• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions. Click here to have your audio equipment measured for free!

APO Equalizer Interface - Virus Detected ?!

A

alphachannel

Member
Joined
Oct 5, 2021
Messages
14
Likes
3
Just downloaded the latest version of Peace Equalizer on Sourcefourge, an interface for the renowned APO EQ.
sourceforge.net

Peace Equalizer, interface Equalizer APO

Download Peace Equalizer, interface Equalizer APO for free. System-wide PC Audio Equalizer and Effects app for Windows 7 to 11. Peace equalizer is a Windows PC interface for Equalizer APO http://sourceforge.net/projects/equalizerapo. Besides an system-wide audio equalizer on your Windows PC...
sourceforge.net sourceforge.net

After a check on Virus Total, I was presented with a Trojan warning. This honestly doesn't look like a false positive to me.
Virus Total Link: https://www.virustotal.com/gui/file...5f05f70529ccdd221400a29a58443f0ab74/detection

Untitled.png
 
B

BinkieHuckerback

Addicted to Fun and Learning
Joined
Feb 16, 2021
Messages
718
Likes
1,058
From the 'Help section in Peace (which I'm using at the moment)

'To check if Peace has a virus I'm using the website of Virus Total and you can too. I'm uploading every new version to get a result of more than 50 antivirus software vendors which have scanned Peace.exe and PeaceSetup.exe, the setup tool. The results are on the Peace forum in a dedicated post on false positives. Regularly some vendors like Symantec or McAfee think that Peace has a virus. I guess, their policy is better safe than sorry. Therefore I'll try to get Peace.exe on their whitelists. Mind you, if you're paying for antivirus software, you're not always safe. It says nothing of their capabilities. I'm using free antivirus software (Avira, Malware Bytes Antimalware and Superantispyware) which are as good as the paid ones. And together they're much better.

So, in short, Peace doesn't contain a virus, but your virus scanner might say it does. Different Peace versions give different false positives at different vendors. If you aren't sure of my software, I only can advise to not use it.' My italics.
 
OP
A

alphachannel

Member
Joined
Oct 5, 2021
Messages
14
Likes
3
Hi, thanks for the reply.

Well, it's obviously not my virus scanner, but Virus Total that says two separate vendors have flagged this executable to contain some sort of Trojan.
If you google "Peace EQ Virus" you'll find countless results of people complaining, dating back as far as 2017.

You'd think the maintainer of Peace EQ would have figured out by now what causes this "false positive" and fixed it?
Neither the code has been made available publicly nor have there been any attempts to explain in detail what specifically is responsible for so many different AV products consistently flagging this thing.

I'm definitely staying away from it, just wanted to know if anyone here had some experience with it.
 
Last edited:
B

BinkieHuckerback

Addicted to Fun and Learning
Joined
Feb 16, 2021
Messages
718
Likes
1,058
There was an update on the 24th September. I had downloaded it before that, but re installed it after that because it stopped working. I have Norton on my PC. It works fine. I think you're wise to stay away if you're concerned though.
 
OP
A

alphachannel

Member
Joined
Oct 5, 2021
Messages
14
Likes
3
Berwhale said:
Only 2 out of 66 security vendors think there is an issue with the file and only one of those (SecureAge APEX) is listed. I looks very much like a false positive to me.
Click to expand...
The majority of these AV software vendors have their own proprietary virus databases, so you can't measure the likelihood of a false positive by how many of them flag a file, but rather what they flag it for.

I did some more digging.
If you check the Virus Total behavior tab, you'll see that this version, much like the two before that, engage C:\WINDOWS\system32\ws2_32.dll , which is widely associated with virus attacks, and as far as I can see, something previous iterations of Peace EQ executables did not touch.
 
A

audiofilet

Member
Joined
Sep 9, 2021
Messages
79
Likes
38
A while back I was looking for a parametric EQ and avoided APO precisely because of what the OP describes.

My advice, don't use closed software from Sourceforge or any similar platforms, that you cannot reliably verify on your own.

The risk is not worth the reward.
 
Berwhale

Berwhale

Major Contributor
Forum Donor
Joined
Aug 29, 2019
Messages
3,947
Likes
4,951
Location
UK
ws2_32.dll is the part of the Windows Sockets interface (WSOCK32), lots of applications use it quite legitimately. How did you acertain that previous iterations of PEACE did not touch it? What prompted you to check PEACE.exe on VirusTotal in the first place?
 
A

audiofilet

Member
Joined
Sep 9, 2021
Messages
79
Likes
38
A

audiofilet

Member
Joined
Sep 9, 2021
Messages
79
Likes
38
Berwhale said:
Uhuh.
Click to expand...
Just in case bubba, you can't extract the original code in its entirety from a .bin or .exe file, hence is why it's called closed source.
Only the maintainers know exactly what's in it.

Unless they release the build files you can and will never know what you're actually installing.

So either use open source exclusively or choose vendors you can trust.
 
B

bennetng

Major Contributor
Joined
Nov 15, 2017
Messages
1,634
Likes
1,693
For those who believe it is a false positive, you can notify the antivirus vendors.
www.secureage.com

Report false positive

Report false positive if a detection made by our engine is not actually a virus. Our security experts can analyze the file and report it as false positives to the detecting engines.
www.secureage.com www.secureage.com
www.vipre.com

Services and Support

VIPRE offers 24/7 global support for home/business, with high customer satisfaction (96%) and Net Promoter Score (94).
www.vipre.com www.vipre.com

While I don't use Peace and I don't consider myself a "developer", I do sometimes write and distribute some small programs. For example:
www.audiosciencereview.com

USB dac that shows bit depth on display?

Make yourself a bar graph dB display with peak hold Or play the file in Audition and set the dB display for peak hold A bit depth display will not tell you what the song actually is Peak dynamic range will tell you exactly what the maximum number of bit were used for the song Saving a song...
www.audiosciencereview.com www.audiosciencereview.com

Good requantizers? - Page 2

Good requantizers? - Page 2
hydrogenaud.io hydrogenaud.io
If you upload the files to VirusTotal, you can also see some positive results. However, all of my programs are written in .NET framework and therefore one can easily extract the source codes within the .exe files with tools like ILSpy.

Perhaps, my programs are either useless to most people, or those who use them are mature and sensible enough to not accuse me of spreading virus. However, you can also find some extremely unpleasant comments like these:

foo_midi - Page 9

foo_midi - Page 9
hydrogenaud.io hydrogenaud.io
And read a few pages of silly drama... poor admins and devs being accused by clueless users.

...and I mean, just simply google this:

You can also see hydrogenaud.io puts a notice regarding virus on every page of the forum.

But anyway...
BinkieHuckerback said:
If you aren't sure of my software, I only can advise to not use it.
Click to expand...
 
You must log in or register to reply here.

Similar threads

T
Are your ears in phase? How to check and fix a phase mismatch (improving stereo image)
Replies
17
Views
6K
bennybbbx
B
IAtaman
Using OrangePi Zero2 as an equalizer between USB source and USB DAC
Replies
4
Views
422
IAtaman
IAtaman
F
My Take On a Music Playback Interface
Replies
4
Views
884
Haskil
Haskil
sweetchaos
Stop YouTube ads once and for all
3 4 5
Replies
92
Views
12K
dzerig
D
sweetchaos
Automated Light/Dark Mode
Replies
2
Views
2K
sweetchaos
sweetchaos
Top Bottom