Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Beware Addons with Malware!

- - - - -

  • Please log in to reply
11 replies to this topic

#1
lapetite66

lapetite66

    Junior

  • Member
  • Pip
  • 74 posts
  • Joined 06-April 11
  • OS:XP Pro x86
  • Country: Country Flag
Hi:

I don't know if this is the right forum but then again I'm talking about malware so it should be.

Just yesterday I downloaded some addons from ryanvm's site. The addons consisted of the following: Ad-aware95, Teamviewer, Firefox 6.02 & Firefox 7.0b6

I didn't think there were any problems because they got a good rating by Norton (no pop ups telling me that was a hidden virus etc or other concerns). So, of course I thought that everything was okay. Let me clarify I sometimes use a Sandboxed browser when I download and surf when I'm unsure about various websites or downloads. Some might say don't go to those bad websites and you don't have to worry about any viruses etc. right? Wrong. The problem is that some of the websites that you would never think have viruses do. Think back about those times you downloaded something from or visited a favorite and trusted website and the next thing you know and out of the blue your computer is acting up and you discover that you have a virus.

Well, as I said earlier I was very happy to find those addons on ryanvm's website and was looking forward to adding them to my new slipstreamed Windows XP Pro disc compilation. However, after dealing with a recent infection I tend to be cautious and so I decided to test my new addons via a Sandboxed environment. It's a good thing I did otherwise I could have had some problems down the road.

All of the above mentioned were flagged by Ad-aware as being infected with something called Trojan.win32.Generic.pak!cobra. I don't know what that is but I wasn't willing to take chances. Well, needless to say I was totally disgusted, I mean just imagine if I had integrated those addons into my slipstreamed Windows XP Pro disc. I would have been wondering why I kept getting infections although I was being super careful and then maybe reformating and have the same issue happen again and again. Thus, never realizing that the culprit was the slipstreamed OS disc itself.

I am in no way trying to defame ryanvm.com or any of the other persons that contribute to that site. As a matter of fact I think the culprit as far as the infected addons is due to the website were the addons were created which is http://www.isoft-online.com/ which is an SFX online creation site. That website has a very bad reputation from WOT and maybe from Norton too but unfortunately since upgrading to the new Firefox browser my Norton tools don't work within the browser.

I just want people to be VERY cautious and test their downloads in a controlled environment like Sandboxie etc. otherwise you could live to regret it over and over and over again. I for one will continue to test any and all addons that I haven't made myself. As for everyone else please use your own judgement.

P.S. The Firefox addon v716 maker had something called a Trojan dropper so now I'm back at the drawing board.(don't have pics as I was so digusted yet again that I deleted everything).

Just in case someone is interested in using SFXMaker 1.2 I found this
My link


Posted Image
Posted Image

Posted Image
Posted Image


Posted Image
Posted Image
Posted Image

Edited by lapetite66, 24 September 2011 - 12:53 PM.



How to remove advertisement from MSFN

#2
Geej

Geej

    Senior Member

  • Member
  • PipPipPipPip
  • 635 posts
  • Joined 01-January 08
  • OS:XP Pro x86
  • Country: Country Flag
Maybe you can let the author know your thought / finding... here

The author, as far as I know, is using autoit to make the sfx tool. Some antivirus tool may report false positive with autoit.

Regards

#3
Tarun

Tarun

    Spectre

  • Super Moderator
  • 3,189 posts
  • Joined 27-January 04
  • OS:Windows 7 x64
  • Country: Country Flag
I stopped as soon as I saw Norton. Uninstall it, run SymNRT, and install a real antivirus like Microsoft Security Essentials.

Also, did you try VirusTotal and see what it had to say?

#4
lapetite66

lapetite66

    Junior

  • Member
  • Pip
  • 74 posts
  • Joined 06-April 11
  • OS:XP Pro x86
  • Country: Country Flag

I stopped as soon as I saw Norton. Uninstall it, run SymNRT, and install a real antivirus like Microsoft Security Essentials.

Also, did you try VirusTotal and see what it had to say?



Hi Tarun:

Norton is not the anti-virus software that notified me of the problem it was Ad-aware Internet security. See my Posted 24 September 2011 - 02:32 PM.

Today I used Virus Total here are the resultsVirus Total Results

I will guess that Ad-aware was wrong and that this was a false positive. As I said before I wasn't trying to defame anyone I was just going by what results that I got from Ad-aware. I still feel that it's better to be safe than sorry as well as using your own judgement.

Thanks,

Edited by lapetite66, 02 October 2011 - 12:58 PM.


#5
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,657 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

[

Today I used Virus Total here are the results Virus Total Results

I will guess that Ad-aware was wrong and that this was a false positive. As I said before I wasn't trying to defame anyone I was just going by what results that I got from Ad-aware. I still feel that it's better to be safe than sorry as well as using your own judgement.

Thanks,

And WHAT if Vipre :w00t: is actually right? :ph34r:

jaclaz

#6
lapetite66

lapetite66

    Junior

  • Member
  • Pip
  • 74 posts
  • Joined 06-April 11
  • OS:XP Pro x86
  • Country: Country Flag


[

Today I used Virus Total here are the results Virus Total Results

I will guess that Ad-aware was wrong and that this was a false positive. As I said before I wasn't trying to defame anyone I was just going by what results that I got from Ad-aware. I still feel that it's better to be safe than sorry as well as using your own judgement.

Thanks,

And WHAT if Vipre :w00t: is actually right? :ph34r:

jaclaz



Hey jaclaz:

Are you playing Devil's advocate? :)

Well, then it's a good then I did test those files Sandboxed. Honestly, after getting the message from Ad-ware I deleted all of the files tout-de-suite. The file I tested today was something I just downloaded for that specific purpose and have since deleted.

#7
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,657 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

Hey jaclaz:

Are you playing Devil's advocate? :)


Yep :), just kidding. ;)

jaclaz

#8
lapetite66

lapetite66

    Junior

  • Member
  • Pip
  • 74 posts
  • Joined 06-April 11
  • OS:XP Pro x86
  • Country: Country Flag


Hey jaclaz:

Are you playing Devil's advocate? :)


Yep :), just kidding. ;)

jaclaz


Hey jaclaz:

Well, I got the same alert again from Ad-aware with that file I downloaded for testing....so I just stick to making my own CAB files of software I like and want. I've had some success and some failures and those software files that I can't figure out how to make CAB files successfully for, I will just have to install the old fashioned way.

Later, :)

#9
iuli_kyle

iuli_kyle

    SFXMaker Developer

  • Member
  • PipPip
  • 125 posts
  • Joined 24-March 07
Hello there,

I see this topic a little too late, but i have a word to say here too, as i am the developer of SFXMaker and www.isoft-online.com.

First of all, SFXMaker is developed using AutoIt. Some crappy "protection" applications (Ad-Aware is one of them) always see au3 compiled executables as "malicious software". Secondly, the executable and some plugins that SFXMaker use are UPXed, which is also known to cause some false positives, again, for this crappy protection apps. Isn't it weird that top rated protection application (BitDefender, Kaspersky, Nod32, etc) didn't find anything ? Think again.

Also, there were users that reported the sfx module (the old one) that SFXMaker is using for creating the self-extracting executables was the cause of this findings. I'm 110% sure that there's nothing wrong with it and i' not blaming anyone, only these crappy protection apps.

You're showing us screenshots with the *.ini entries of an nLite addon created by SFXMaker, but do you know by any chance what that means and how it works ? Presuming that something is bad is not enough.

You know, i feel like a bastard right now. I'm creating an application and share it with you (for free) to make things easier for the community and then people like you come and blame my work, with no apparent strong arguments and no pre-documentation. But what can we do, things aren't always fair in life.

I wish you a nice day, apologizes are accepted in advance, just in case :)
Posted Image SFXMaker - The most complete switchless installer creator software

If you like SFXMaker, please consider making a donation to show your support and help.

#10
jaclaz

jaclaz

    The Finder

  • Developer
  • 14,657 posts
  • Joined 23-July 04
  • OS:none specified
  • Country: Country Flag

You know, i feel like a bastard right now. I'm creating an application and share it with you (for free) to make things easier for the community and then people like you come and blame my work, with no apparent strong arguments and no pre-documentation. But what can we do, things aren't always fair in life.


Comeon, don't take this too seriously :).
Things like this happen every other day, I don't think there is any malice in the OP "general warning", some peeps tend to trust this kind of apps more than they are worth or - if you prefer are a little over-sensitive to these false alarms/overcautious, just as examples ;):
http://www.911cd.net...ic=23931&st=361
http://www.msfn.org/...-xp-inst-v047z/

I think it is part of the game (being suspected of hiding heaven only knows which malicious code within a freeware app), nothing to become upset for.
Continue the good work... :thumbup

jaclaz

#11
myselfidem

myselfidem

    Member

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,559 posts
  • Joined 06-January 10
  • OS:Windows 7 x64
  • Country: Country Flag
New version SFXMaker_1.3.0_Beta_installer.exe

http://www.msfn.org/...nstaller-maker/

Result Virus Total:

http://www.virustota...e5e3-1323017258

Many thanks to iuli_kyle. :)

Enjoy!
For Windows 7 OS: SetProductKey.rar (fr-FR/en-US. Integrate keys).

#12
iuli_kyle

iuli_kyle

    SFXMaker Developer

  • Member
  • PipPip
  • 125 posts
  • Joined 24-March 07
@jaclaz : No, i'm not upset man, i think i made it look to dramatically :)

@myselfidem : Thank you for your support.
Posted Image SFXMaker - The most complete switchless installer creator software

If you like SFXMaker, please consider making a donation to show your support and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users