Hi, after updating to the newest version I also am getting this foo unpack.dll autorun worm warning. it wasnt the manual scanner that caught it, it was either the IP protection or the protection module. it lists this IP as the outgoing IP 18.104.22.168 But as stated previously, foo_unpack.dll is part of the foobar media player software. Maybe it is infected from the very start and its only now that we are able to pick it up, since I cant understand why its auto-running in the background when foo bar isnt even turned on, but there ya go. I have put it in quarantine until I find out if its legit or not, I can send a copy of the file to you if you wish ?