Oolite Bulletins

For information and discussion about Oolite.
It is currently Tue Mar 19, 2019 1:41 am

All times are UTC




Post new topic  Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Aug 31, 2009 9:06 pm 
Offline
Above Average
Above Average
User avatar

Joined: Sun Dec 28, 2008 7:37 pm
Posts: 17
Location: Adirondack Mountains
I've been trying for months to track down a trojan on my computer that was harvesting data from my contacts list and sending out fake emails in my name to the people on that list. Today I uninstalled Panda Antivirus and switched over to Avira, then ran a complete scan. It found a trojan that it called HTML/Silly.Gen that was located in the Custom Sounds Plist in the config folder of the resources section of the 1.72.2 build for Windows. I cleaned and uninstalled Oolite from my hard-drive and downloaded the new 1.73 build from Berlios. The download scanned clean, but when I began extracting the files I quickly got a warning that one of them was infected with the HTML/Silly.Gen trojan and needed to be quarrantined. So I again deleted all the Oolite files from my computer. You may want to check into this.

_________________
Shoot first and pick up the goodies later...


Top
   
 Post subject:
PostPosted: Mon Aug 31, 2009 9:39 pm 
Offline
Intergalactic Spam Assassin
Intergalactic Spam Assassin
User avatar

Joined: Tue Dec 05, 2006 9:43 pm
Posts: 8501
Location: Newbury, UK
I use AVG free just rescanned and it doesn't find anything - that doesn't mean its not there of course...

_________________
Quote:
Apparently I was having a DaddyHoggy moment.
Oolite Life is now revealed here


Top
   
 Post subject:
PostPosted: Mon Aug 31, 2009 9:59 pm 
Offline
Quite Grand Sub-Admiral
Quite Grand Sub-Admiral

Joined: Wed Feb 28, 2007 7:54 am
Posts: 5374
False positive. The entire build (installer + tree structure after installation) was scanned using McAfee VirusScan Enterprise, scan engine 5301.4018, with DAT dated 28 August 2009 before its release. Additionally, there is absolutely nothing wrong in customsounds.plist. It is a standard NeXTStep format property file. It is safe to install.


Top
   
 Post subject:
PostPosted: Tue Sep 01, 2009 1:34 am 
Offline
Deadly
Deadly

Joined: Sat Aug 15, 2009 6:15 am
Posts: 213
Wanna another false positive?

Just make one empty bat file and put this in it:
Code:
copy
copy
copy
BitDefender will pick it up.


Top
   
 Post subject:
PostPosted: Tue Sep 01, 2009 6:50 am 
Offline
---- E L I T E ----
---- E L I T E ----
User avatar

Joined: Mon Apr 06, 2009 12:20 pm
Posts: 6310
Location: Aboard the Pitviper S.E. "Blackwidow"
You may want to install, update and run Malwarebytes' Anti-Malware to check (and clean) your PC... there are lots of nasty things out there that anti-virus programs won't detect.. the free one will do everything the paid version does except for real-time protection and auto-updating.

_________________
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied


Top
   
 Post subject:
PostPosted: Tue Sep 01, 2009 9:16 am 
Offline
---- E L I T E ----
---- E L I T E ----
User avatar

Joined: Sat Oct 20, 2007 2:52 pm
Posts: 2365
It's the last entry that gives a warning.
In Oolites customsounds.plist
Code:
"[wormhole-created]" = "";
And in CustomSounds.oxp
Code:
"[wormhole-created]" = "w_hole.ogg";
Both seem to trigger Avira's heuristical search. I've reported it ~3 weeks ago to Avira,but they haven't reacted. The LAB has the files, so maybe someday they'll do something, but I wouldn't count on it. So I'd think that the Byte-combination is the problem here. Renaming this entry solves it.
Code:
"[wrmhole-created]" = "w_hole.ogg";
Edit: For sure reported it as 'false positive' .-)


Top
   
 Post subject:
PostPosted: Tue Sep 01, 2009 11:30 pm 
Offline
Grand Admiral Emeritus
Grand Admiral Emeritus
User avatar

Joined: Sat Apr 02, 2005 2:43 pm
Posts: 6657
Location: Sweden
I’ve had a couple of bug reports from Avira users about the customsounds.plist “issue”. Avira appears to be incorrectly identifying it as JavaScript doing strange stuff. customsounds.plist does not contain executable code of any sort and cannot carry a trojan.

I asked those who e-mailed me to send bug reports to Avira, and recommend you do the same.

_________________
E-mail: jens@oolite.org


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 7 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited