What's The Story With Zugo-Silent.exe, W32.searchbar And Miro?

[rjsiii]

Hello folks,

I recently went to try out the Miro (formerly Democracy Player) multiplatform media manager/player under Windows 7. During the install, Immunet 3.0 quarantined the file zugo-silent.exe after detecting it as W32.Searchbar. The authors of Miro are upfront that they'd like people to install their bing searchbar as they're a non-profit and want the revenue. I said "no" to the prompts, but it seems zugo-silent installs anyway. I did see one thread on the AVG boards to the effect that Miro is using zugo-silent in some capacity as a part of their installer/update system.

 

Was this a heuristic detection based on something installing a browser helper object, or is this company (Zugo) known to be producing malware?

 

The file is still in quarantine, please let me know if you need it.

 

Thanks!

[sweidre]

Was this a heuristic detection based on something installing a browser helper object, or is this company (Zugo) known to be producing malware? The file is still in quarantine, please let me know if you need it. Thanks!

Hi strat,

I suggest, that you send the file compressed into a zip- or 7z- file as an attachment in an email to support@samples.immunet.com .Immunet Analysis Team will then within 2 hours send the result to you (malware or false postive) during US Mountain Time Mon-Fri 9-5. Automatically Immunet will send the report to the Immunet cloud as well.

Cheers,

sweidre