Trojan in MEPSyscheck.EXE ?

terrypin wrote on 6/22/2013, 2:54 AM

My virus protection prgram Avira Antivirus reported this message today:

https://dl.dropboxusercontent.com/u/4019461/MEPSysCheck-Trojan.jpg

 

I've used the ticketed Support Request procedure for years and never seen that before. The process uses MEPSyscheck.EXE to automatically gather details of the user's PC. It could be a false positive, but why now, after several executions of that tool over the last month? So I'm reporting it here as a precaution.

And immediately after allowing Avira to quarantine that file I used the Request Support procedure to report this to Magix too.  Also to reassure myself that the quarantining had not affected the process.  But although the gathering of system details appeared to work as usual, the final submission just hung. Coincidence or related? Anyone able to check the process still works? If so please copy/paste this post as the message.

An obvious step I could take would be to remove the file from quarantine and try the support request again, but I'm reluctant to do that until I get some feedback from Magix or other users.

--
Terry, East Grinstead, UK

Last changed by terrypin on 6/22/2013, 3:05 AM, changed a total of 2 times.

Terry, East Grinstead, UK. PC: i7 6700K, 4.0 GHz, 32GB with Win 10 pro. Used many earlier versions of MEPP, currently mainly MEPP 2016 & 2017 (Using scores of macro scripts to add functionality, tailored to these versions.)

Comments

johnebaker wrote on 6/22/2013, 4:21 AM

Hi Terry

. . . .It could be a false positive, but why now, after several executions of that tool over the last month . . . .

Which MEP product does the MEPSyscheck come from?  I do not have it on my computer.

Why now - I would suspect your anti-virus has been updated in the last few days and their are new heuristic algorithms giving a false positive.

John

Last changed by johnebaker on 6/22/2013, 4:21 AM, changed a total of 1 times.

VPX 16, Movie Studio 2025, and earlier versions 2015 and 2016, Music Maker Premium 2024.

PC - running Windows 11 23H2 Professional on Intel i7-8700K 3.2 GHz, 16GB RAM, RTX 2060 6GB 192-bit GDDR6, 1 x 1Tb Sabrent NVME SSD (OS and programs), 2 x 4TB (Data) internal HDD + 1TB internal SSD (Work disc), + 6 ext backup HDDs.

Laptop - Lenovo Legion 5i Phantom - running Windows 11 23H2 on Intel Core i7-10750H, 16GB DDR4-SDRAM, 512GB SSD, 43.9 cm screen Full HD 1920 x 1080, Intel UHD 630 iGPU and NVIDIA GeForce RTX 2060 (6GB GDDR6)

Sony FDR-AX53e Video camera, DJI Osmo Action 3 and Sony HDR-AS30V Sports cams.

terrypin wrote on 6/22/2013, 5:50 AM

Hi John,

Thanks for coming back promptly.

Delving more deeply into this I see that MEPSyscheck.exe is not the genuine utility I've been using for years. That is called magix_systeminformation.exe. It's so long ago that I can't remember how/where I got it. I think it may have been from Ralf. Currently I run it whenever I want to start a Suport Request. It first shows this:

On clicking Transfer I get this:

 

On clicking 'Logout' (which is obviously a bug!) I get this:

 

And on clicking OK, normally I then get into the familiar Support Request page. But this morning most times I've tried it, I got this obscure message:

Sometimes I was then able to click Login (despite in theory already being logged in) but at some subsequent stage that message would appear again. If I got as far as completing all the steps except the last, clicking to confirm the request then just left me with a blank page.

I suspect it's a problem at Magix. And quite unrelated to the trojan puzzle - although it prevents me from reporting that!

--
Terry, East Grinstead, UK

 

 

 

 

Last changed by terrypin on 6/22/2013, 5:52 AM, changed a total of 2 times.

Terry, East Grinstead, UK. PC: i7 6700K, 4.0 GHz, 32GB with Win 10 pro. Used many earlier versions of MEPP, currently mainly MEPP 2016 & 2017 (Using scores of macro scripts to add functionality, tailored to these versions.)

johnebaker wrote on 6/22/2013, 7:57 AM

Hi Terry

I can find no magix_systeminformation.exe on my system - have support ever asked you run system check software?

The error you get below - I am also getting this trying to access to some of the support site pages.

John

Last changed by johnebaker on 6/22/2013, 7:57 AM, changed a total of 1 times.

VPX 16, Movie Studio 2025, and earlier versions 2015 and 2016, Music Maker Premium 2024.

PC - running Windows 11 23H2 Professional on Intel i7-8700K 3.2 GHz, 16GB RAM, RTX 2060 6GB 192-bit GDDR6, 1 x 1Tb Sabrent NVME SSD (OS and programs), 2 x 4TB (Data) internal HDD + 1TB internal SSD (Work disc), + 6 ext backup HDDs.

Laptop - Lenovo Legion 5i Phantom - running Windows 11 23H2 on Intel Core i7-10750H, 16GB DDR4-SDRAM, 512GB SSD, 43.9 cm screen Full HD 1920 x 1080, Intel UHD 630 iGPU and NVIDIA GeForce RTX 2060 (6GB GDDR6)

Sony FDR-AX53e Video camera, DJI Osmo Action 3 and Sony HDR-AS30V Sports cams.

terrypin wrote on 6/22/2013, 8:14 AM

Thanks John.

"have support ever asked you run system check software?"

Yes, although I recall that was with a program that produced a very long report. Don't think it's related to this one.

When you submit a Support Request/ Bug Report, do you enter all your PC specs, MEP version, etc manually each time?

--
Terry, East Grinstead, UK

 

 

 

Last changed by terrypin on 6/22/2013, 8:14 AM, changed a total of 1 times.

Terry, East Grinstead, UK. PC: i7 6700K, 4.0 GHz, 32GB with Win 10 pro. Used many earlier versions of MEPP, currently mainly MEPP 2016 & 2017 (Using scores of macro scripts to add functionality, tailored to these versions.)

johnebaker wrote on 6/22/2013, 2:28 PM

Hi Terry

I keep a lot of information like this in a text file, similarly for a lot of the links and resources I quote in posts and then copy/paste as needed.

I also use the Firefox auto form fill.

John

Last changed by johnebaker on 6/22/2013, 2:28 PM, changed a total of 1 times.

VPX 16, Movie Studio 2025, and earlier versions 2015 and 2016, Music Maker Premium 2024.

PC - running Windows 11 23H2 Professional on Intel i7-8700K 3.2 GHz, 16GB RAM, RTX 2060 6GB 192-bit GDDR6, 1 x 1Tb Sabrent NVME SSD (OS and programs), 2 x 4TB (Data) internal HDD + 1TB internal SSD (Work disc), + 6 ext backup HDDs.

Laptop - Lenovo Legion 5i Phantom - running Windows 11 23H2 on Intel Core i7-10750H, 16GB DDR4-SDRAM, 512GB SSD, 43.9 cm screen Full HD 1920 x 1080, Intel UHD 630 iGPU and NVIDIA GeForce RTX 2060 (6GB GDDR6)

Sony FDR-AX53e Video camera, DJI Osmo Action 3 and Sony HDR-AS30V Sports cams.

Scenestealer wrote on 6/23/2013, 5:57 AM

Hi Terry

AFAIK that information tool is there to automatically fill in your system specs each time you start a support ticket. The Syscheck is a file support then sends for you to run and it does produce a big report containing info on all your system settings and status plus installed codecs, etc.

Peter

Last changed by Scenestealer on 6/23/2013, 5:57 AM, changed a total of 1 times.

System Specs: Intel 6th Gen i7 6700K 4Ghz O.C.4.6GHz, Asus Z170 Pro Gaming MoBo, 16GB DDR4 2133Mhz RAM, Samsung 850 EVO 512GB SSD system disc WD Black 4TB HDD Video Storage, Nvidia GTX1060 OC 6GB, Win10 Pro 2004, MEP2016, 2022 (V21.0.1.92) Premium and prior, VPX7, VPX12 (V18.0.1.85). Microsoft Surface Pro3 i5 4300U 1.9GHz Max 2.6Ghz, HDGraphics 4400, 4GB Ram 128GB SSD + 64GB Strontium Micro SD card, Win 10Pro 2004, MEP2015 Premium.

terrypin wrote on 6/23/2013, 6:51 AM

 

Hi Terry

AFAIK that information tool is there to automatically fill in your system specs each time you start a support ticket.

Agreed, magix_systeminformation.exe, that's how I've used it for years.

The Syscheck is a file support then sends for you to run and it does produce a big report containing info on all your system settings and status plus installed codecs, etc.

Yes, that's the one, MEPSyscheck.exe, that my AV program has started telling me contains a trojan. I'm not using it until I get some reassurance from Magix or elsewhere.

--
Terry, East Grinstead, UK

 

 

Last changed by terrypin on 6/23/2013, 6:52 AM, changed a total of 2 times.

Terry, East Grinstead, UK. PC: i7 6700K, 4.0 GHz, 32GB with Win 10 pro. Used many earlier versions of MEPP, currently mainly MEPP 2016 & 2017 (Using scores of macro scripts to add functionality, tailored to these versions.)