cancel
Showing results for 
Search instead for 
Did you mean: 

Malware Variant.Adware.Mplug.39 detected in ovr_sdk_win zip

AtariHistorian
Honored Guest
Spybot Search & Destroy flags the zips for ovr_sdk_win_0.5.0.1 and 0.6.0.0 as "Variant.Adware.Mplug.39".

I see that another user has already reported this in the development forum.

16 REPLIES 16

cybereality
Grand Champion
I ran it through 2 AVs and it came up fine. Maybe a false positive?
AMD Ryzen 7 1800X | MSI X370 Titanium | G.Skill 16GB DDR4 3200 | EVGA SuperNOVA 1000 | Corsair Hydro H110i Gigabyte RX Vega 64 x2 | Samsung 960 Evo M.2 500GB | Seagate FireCuda SSHD 2TB | Phanteks ENTHOO EVOLV

cybereality
Grand Champion
I also downloaded Spybot and scanned both SDKs, it came up as clean.
AMD Ryzen 7 1800X | MSI X370 Titanium | G.Skill 16GB DDR4 3200 | EVGA SuperNOVA 1000 | Corsair Hydro H110i Gigabyte RX Vega 64 x2 | Samsung 960 Evo M.2 500GB | Seagate FireCuda SSHD 2TB | Phanteks ENTHOO EVOLV

AtariHistorian
Honored Guest
The difference might be that I have the paid version. While I run the file scan, it says, "To improve scan results, all paid versions include an enhanced scan for viruses as well." I have verified that my signatures were updated as of this morning.

Spybot - Search & Destroy
File Scanner 2.4.40.135
Log created at 6/3/2015 9:17:10 AM
Results Copyright (c) 2009-2015 Safer-Networking Ltd.

C:\oculus\official\ovr_sdk_win_0.5.0.1.zip
Gen:Variant.Adware.Mplug.39 (SpybotAV)

I unzipped ovr_sdk_win_0.5.0.1.zip and did a scan of the OculusSDK directory. It also flagged OculusWorldDemo. [attached as an image].

scan.png
I ran a checksum of the zip in case you want to compare...

pi@raspberrypi /incoming/analyze $ cksum ovr_sdk_win_0.5.0.1.zip
1454978685 98423453 ovr_sdk_win_0.5.0.1.zip
pi@raspberrypi /incoming/analyze $ cksum OculusWorldDemo.exe
2715685914 628872 OculusWorldDemo.exe
pi@raspberrypi /incoming/analyze $

I redownloaded the 0.6.0.0 sdk from your website and scanned it as well. The zip and the OculusWorldDemo were both flagged with the malware.

scan2.png
scan2.log
Here is the checksum of the 0.6.0.0 OculusWorldDemo...

pi@raspberrypi /incoming/analyze $ cksum OculusWorldDemo.exe
1711740463 647816 OculusWorldDemo.exe
pi@raspberrypi /incoming/analyze $

Hope this helps. You may not be seeing it in the free version of Spybot because you're missing the AV element that is added on when it is registered.

If you want me to provide additional information or run a particular experiment, that's fine as long as I'm not publicly providing personal information.

lmaceleighton
Honored Guest
I am guessing Heuristic scan is part of the "Advanced" features as they are with other Anti-Virus Software. Heuristic scans CAN give false positives, and is likely what is happening. I just tore the last 3 versions of the SDK apart( :twisted: ) and it IS %100 clean.

~B :ugeek:

AtariHistorian
Honored Guest
"lmaceleighton" wrote:
I am guessing Heuristic scan is part of the "Advanced" features as they are with other Anti-Virus Software.

That's at least a possibility.

Rather than engaging the community, I'm content to leave it with Oculus to speculate (or to actually find out), and determine what they want to do (if anything).

cybereality
Grand Champion
I bought the paid version, those files still come up as clean. Not sure what's happening here.
AMD Ryzen 7 1800X | MSI X370 Titanium | G.Skill 16GB DDR4 3200 | EVGA SuperNOVA 1000 | Corsair Hydro H110i Gigabyte RX Vega 64 x2 | Samsung 960 Evo M.2 500GB | Seagate FireCuda SSHD 2TB | Phanteks ENTHOO EVOLV

AtariHistorian
Honored Guest
"cybereality" wrote:
I bought the paid version, those files still come up as clean. Not sure what's happening here.

Let me know if you want to explore any ideas.

I've used their support page to inform them about the detection and to ask what Variant.Adware.Mplug.39 actually is, since I'm not able to find it described anywhere. No guarantee that they'll respond.

cybereality
Grand Champion
So I assume you did download the zip from Oculus directly, correct?

Can you give me a CRC32 or MD5 hash of the zip file? Also maybe just upload the zip here so I can compare.
AMD Ryzen 7 1800X | MSI X370 Titanium | G.Skill 16GB DDR4 3200 | EVGA SuperNOVA 1000 | Corsair Hydro H110i Gigabyte RX Vega 64 x2 | Samsung 960 Evo M.2 500GB | Seagate FireCuda SSHD 2TB | Phanteks ENTHOO EVOLV

AtariHistorian
Honored Guest
"cybereality" wrote:
So I assume you did download the zip from Oculus directly, correct?

Correct. Freshly retrieved as I was writing my reply this morning.

"cybereality" wrote:
Can you give me a CRC32 or MD5 hash of the zip file? Also maybe just upload the zip here so I can compare.


pi@raspberrypi /incoming/analyze/up $ md5sum *
372fabcfb27a770d516e10f6b6841371 OculusWorldDemo.exe <------- 0.6.0.0 version
d3fc4c02db9be5ff08af4ef4c97b32f9 ovr_sdk_win_0.5.0.1.zip
a3dfdab037a854fdcf7e6033fa8d7028 ovr_sdk_win_0.6.0.0.zip
pi@raspberrypi /incoming/analyze/up $


Your forum won't allow me to upload EXEs (or ZIPs with EXEs), so I'll dropbox you.

https://www.dropbox.com/s/sy2tdomkj4t0k ... ldDemo.exe <------- 0.6.0.0 version
https://www.dropbox.com/s/dd3ydqiaziqn8 ... .5.0.1.zip
https://www.dropbox.com/s/j71wbhavgbb4p ... .6.0.0.zip
Still need help?

Did this answer your question? If it didn’t, use our search to find other topics or create your own and other members of the community will help out.

If you need an agent to help with your Meta device, please contact our store support team here.

Having trouble with a Facebook or Instagram account? The best place to go for help with those accounts is the Facebook Help Center or the Instagram Help Center. This community can't help with those accounts.

Check out some popular posts here:

Getting Help from the Meta Quest Community

Tips and Tricks: Charging your Meta Quest Headset

Tips and Tricks: Help with Pairing your Meta Quest

Trouble With Facebook/Instagram Accounts?