Conable #1 Posted September 15, 2009 I'm not sure what you recommend for the whole "Developer Mode" since it wasn't the scan that caught it..it was the Protection client..Anyway Foobar2000 is a media player application -- http://www.foobar2000.org/When I opened an mp3 of mine the Protection put up a warning that said Foo_Unpack.dll which is intended to allow me to listen to music that's compressed in a .zip, .rar, .7z..etc..& called it a Worm(Auto) I believe it was..I ignored it but I don't see it in the ignore list..& I played the same track several times & can't get the warning to reproduce.. Share this post Link to post Share on other sites
nosirrah #2 Posted September 15, 2009 Let me know if you can reproduce this , I fixed one earlier that could have been this so if it does not come back it was likely the same issue . Share this post Link to post Share on other sites
Conable #3 Posted September 16, 2009 Well a little good news the error popped up again when I restarted my computer..this time I got a screen shot it so at least you know it's legitimate ;-)Is there anything I can do to help more..I've ran scans before with 0 results..this has never occurred before since my database update to 2803 - 9.15.2009It's the protection module catching it not the scans..I've played this song before..on this machine..in Foobar..with Malwarebytes running..but I'll do what I can to help :-) Share this post Link to post Share on other sites
nosirrah #4 Posted September 16, 2009 Please zip and attach a copy of the file being detected to your next post . Share this post Link to post Share on other sites
Conable #5 Posted September 16, 2009 Huh well it won't let me post the file without some text in the post..so here's some text ^^foo_unpack.zip Share this post Link to post Share on other sites
Conable #6 Posted September 16, 2009 I don't see an option to edit my post so..if it matter to you..it's a default plugin with Foobar too..not some custom 3P plugin Share this post Link to post Share on other sites
e.s #7 Posted September 16, 2009 Hi, after updating to the newest version I also am getting this foo unpack.dll autorun worm warning.it wasnt the manual scanner that caught it, it was either the IP protection or the protection module.it lists this IP as the outgoing IP 94.75.209.35But as stated previously, foo_unpack.dll is part of the foobar media player software.Maybe it is infected from the very start and its only now that we are able to pick it up, since I cant understand why its auto-running in the background when foo bar isnt even turned on, but there ya go.I have put it in quarantine until I find out if its legit or not, I can send a copy of the file to you if you wish ? Share this post Link to post Share on other sites
nosirrah #8 Posted September 16, 2009 This has already been corrected , make sure you update before rechecking . Share this post Link to post Share on other sites
yapaksa #9 Posted September 20, 2009 This has already been corrected , make sure you update before rechecking .Hi all, usingDatabase version : 2828 Date : 9/19/2009and have the same alert with Foo_Unpack.dll Share this post Link to post Share on other sites
nosirrah #10 Posted September 20, 2009 Zip and attach a copy of that file here please . Share this post Link to post Share on other sites
yapaksa #11 Posted September 20, 2009 Zip and attach a copy of that file here please .Here it isfoo_unpack.zip Share this post Link to post Share on other sites
nosirrah #12 Posted September 20, 2009 I cant replicate this so there must be some sort of heuristic linking hitting here , what is the full path to that file on your system ? Share this post Link to post Share on other sites
yapaksa #13 Posted September 20, 2009 C:\Applications\foobar2000\componentsI had no problem with FOOBAR before.The problem appeared since 2 days. Share this post Link to post Share on other sites
yapaksa #14 Posted September 20, 2009 OK,With the Database version : 2829, all seems OKThank you nosirrah Share this post Link to post Share on other sites