Page 1 of 1

Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 2:58 am
by realflow100
XMBC Version: Doesn't seem to matter what version I use. so any version.
Windows Version: windows 7 64bit Sp1
Mouse Information (brand/model): zelotes T90
Relevant Computer Information (CPU, RAM etc): i7 3770k 32gb ram GTX 1650
Did the problem occur after an upgrade of XMBC? (If so, from what version?): No
Did the problem occur after a Windows update/upgrade? (If so, from what version?): No
How long have you used XMBC?: Year or so. but stopped using it for a while until today. now i have this problem
What language and keyboard layout do you use in Windows?: US english standard

Clear description of the problem - try and include as much information as possible, including what button and mappings you are having problems with (if applicable).:
After a delay (About a minute) avast it terminates the program and locks it in virus chest detecting it as IDP.Generic
I'm using the free version

Sometimes my mouse cursor will skip/freeze for a moment just before avast shows the popup.
"virustotal com gui file 0f77cdaabb3d6a0f5183550b969a251ceef9e7d9b2282d6ba96665462e14f70a detection"

I uploaded it to virus total website and it APPEARS to be safe. but what would cause it to be considered unsafe on my specific computer? False positive? or could there be some other virus on my computer lurking infecting random programs silently that avast can't detect?
So far this is the only time i've seen this IDP.Generic detection is with XMouseButtonControl

Re: Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 9:02 am
by phil
Firstly, there is only a "free" version - there has never ever been a paid version of XMBC and I have never anticipated making a paid version - XMBC is a hobby.

As to the anti-virus problem, I don't really know. Ive never had a problem but I have on some occasions (usually with a new version before it is widely used - lets face it XMBC has only a small following so the chances of this happening are higher than, say with Microsoft Office!) had reports of XMBC being detected as a virus. As you can see from VirusTotal it is not - but sometimes AV packages get themselves in a tizz and flag XMBC (and other things) incorrectly (false positive). I suspect this problem in more common with XMBC because it installs mouse & keyboard hooks (its prime purpose is to hook the mouse to remap the buttons so it has to do that) and unfortunately that is also an avenue for malware to monitor keys/mouse for malicious purposes. Of course, it would be good if you could easily question the AV provider for this sort of thing - but that never seems to be easy does it :(.

I can only suggest that you whitelist XMBC somehow (I don't know how to do this in Avast as I personally don't use it), but of course, only do that with any program if you are confident it is safe. If you have this problem with multiple versions that that's a little strange too - but all versions are going to exhibit the same patterns of hooking the mouse and keyboard - and I suspect its that action that is causing the problems. I would definitely check the digital signiture of XMBC to make sure it hasn't been tampered with. To do that, right click on XMouseButtonControl.exe in explorer and select properties - then look at the digital signatures tab and verify the publisher is me (Phillip Gibbons). Do the same with XMouseButtonHook.dll (Note: the 3rd DLL BugTrapU-x64.dll is not signed as its not my code but a 3rd party library)

Re: Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 10:03 am
by realflow100
I meant i'm using the free version of avast antivirus.

All appears fine after removing from virus chest/locker and adding exception.
no more alerts.

I'm currently using it to disable the back and forward buttons on my mouse because i constantly hit them by accident without meaning to. and it's super frustrating. I end up losing progress on websites. forums. login pages. and just lose what i'm doing and stuff and its so dumb
it works great for disabling the back and forwards buttons.
but i wish there was a start with windows option somewhere. i looked really hard but couldn't find anything. so I just made a shortcut in my startup folder.

Re: Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 1:45 pm
by phil
realflow100 wrote:
Fri May 22, 2020 10:03 am
I meant i'm using the free version of avast antivirus.
Apologies :) I misunderstood that bit clearly.
The installed version (not portable) should start with windows automatically - its added to the registry "RUN" command during installation - but maybe only for the "current" user i.e. the one that installs XMBC.... I've never had a problem with that - but then I always install in my own account where it runs automatically quite happily?!

Re: Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 5:08 pm
by realflow100
I used portable zip folder version. that could be why. oops

Re: Avast detects as IDP.Generic virus?

Posted: Fri May 22, 2020 6:59 pm
by phil
Thats OK but it explains the lack of startup options - dragging to the startup folder will work but be aware that the portable version has a few limitation - as it is unable to run as a proper Windows accessibility tool if its not "installed" under program files!

Re: Avast detects as IDP.Generic virus?

Posted: Mon May 25, 2020 1:35 am
by realflow100
I'm fine with that. just not fine if its infected with some virus.
is there even the tiniest remote possibility the download has been hijacked at all and replaced with an infected version?

Re: Avast detects as IDP.Generic virus?

Posted: Mon May 25, 2020 9:34 am
by phil
I guess there is always that possibility - however, I'm fairly confident this isn't the case if you got the file from my servers....
Here's the SHA-1 hashes which should tell you if anything is different from the built files:

XMouseButtonControlSetup.2.19.2.exe: 782CD048DEAAD6B13DA71FD2F4E3596E145BB188
XMBCUpdateX64.2.19.2.exe: 9B419B8F36A0593241E566DD98311F144C7D943E
XMBCUpdateX86.2.19.2.exe: BE60A19261B845CA89C4411A7D905845C21BDA75
XMouseButtonControl 2.19.2 CE511963F43DD505076A3E5F668E6809F0D13C2E wrote:What is idp.generic trojan?

IDP generic means that the detection was detected by an Identity Protection detection component of your antivirus and it is a generalized file that got detected. Your files will be flagged by this whenever the file does something identical to malware that triggers the flag.
As XMBC installs mouse and keyboard hooks - in order to remap mouse buttons and to handle layer modifier keys, this often triggers this sort of check - because that is what a lot of malicious programs do to capture keystrokes etc. Yeh things can be used for both good and bad. This is not uncommon unfortunately. Its annoying but there is little I can do about it because without hooking those functions, XMBC simply will not be able to do what it is designed to do - remap mouse buttons!