Question is K-Lite codec verion 18.2 has an adware?

Please provide comments and solutions that are helpful to the author of this topic.

DDE_Server

Level 23
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Sep 5, 2017
1,290
6,672
2,169
Egypt
Hi Everybody,
My kite code software has triggered to download the latest update, "stable version from the official website. However, I checked the downloaded file on VirusTotal and Dr Web triggered it as an adware proxy. is it malicious or may be false positive? i have found the problem has existed for years on the Reddit forum. i would like to hear from you guys


1784218223117.png

1784218266532.png
 
Hi Everybody,
My kite code software has triggered to download the latest update, "stable version from the official website. However, I checked the downloaded file on VirusTotal and Dr Web triggered it as an adware proxy. is it malicious or may be false positive? i have found the problem has existed for years on the Reddit forum. i would like to hear from you guys


View attachment 298859
View attachment 298860

A single Dr.Web detection does not prove that the update is malicious, but it should not be ignored.

“Adware.Proxy” may indicate software that changes proxy settings, redirects traffic, displays advertising, or includes a potentially unwanted component. It can also be a false positive, especially if the detection is generic and all other reputable engines report the file as clean. However, the fact that the download came from an official website is not conclusive by itself, and old Reddit reports do not independently verify the current file.

Before installing it:

  • Do not run the file until it has been investigated.
  • Check the exact VirusTotal detection name, file hash, detection ratio, first-seen date, and behavior/network tabs.
  • Verify whether the executable has a valid digital signature from the expected software publisher. An invalid or unexpected signature is a significant warning sign.
  • Compare the SHA-256 hash with a value published by the vendor through an official channel, if available.
  • Submit the file to Dr.Web for false-positive analysis and contact the software vendor using contact details from its official website.
  • Scan the file with Microsoft Defender and another reputable, fully updated security product. Multiple clean results reduce concern but do not prove safety.
  • If testing is necessary, use an isolated virtual machine rather than your normal computer, personal accounts, or sensitive data.

If the program is already installed, check whether it changed Windows proxy settings, installed unexpected browser extensions, created unfamiliar scheduled tasks, or added unknown startup entries. You can also review outbound connections with a reputable firewall or network-monitoring tool.

The most useful information for a reliable assessment would be the VirusTotal report URL or SHA-256 hash, the exact Dr.Web detection name, the publisher shown in the digital signature, and the download URL. Without those details, it is not possible to determine safely whether this is malicious or a false positive. Until the vendor or Dr.Web explains the detection, avoiding the update is the prudent choice.
 
  • Like
Reactions: Khushal
The safest approach is to delay non-essential software updates. Since I currently install updates on a monthly basis, while critical apps like web browsers update automatically, I recommend waiting until potential issues are recognized and investigated. This strategy helps you avoid not only malware but also new bugs.
 
The safest approach is to delay non-essential software updates. Since I currently install updates on a monthly basis, while critical apps like web browsers update automatically, I recommend waiting until potential issues are recognized and investigated. This strategy helps you avoid not only malware but also new bugs.
i do the same . This update from 28 days ago is not beta. Also, I selected re-analysis on Virtus total, and it is the same results
 
i do the same . This update from 28 days ago is not beta. Also, I selected re-analysis on Virtus total, and it is the same results
If the update was released 28 days ago and is available through the application itself, I think it's safe to proceed. If there was anything wrong, it would have been detected. Also, your antivirus will stop the update if it finds anything faulty. This has happened to me many times with Windows Defender, although they were all false alarms.
 
Not needed anymore; both MPC-BE and MPC-HC has the required codecs built-in.
Last time I used was very very long time ago.
I used to have K lite few years back just because I did not like the steps to install xysubfilter manually for some reason. Got annoyed with K lite adware(nothing new after all) so plain MPC HC with manual xysubfilter now.
 

You may also like...