I made a full check of my laptop yesterday. The security program spotted malware Generative Variant Katzy in the zip-file including Klanghelms free DC1A compressor. The file was unzipped and I havent installed it on my music PC yet, even though I moved the zip-file there long ago. I dl'd it from Klanghelms site.
Below I have pasted my experiences of the Generative Variant Katzy from about a year ago.. Really not something you want to get.


I wonder if any of you have made aquaintance of Generative Variant Kazy. What a menace.    


 It's a malware that can (if I have understood correctly what I've read) hide for example inside a pdf-file, and trick you protection software enough to get onto your screen as a virus-warning, for example, and then download a trojan.  


It attacked the PC of a friend. Simultaneously the protection software announced it had spotted the intruder and it is eliminated, but that was about two seconds too late.     


It made the whole Documents and Settings-folder disappear in about ten seconds. The whole user account and everything related disappeared from the screen. Pressing Window-E I could open "My Computer"-view, just to see that all files and folders were reported empty. Then I could sneak in through the kitchen door using Nokias media synchrozing application Ovi, and I could verify, that the data had not been physically destroyed, and seemingly, I could copy data on a memory stick. The stick showed exactly the same amount of content that was transferred, but tryin to open the files I got a "This file is empty"-message.    


 Luckily, I could help her out by salvaging the data using a Linux based Knoppix-disc. The whole drive had to be formatted.     What's especially annoying here is, that the person, as well as I am, was using F-Secures protection software, which is about the best, heaviest and most expensive there is. So, you really can't be sure about any post or files you receive..I'm even more convinced now that having no internet on my music PC is the right decision, even though I take care of my backups. What if the backup HDD is connected when this malware attacks!!?? Heartattack, stroke...younameit!!

It might be a good idea to actually research as to where the source of your particular infection is coming from.
 
I've just downloaded a bunch of files from Klanghelm's site including the one you suspected and they are all clean.  A quick internet search shows that you are currently the only person in the whole wide web citing anything from Klanghelm as being an issue. 
 
It's pretty bad form if you go round flagging up some developers site as being the cause of a virus outbreak without specific evidence to back it up.  The poor guy is trying to sell plugins for a living.
 
I'd say you and your 'friend' are both getting it from a common source but it ain't this one.
 
The best advice I can think of before you install ANY download is to image before, so you can restore afterward. 
 
System restore doesn't cut it and there is no such thing as successfully removing a virus from an infected machine yet some folk spend days and weeks trying.
 
Nothing wrong with having a music PC connected to the internet 24/7 btw, many people do these days, a much worse idea is getting viruses on your music PC like you clearly have.
 

I'm aware of how questionable it is to mention the name of a respectable company in this kind of connection. However, F-Secure reported that the malware was inside a zip-file which has not been unzipped once. 

Is it possible that a malware goes inside a zip-file after I've downloaded it? If so, I'm not only very sorry for the title and content of my post, but also surprised. I've always thought zip-files are sort of locked. Also, it worries me that F-Secure did not spot the malware by the download.
I have no idea if it's possible that it was a false alarm. And note, that you dl'd it recently, I did it long ago. Accidents do happen.

Before installing new, downloaded software, imaging is recommended, for sure. I wasn't installing. I just did a complete check of my laptop. I doubt anyone does a system image every time they download something :o) (??).

I read a lot about the malware in question when solving my friends problem a year ago.
If Katzy lies in, say, a pdf-file that is not opened, it does not spread in the machine. AFAIK, getting rid of it requires just deletion of the file in question.

My "friend" is an eighteen year old girl. There is not one same web adress that we visit, nor have we ever changed any kind of data in any form. We don't live in the same household. It's impossible we got it from the same source.

Kalle Rantaaho

Also, it worries me that F-Secure did not spot the malware by the download.

That's because it happened after it got on your system.


Ahhhh ...

Bub

Kalle Rantaaho

Also, it worries me that F-Secure did not spot the malware by the download.

That's because it happened after it got on your system.


Ahhhh ...

Ehhh...is that a pun or something? What happened after what ???
The protection software automatically scans anything new  that comes in. If I plug in a memory stick, it automatically checks it. Is it possible for a malware to creep into a zip-file? I've thought the malware must be present when the file gets zipped. We're not talking about a virus that attacks actively, AFAIK, but a malware that needs to be launched by opening the file where it hides.  I erased the company name from the original title to avoid unnecessary "discomfort".

Kalle Rantaaho

Bub

Kalle Rantaaho

Also, it worries me that F-Secure did not spot the malware by the download.

That's because it happened after it got on your system.

Ahhhh ...

Ehhh...is that a pun or something? What happened after what ???
The protection software automatically scans anything new  that comes in. If I plug in a memory stick, it automatically checks it. Is it possible for a malware to creep into a zip-file? I've thought the malware must be present when the file gets zipped. We're not talking about a virus that attacks actively, AFAIK, but a malware that needs to be launched by opening the file where it hides.  I erased the company name from the original title to avoid unnecessary "discomfort". 

My apologies. I should have put a smiley. That was "Ahhhh ..." as in an "Ah Ha!" Moment where something suddenly becomes clear and makes sense.


If you download a file, and your protection software scans it as it's downloading, or scans it the second it is done downloading before you get a chance to open it, and it does not find anything wrong, then the infection happened after you downloaded the file and it was checked by your protection software.


Somewhere between the time you downloaded the file and when you checked it with your software is when the infection happened. It didn't come that way from their site.


Yes, it's possible for a zip to be infiltrated without evidence of it ever being opened.


These people doing this crap are scary smart, anything is possible.

It's not only easy for a virus to be inserted into a zip file it is also very common.
 
Windows handles zip files natively so it's as easy for a rogue file or a script to place a file in a standard folder.  In fact it is placing a file in a standard 'folder'.
 
All current virus checkers will scan inside standard compressed files (rar, zip, 7z and various otherwise invisibly compressed files) for this very reason.

Is it possible that a malware goes inside a zip-file after I've downloaded it?

It is. It is also not only possible but common for a virus signature to exist in a clean (non-infected) file. In the trade, that is known as a false positive. Signature based antivirus programs compare a series of bytes present in a known virus to every byte in every piece of code that passes through them. On occasion, the "signature" code is not the damaging code of the virus, but just a recognizable piece of the virus code. It is possible to duplicate enough of that signature, in benign code in the process of writing programs, to cause it to be recognized by the antivirus as belonging to the virus, even though the virus "warhead" is not part of the code. The signature files for each of the antivirus programs can be somewhat different, and so you can have code declared to be a virus by one scanner, but not by another. 


The problem, when your antivirus flags code as matching a virus signature and someone else's antivirus does not, is trying to figure out which is the error. Did your antivirus flag a virus that theirs missed or did yours flag a false positive? The wise thing to do if the file is not critical is to play it safe. There is nothing wrong with warning your friends about such a finding, even if you cannot confirm that it is not false positive. If your antivirus has it right, then you can save them a world of hurt. If your antivirus is wrong, they can take special care to be sure theirs is not just missing it.


Many antivirus programs have a way to send the suspect file to the antivirus maker for analysis. There are also websites that will allow you to compare the findings by a variety of antivirus programs on a search of the file name.


http://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives



http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm

Thank you all for the information!

slartabartfast

The wise thing to do if the file is not critical is to play it safe. There is nothing wrong with warning your friends about such a finding, even if you cannot confirm that it is not false positive. If your antivirus has it right, then you can save them a world of hurt. If your antivirus is wrong, they can take special care to be sure theirs is not just missing it.

Providing you take care not to damage an innocent vendors good reputation for supplying clean files...