WARNING: "Ilivid" tool Win7 -- DO NOT LOAD IT

If you have this on your machine, and it's recent, unload it and then use System Restore to get back to the state before you loaded it RIGHT NOW.

If you loaded it a long time ago and haven't noticed anything bad you're in deep kimchee. Hope you have a system load disk (not a "recovery disk", an original Windows 7 load disk) -- because you need to do a repair install after unloading this piece of trash.

It appears that the damage has been known since at least November of last year, when some Adobe people started running into problems with Lightroom 4 and Premiere failing to load with an obscure error. Tracing it revealed damage to two system DLL files, which are supposed to be impossible to overwrite through normal means (and they are, in fact.) The problem is that there's a way around it, and the installer for this thing appears to use that way around the restrictions.

Removing the software does not restore your machine to its prior state. There are workarounds for the impacted Adobe applications but that does not unscrew your machine in the general sense.

All x64 (64-bit) machines running Windows are potentially impacted but the damage often does not show up until you load a specific x64 app (like Premiere) that malfunctions. In the case I'm dealing with right now the damage itself happened in December -- detection of it was LAST NIGHT. So much has been done since that restoring either a backup or using System Restore from that time would destroy ridiculous amounts of work, so I am attempting a non-destructive fix, and it's taking a hell of a long time (and is not yet completely successful either.) I'm very good at ferreting out what's going on and fixing these things on Windows machines folks, been doing this sort of thing since the first days of Windows, and thus far I'm six hours of effort into this one with only a PARTIAL set of success thus far. It's that bad; were this a machine where the user would not have a cat if I just reloaded it from scratch I would have done that last night. As it stands I'm going to exhaustion first in an attempt to avoid having to screw with the program and data environment that will have to be re-created if I am forced to do a bare-metal reinstall.

One of the symptoms that you've been bit by this is that the Microsoft Camera Codec pack doesn't work. That is, you load it, it appears to load just fine but you can't see any previews of raw files in the explorer nor view them with the windows picture viewer.

If your machine is doing that there's a high probability you've been nailed by this and you're on borrowed time.

The company has a Facebook page, nearly 600,000 "likes" (is obviously promoting itself on Facebook) and the firm's web page's "contact us" link doesn't actually go to a way to contact them. Download.com has pulled its link.

Beware -- this is a nasty one in that it's not, apparently, a formal "virus" per-se but it utterly screws your machine's configuration, there is no easy fix (if any fix at all other than a reload) -- and it's reliably repeatable.

Update: A repair install does NOT completely undo all of the damage. It does get most of it, but not all.

Are you referring to the ilivid download manager?

Anything they produce should be considered suspect until PROVED otherwise.

This particular tactic (overwriting system libraries) is outrageous, never necessary unless intended for nefarious purpose and ridiculously lazy besides. Windows does and always has provided for local search paths for .DLL files so they could have included their "preferred" ones in their product directory (this is explicitly permitted if they're authentic, as Microsoft has a redistributable library available to all, including developers.)

The impact of this move may have been unintentional but there is no way to know what or when this will break other things on your machine. Even if there is no malicious intent (e.g. spyware, etc) involved the impact if your machine gets trashed or worse, you suffer unseen data corruption as a consequence of a library that is buggy, of the wrong version or worse (contaminated with something) is only marginally better.

The contamination doesn't have to come from them either. By doing this they have intentionally bypassed the system's security checks; "sfc /scannow" finds nothing and that means you have to expect that future patches may not apply as well, which means that if Microsoft finds a security problem you may not get the patch on your machine and be subject to whatever intrusion comes later on.

Here's the thread on the Adobe forums where they were discussing this back in November: http://forums.adobe.co​m/thread/1099431?tstar​t=0

Note that stuffing the two DLLs in the application directory fixes that particular program (because the program directory is always first in the search path) but that's not an actual fix because any OTHER program you load later may be hit by the same thing, and side-loading DLLs like this leaves them exposed in a user directory where they are not considered part of the system directories and thus not protected by the enhanced system-level security nor the Windows Update security patches. If you get a bad copy of that or a rogue program that then tampers with those there's nothing to stop your machine from being hijacked.

The two libraries in question are part of the base Microsoft linker runtime (that is used for pretty-much everything compiled to run under Windows); these are not exotic files only used by a few applications.

Since I have not yet (nor has anyone else as far as I know) identified the EXACT things that were changed determining the exact scope of risk is extremely difficult. A "recovery install" is not guaranteed to work; a "system restore" SHOULD, in theory, provided no scraps of it are left anywhere by that which can then get executed and re-do what was undone. If you're wrong on that theory, however, you're cooked.

Normally I would not raise a stink about some piece of random barfware on a computer (I deal with this all the time) but this is from an outfit that has ~600k "likes" on Facebook and if you get bit by this you're either going to be forced to reload or take the risk of hotpatching the Adobe apps, hope nothing else gets screwed up and pray you don't have an unknown security problem, either at that point in time or at some point in the future.

I'm reloading the box from before the load of the software in question -- this one pushes all the wrong sort of buttons for me. Unless you can identify exactly what has been tampered with restoration from a backup prior to the loading of the offender, or a complete system reload is the only way to KNOW it's not still there.

Incidentally, that reload is now done (data is restoring as I key this) and the Camera Codec pack (which was on the box before this code was loaded) magically started working again. As such if you have that loaded (or load it), it's NOT working, and you're on an x64 machine I'd be really, really careful as the odds are very high you're infested.

it's been long known as malware. if you get difficulty to remove it manually, use malwarebytes anti-malware & ATF cleaner. both have free version.

Removing it is easy; that took a few minutes.

The problem is that it trashes system libraries and it's all over people's machines since they've got a huge following on Facebook.

Hopefully I'll save someone else from getting the business end of the horse on this deal.

I'd be livid if I see ilivid on my machine. Never heard of it until you mentioned it.

We use malwarebytes here at work. Its constantly remove stuff from emails and the web. ILivid is known to be garbage. I would think anywhere you went that offered that as a download is s pretty sketchy site.....

is this something that you would have to intentionally download? i.e., how would you go about getting it? I'm fairly certain I've never downloaded anything from them, but how would I know for sure?

Normally you would have to intentionally download it, yes.

It is pushed as an online video enhancement and downloading plug-in tool. It tries to also load a bunch of toolbars but if you don't use Internet Explorer you might not see them (e.g. if you're a Chrome user.) It doesn't matter, however, if you do or don't with them, as once it's on your machine you're screwed.

I don't see any reason why we need download manager (DM) today. DM only made sense in the past when the fastest internet connection was 56.6 Kbps. Who needs DM when there's broadband connection speed approaching 50-100 Mbps today (or 1 Gbps in some place)? I'd go somewhere else if some website asks me to install a custom video player software to be able to watch their online videos.

morph2_7 wrote in post #15641335
... Who needs DM when there's broadband connection speed approaching 50-100 Mbps today ....

people who do not have access to high speeds. Yes, there are still people without 50~100mbps speeds.