

[yapaksa]

 nosirrah, on Sep 20 2009, 07:29 AM, said:

Zip and attach a copy of that file here please .

Here it is

Attached Files

•  foo_unpack.zip   87.71KB   50 downloads

[nosirrah]

I cant replicate this so there must be some sort of heuristic linking hitting here , what is the full path to that file on your system ?

[yapaksa]

C:\Applications\foobar2000\components

I had no problem with FOOBAR before.
The problem appeared since 2 days.

[yapaksa]

OK,
With the Database version : 2829, all seems OK
Thank you nosirrah