WARNING!! - The Windows Variant Contains MALICIOUS CODE

[morphological]

Right after installing/running the software, I was alerted to have been infected with a "Zwangi Browser Modifier". The purpose of this tool is to manipulate or add certain browser properties such as home pages, search bars etc., with the primary focus being advertisement. MrS0m30n3 is likely being financially compensated for adding this marketing tool on the Windows end. I have carefully tested this behavior in a virtual environment and checked both files with deep scans of various anti-virus software and I can confirm that both have been deliberately infected.

I caution Windows Users not to use this.

[nodiscc]

@morphological I do not use Windows but ran bot the portable and the installer versions of the windows release through http://virustotal.com/. Both checks came back without warnings:

• https://www.virustotal.com/#/url/4d436a1566208b8d46b30cefd3b582065fa3c18400e7d483afba0e49f68e7ab5/detection
  • https://www.virustotal.com/#/url/493748e3ca95ceacb9bb91d42af5ad311e3f11ec2e472c50be0249e11712d148/detection

Are those the same zips you downloaded? What AV software did you use? Do you have the same detection results with other software? For example does the well-established youtube-dl return any results for you?

I am not doubting your good faith and the ability to build windows builds from source is sadly (I think?) missing (at least not documented), but could these be false positives?

[paradigmArchitect]

thanks for posting this, congrats on finding it if your right! -

[SorrySoSorry]

I agree with @nodiscc and both are safe. I just checked and run them both under Win7: Everything is working just well.

@morphological please paste checksums of your files you may have been infected elsewhere... be careful with false assumptions it can hurt...

[ghost]

I look forward to an official developer response.

All I can say is I have been using this fine, on Windows, for a while now, and have not had any issues with home pages changing, toolbars being added, or any other form of marketing at all. Not even in the software itself.

[JJRcop]

Did you install this from the releases page? https://github.com/MrS0m30n3/youtube-dl-gui/releases

Downloadig and installing Youtubedlg from other places might result in tainted or tampered with installers.

[SorrySoSorry]

I checked my archives and found no change in these files since last year at least .

• O:\Downloads122018\youtube-dl-gui-0.4-win-portable.zip File size: 35,98 MB Created: 2018-12-22 16:04:52 Modified: 2018-12-21 04:18:25 CRC32: dce7c75e MD2: 8bc8d4676faab0c9127943ca734df59b MD4: 5ca94406c5cb8820c6bd35544a2aaeb8 MD5: dff45bc3ef837f9bbea51b58d467d5b4 SHA1: dd20175b41f1b1955237cb9feeab53363b213736 SHA256: 5642d1ae53a6dba7a084d997ca76305e40b897e90b1f7a932e08d980ea1a2ba0 SHA512: 6b68b160643a1e499a4946f5ebea594b754b45fe3e4ebd2234c50a0967968d290d7c749659de06e7fdc39870dab50238a2bfc0cc660653e6e74a640283b918d6 RipeMD128: 0d4e33ecdb2694e64b39c8487f6d5659 RipeMD160: 40408d7129454094659e1c1d1518368bb1bd1651 ED2K: 61b774a88925453e42cc42d521972dc8

• O:\Downloads102017\youtube-dl-gui-0.4-win-portable.zip File size: 35,98 MB Created: 2017-10-21 12:44:24 Modified: 2017-10-21 12:45:27 CRC32: dce7c75e MD2: 8bc8d4676faab0c9127943ca734df59b MD4: 5ca94406c5cb8820c6bd35544a2aaeb8 MD5: dff45bc3ef837f9bbea51b58d467d5b4 SHA1: dd20175b41f1b1955237cb9feeab53363b213736 SHA256: 5642d1ae53a6dba7a084d997ca76305e40b897e90b1f7a932e08d980ea1a2ba0 SHA512: 6b68b160643a1e499a4946f5ebea594b754b45fe3e4ebd2234c50a0967968d290d7c749659de06e7fdc39870dab50238a2bfc0cc660653e6e74a640283b918d6 RipeMD128: 0d4e33ecdb2694e64b39c8487f6d5659 RipeMD160: 40408d7129454094659e1c1d1518368bb1bd1651 ED2K: 61b774a88925453e42cc42d521972dc8

• O:\Downloads102017\youtube-dl-gui-0.4-win-setup.zip File size: 27,01 MB Created: 2017-10-21 14:03:58 Modified: 2017-10-21 14:04:37 CRC32: 660afac2 MD2: 9c380ed0caa2da58ba39659b5b5ab5e8 MD4: 07afd364cb72fbbd99eeaf13ceb4ba33 MD5: 54db3e986e32fe2ec7c5e1a3a80314ef SHA1: dbeb9959a2c03cf068ec2d42dcdb16cb08edcdff SHA256: 230690b25bd1c5bf7e396f905fa51c6760af93ad24a50ce2fb0eee5ffa9d7068 SHA512: 7860045d3387f74c310950cda3ad4cfed0cbf0b0e58100884cbc867baaaa3cc98cb390abe0041b1a3873a9cd0ba98b576d096d2169f4a4abeff1a04cc55f1c5c RipeMD128: 4416b26b59ba21e430c2d2d24001d633 RipeMD160: 40530b300dc94ecc6b40aacd356a0fca23908466 ED2K: 443a750e86e9d21a8f186242269abb73
• O:\Downloads122018\youtube-dl-gui-0.4-win-setup.zip File size: 27,01 MB Created: 2018-12-22 16:05:00 Modified: 2018-12-21 01:53:25 CRC32: 660afac2 MD2: 9c380ed0caa2da58ba39659b5b5ab5e8 MD4: 07afd364cb72fbbd99eeaf13ceb4ba33 MD5: 54db3e986e32fe2ec7c5e1a3a80314ef SHA1: dbeb9959a2c03cf068ec2d42dcdb16cb08edcdff SHA256: 230690b25bd1c5bf7e396f905fa51c6760af93ad24a50ce2fb0eee5ffa9d7068 SHA512: 7860045d3387f74c310950cda3ad4cfed0cbf0b0e58100884cbc867baaaa3cc98cb390abe0041b1a3873a9cd0ba98b576d096d2169f4a4abeff1a04cc55f1c5c RipeMD128: 4416b26b59ba21e430c2d2d24001d633 RipeMD160: 40530b300dc94ecc6b40aacd356a0fca23908466 ED2K: 443a750e86e9d21a8f186242269abb73

[bernd-wechner]

For what it's worth, I just gave clipgrab a spin on Vimeo and was impressed:

https://clipgrab.org/

I've used NomNom in past too:

http://nomnom.sourceforge.net/

so there seems to be some pretty stiff general competition in this space if you're worried about any one app containing malware. But then to be honest, jump over Linux and your malware risks drop by an order of magnitude at least.

[nodiscc]

No reply from @morphological , closing.