Bad Mirror
Bad Mirror
I downloaded FBIDE form SourceForge and FB 0.24 from the Denmark mirror.
One of the two or both had a virus in it.
Microsoft Security essentials warned on the two downloads, that they wern't often downloaded and could harm my computer.
And that they didn't have a valid software signature.
I ran them anyways and had to reinstall Windows and go thru the gigabyte plus of updates.
I found this program to be helpfull if you get a nasty virus, that AV software can't find. http://www.macrium.com/reflectfree.aspx
It works with "Windows Automated Installation Kitt" (WAIK) to restore all your partitions to whenever they were saved.
Of all the partition copiers and backup programs i tried this one is best.
It downloads and installs the WAIK which is about a 1.7 GB download.
But then it only takes 30-60 minutes to restore your drive.
Maybe the FB coders need to perodically check the MD5 sums on the mirror hosts. This is the third time i got a bad FBIDE.
One of the two or both had a virus in it.
Microsoft Security essentials warned on the two downloads, that they wern't often downloaded and could harm my computer.
And that they didn't have a valid software signature.
I ran them anyways and had to reinstall Windows and go thru the gigabyte plus of updates.
I found this program to be helpfull if you get a nasty virus, that AV software can't find. http://www.macrium.com/reflectfree.aspx
It works with "Windows Automated Installation Kitt" (WAIK) to restore all your partitions to whenever they were saved.
Of all the partition copiers and backup programs i tried this one is best.
It downloads and installs the WAIK which is about a 1.7 GB download.
But then it only takes 30-60 minutes to restore your drive.
Maybe the FB coders need to perodically check the MD5 sums on the mirror hosts. This is the third time i got a bad FBIDE.
Re: Bad Mirror
???albert wrote:I downloaded ... FB 0.24 from the Denmark mirror.
Can you post a link, please?
Re: Bad Mirror
That means essentially nothing, just that it doesn't come from a really big vendor.albert wrote:I downloaded FBIDE form SourceForge and FB 0.24 from the Denmark mirror.
One of the two or both had a virus in it.
Microsoft Security essentials warned on the two downloads, that they wern't often downloaded and could harm my computer.
And that they didn't have a valid software signature.
So what virus was found?I ran them anyways and had to reinstall Windows and go thru the gigabyte plus of updates.
.
Re: Bad Mirror
I followed this link from Dodicats topic "StichUp" post; located here http://www.freebasic.net/forum/viewtopi ... =3&t=20083
http://www.freebasic-portal.de/download ... uilds.html
It came from either the FB 0.24 or the FBIDE 4.6r4 , I installed them both at the same time.
The sourceforge mirror for FBIDE changes depending on wether you click "direct link" or wait for the auto-download to start.
My AV's couldn't find the virus , but MS Security Essentials warned me it might harm my computer, but didn't list a virus.
The virus does things with the mouse,
Like when you click the start button, it jumps the mouse to some other point on the screen.
The mouse speeds up and slows down and becomes hard to control.
You position the mouse over something an click it and it jumps to some other point on the screen.
At first i thought my touchpad had become to sensitive and adjusted it, so it required a harder press to activate.
After I had adjusted it all the way to max pressure, I figured it must be a virus.
So I had to reinstall Windows from disk and go thru, all the last years worth of MS updates. and get everything reconfigured.
http://www.freebasic-portal.de/download ... uilds.html
It came from either the FB 0.24 or the FBIDE 4.6r4 , I installed them both at the same time.
The sourceforge mirror for FBIDE changes depending on wether you click "direct link" or wait for the auto-download to start.
My AV's couldn't find the virus , but MS Security Essentials warned me it might harm my computer, but didn't list a virus.
The virus does things with the mouse,
Like when you click the start button, it jumps the mouse to some other point on the screen.
The mouse speeds up and slows down and becomes hard to control.
You position the mouse over something an click it and it jumps to some other point on the screen.
At first i thought my touchpad had become to sensitive and adjusted it, so it required a harder press to activate.
After I had adjusted it all the way to max pressure, I figured it must be a virus.
So I had to reinstall Windows from disk and go thru, all the last years worth of MS updates. and get everything reconfigured.
Re: Bad Mirror
This is a german side and I'm pretty sure, there's no virus in our packages, but we'll have a look.
Re: Bad Mirror
FreeBASIC-Portal.de does not provide any services (web hosting / mirroring, ...) to SourceForge. If you reached the site via the SourceForge mirror selection, it was definitely not FreeBASIC-Portal.de. Moreover, FreeBASIC-Portal.de is a German web site. Denmark is a different country (top level domain .dk) with a different language. ;-)from the Denmark mirror.
Are you sure there is a problem with FBIDE? Maybe VonGodric and Mysoft can investigate the issue?
Re: Bad Mirror
FBIDE contains a patch file by Mysoft which is some kind of a hack. Here's the scan for it:
virustotal for FbIdeFix.dll
Our daily build got also some hits:
virustotal for FreeBASIC-win32-git-20120723.zip
Further testing brings up this:
virustotal for GoRC.exe
These are all false positives.
virustotal for FbIdeFix.dll
Our daily build got also some hits:
virustotal for FreeBASIC-win32-git-20120723.zip
Further testing brings up this:
virustotal for GoRC.exe
These are all false positives.
Re: Bad Mirror
@Marcov
You asked "So what virus was found?"
Microsoft Security Essentials couldn't find a virus in either download.
Comodo AV couldn't find a virus in either download.
AVG AV couldn't find a virus in either download.
But its known, that when your mouse or other hardware, starts doing funny things,
you've either got an intermitent hardware problem, or a virus of some sort. (After reinstalling windows the problem went away.)
The AV companies only have signatures of found and examined viruses,
If its a totaly NEW virus, it won't get picked up by any AV, until someone isolates it and reports its code signature.
Then the AV companies can add that signature into their databases.
If no one else reported the problem, its possible that i picked it up just surfing the internet, but AVG scans every page and links before it allows it to display.
You asked "So what virus was found?"
Microsoft Security Essentials couldn't find a virus in either download.
Comodo AV couldn't find a virus in either download.
AVG AV couldn't find a virus in either download.
But its known, that when your mouse or other hardware, starts doing funny things,
you've either got an intermitent hardware problem, or a virus of some sort. (After reinstalling windows the problem went away.)
The AV companies only have signatures of found and examined viruses,
If its a totaly NEW virus, it won't get picked up by any AV, until someone isolates it and reports its code signature.
Then the AV companies can add that signature into their databases.
If no one else reported the problem, its possible that i picked it up just surfing the internet, but AVG scans every page and links before it allows it to display.
Re: Bad Mirror
whyever did you bother formatting? google: how to remove any virus/trojan
whoever bothers to hack sourceforge, and replace software on it with trojans that moves peoples mouse (which btw is completely pointless, since even my grandmother will know somethings up) should get get free of charge stay in looney bin
in closing, wether or not you had a "virus" (which are almost extinct now) or a trojan, it definitely didnt come from the sourceforge file
im disappointed you didnt investigate further and provide any details.. pasting a heuristic match is completely pointless (god i hate AVs...)
instead you formatted and posted a complaint on the forums after the evidence is completely gone (if there was any)
*sigh*
whoever bothers to hack sourceforge, and replace software on it with trojans that moves peoples mouse (which btw is completely pointless, since even my grandmother will know somethings up) should get get free of charge stay in looney bin
in closing, wether or not you had a "virus" (which are almost extinct now) or a trojan, it definitely didnt come from the sourceforge file
im disappointed you didnt investigate further and provide any details.. pasting a heuristic match is completely pointless (god i hate AVs...)
instead you formatted and posted a complaint on the forums after the evidence is completely gone (if there was any)
*sigh*
Re: Bad Mirror
I don't know , Microsoft Security Essentials,
Scans every file I download, and reports if its safe or not.
In all my downloads only sourceforge FB and FBIDE ever posted anykind of warning.
Lately I'm getting message boxes that FBIDETEMP.EXE is trying to connect to the internet to address 92.242.144.10
When i did a whois on the number, i got the following.
Search
IP Information for 92.242.144.10
IP Location:
United Kingdom Belfast Barefruit Ltd.
ASN:
AS45028
IP Address:
92.242.144.10
Reverse IP:
1 website uses this address. (example: jweb.eu)
NetRange: 92.0.0.0 - 92.255.255.255
CIDR: 92.0.0.0/8
OriginAS:
NetName: 92-RIPE
NetHandle: NET-92-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2007-03-27
Updated: 2009-05-18
Ref: http://whois.arin.net/rest/net/NET-92-0-0-0-1
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/RIPE
ReferralServer: whois://whois.ripe.net:43
OrgAbuseHandle: RNO29-ARIN
OrgAbuseName: RIPE NCC Operations
OrgAbusePhone: +31 20 535 4444
OrgAbuseEmail:
OrgAbuseRef: http://whois.arin.net/rest/poc/RNO29-ARIN
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail:
OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN
== Additional Information From whois://whois.ripe.net:43 ==
inetnum: 92.242.128.0 - 92.242.159.255
netname: UK-BAREFRUIT-20071227
descr: Barefruit Ltd.
country: GB
org: ORG-BL53-RIPE
admin-c: PR42-RIPE
tech-c: PR42-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: CATALYST2-MNT
mnt-domains: CATALYST2-MNT
mnt-routes: CATALYST2-MNT
source: RIPE # Filtered
organisation: ORG-BL53-RIPE
org-name: Barefruit Ltd.
org-type: LIR
address: Barefruit Ltd.
Lindsay Dean
43 - 45 Charlotte Street
London W1T 1RS
United Kingdom
phone: +44 207 717 8675
fax-no: +44 207 717 8759
admin-c: PR42-RIPE
mnt-ref: CATALYST2-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Paul Redpath
remarks: Catalyst2 Services Ltd
org: ORG-csl3-RIPE
address: Centre House
address: 79 Chichester Street
address: Belfast
address: BT1 4JE
phone: +44 800 107 7979
fax-no: +44 845 280 4993
abuse-mailbox:
mnt-by: CATALYST2-MNT
source: RIPE # Filtered
nic-hdl: PR42-RIPE
Scans every file I download, and reports if its safe or not.
In all my downloads only sourceforge FB and FBIDE ever posted anykind of warning.
Lately I'm getting message boxes that FBIDETEMP.EXE is trying to connect to the internet to address 92.242.144.10
When i did a whois on the number, i got the following.
Search
IP Information for 92.242.144.10
IP Location:
United Kingdom Belfast Barefruit Ltd.
ASN:
AS45028
IP Address:
92.242.144.10
Reverse IP:
1 website uses this address. (example: jweb.eu)
NetRange: 92.0.0.0 - 92.255.255.255
CIDR: 92.0.0.0/8
OriginAS:
NetName: 92-RIPE
NetHandle: NET-92-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2007-03-27
Updated: 2009-05-18
Ref: http://whois.arin.net/rest/net/NET-92-0-0-0-1
OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/RIPE
ReferralServer: whois://whois.ripe.net:43
OrgAbuseHandle: RNO29-ARIN
OrgAbuseName: RIPE NCC Operations
OrgAbusePhone: +31 20 535 4444
OrgAbuseEmail:
OrgAbuseRef: http://whois.arin.net/rest/poc/RNO29-ARIN
OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail:
OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN
== Additional Information From whois://whois.ripe.net:43 ==
inetnum: 92.242.128.0 - 92.242.159.255
netname: UK-BAREFRUIT-20071227
descr: Barefruit Ltd.
country: GB
org: ORG-BL53-RIPE
admin-c: PR42-RIPE
tech-c: PR42-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: CATALYST2-MNT
mnt-domains: CATALYST2-MNT
mnt-routes: CATALYST2-MNT
source: RIPE # Filtered
organisation: ORG-BL53-RIPE
org-name: Barefruit Ltd.
org-type: LIR
address: Barefruit Ltd.
Lindsay Dean
43 - 45 Charlotte Street
London W1T 1RS
United Kingdom
phone: +44 207 717 8675
fax-no: +44 207 717 8759
admin-c: PR42-RIPE
mnt-ref: CATALYST2-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Paul Redpath
remarks: Catalyst2 Services Ltd
org: ORG-csl3-RIPE
address: Centre House
address: 79 Chichester Street
address: Belfast
address: BT1 4JE
phone: +44 800 107 7979
fax-no: +44 845 280 4993
abuse-mailbox:
mnt-by: CATALYST2-MNT
source: RIPE # Filtered
nic-hdl: PR42-RIPE
Re: Bad Mirror
That was my point yes. What evidence that there really was a virus involved do you have?albert wrote:@Marcov
You asked "So what virus was found?"
Microsoft Security Essentials couldn't find a virus in either download.
Comodo AV couldn't find a virus in either download.
AVG AV couldn't find a virus in either download.
You forget the biggest category, software.But its known, that when your mouse or other hardware, starts doing funny things,
you've either got an intermitent hardware problem, or a virus of some sort. (After reinstalling windows the problem went away.)
Sure. But chances on that are very rare. I also doubt they would try to break a new virus by cracking a FB mirror and repacking archives.The AV companies only have signatures of found and examined viruses,
If its a totaly NEW virus, it won't get picked up by any AV, until someone isolates it and reports its code signature.
Then the AV companies can add that signature into their databases.
So all you really have is a very meagre heuristic warning, false positives of which are very common for 3rd party development tools (just search the forum).
Re: Bad Mirror
@Marcov
Okay!!
But they also accessed my Linux drive through Windows and wiped out my list of mafia names I downloaded frmo the internet.
http://www.americanmafia2.com/crimeboard/index.php
http://www.lowchensaustralia.com/names/underground.htm
http://www.gangsterbb.net/threads/ubbth ... ber=616947
It may be Yahoo workers since i use Yahoo Messenger.
But the problem started after i installed the FB 0.24 from the .de site and FBIDE 4.6.r4 ????
Sinve i got them off the internet and THEY ARE STILL THERE, why would someone bother hacking my computer to erase them???
Okay!!
But they also accessed my Linux drive through Windows and wiped out my list of mafia names I downloaded frmo the internet.
http://www.americanmafia2.com/crimeboard/index.php
http://www.lowchensaustralia.com/names/underground.htm
http://www.gangsterbb.net/threads/ubbth ... ber=616947
It may be Yahoo workers since i use Yahoo Messenger.
But the problem started after i installed the FB 0.24 from the .de site and FBIDE 4.6.r4 ????
Sinve i got them off the internet and THEY ARE STILL THERE, why would someone bother hacking my computer to erase them???
Re: Bad Mirror
Going from unprobable to downright esoteric paranoid schemes isn't going to help :-)albert wrote:@Marcov
If you are in over your head, get help from some computer shop to clean up an infection, don't try to string random factoids together in a paranoid scheme.
Re: Bad Mirror
Hi Albert.
A couple of years ago I dual booted Win 2000 with XP (which I was using)
Back then AVG could be installed by a single file which you could download.
i.e. you didn't have to go back on line to complete an installation
I had this AVG file on a pen drive, I installed Win 2000 and then AVG on to it.
I installed my modem by a driver file.
I then went on line directly to Microsoft update and brought Win 2000 up to date.
During the 15 minute or so updating, a virus called VIRUT got me.
When I re-booted, AVG told me so.
Then AVG got anhialated along with many more .exe and .com files by VIRUT.
It also crossed into My XP installation and Wreaked havoc there.
I've never installed Win 2000 again.
Another thing which I believe causes problems is code like:
dim as string s="Hello"
for z as integer=0 to 500
print s[z]
next z
I blame this for another catastrophe I had when working with bignumbers.
I ended up with files and folders named like FreeBasic code.
E.G.
INPU*@$.bas
OR
FOR&$@CASE for a folder.
Some of these files were several GBytes in size.
A couple of years ago I dual booted Win 2000 with XP (which I was using)
Back then AVG could be installed by a single file which you could download.
i.e. you didn't have to go back on line to complete an installation
I had this AVG file on a pen drive, I installed Win 2000 and then AVG on to it.
I installed my modem by a driver file.
I then went on line directly to Microsoft update and brought Win 2000 up to date.
During the 15 minute or so updating, a virus called VIRUT got me.
When I re-booted, AVG told me so.
Then AVG got anhialated along with many more .exe and .com files by VIRUT.
It also crossed into My XP installation and Wreaked havoc there.
I've never installed Win 2000 again.
Another thing which I believe causes problems is code like:
dim as string s="Hello"
for z as integer=0 to 500
print s[z]
next z
I blame this for another catastrophe I had when working with bignumbers.
I ended up with files and folders named like FreeBasic code.
E.G.
INPU*@$.bas
OR
FOR&$@CASE for a folder.
Some of these files were several GBytes in size.
Re: Bad Mirror
There were a lot of problems with remote-caused Windows malware infections back in the days when home computers were directly attached to the Internet. Nowadays, it's common to use a NAT router (DSL, HFC, ...). This means that your LAN computers aren't accessable from the Internet unless you set up a port forwarding manually. Moreover, many ISPs block NetBIOS ports etc. on the Internet which were used for massive attacks.
But back in the days of dial-up connections (and DSL connections directly established using a modem plus a NIC / network interface card), it happend quite often that PCs were "naked" on the Internet without any effective firewall, thereby exposing all open ports and security holes to the net. So infected other machines on the net could use remote code execution exploits to attack your computer as soon as it dialed in to the Internet.
If you took an unpatched Windows 2000/XP system (without any service packs / updates installed and without a working firewall) and attached it directly to the Internet, you just had to wait a few seconds or at most a few minutes to have it infected by several worms...
Striking examples of this kind of malware are Opasoft, Sasser or Blaster.
But back in the days of dial-up connections (and DSL connections directly established using a modem plus a NIC / network interface card), it happend quite often that PCs were "naked" on the Internet without any effective firewall, thereby exposing all open ports and security holes to the net. So infected other machines on the net could use remote code execution exploits to attack your computer as soon as it dialed in to the Internet.
If you took an unpatched Windows 2000/XP system (without any service packs / updates installed and without a working firewall) and attached it directly to the Internet, you just had to wait a few seconds or at most a few minutes to have it infected by several worms...
Striking examples of this kind of malware are Opasoft, Sasser or Blaster.