retox

Well this is why I posted here I knew some people who developed the program come here - so I thought we could have solved it if people had been more willing to say " hey so what happened"Man I have no doubt the software is good - I'm going to use the uninfected version I have - but surely you agree that with a program like nlite I am not wrong to bring this up for discussion - some critical machines could depend on it - believe me I am neither insulting you or the software - I am glad there is no infection on your servers but mystified strongly puzzled about how this could have happened now. I totally agree it does seem odd that I should say such things but all I can say is please believe me I am not lying and not trying to make anyone or any product look bad I am geniuinely sorry if I have offended anyone and deeply concerned about networks and computers I take my job seriously and when at a forum like this I try to take a responsible attitude and get involved It is such a mystery but please allow me back here tomorrow about the same time I will try to present you with a detailed description and analysis properly written up so you may be able to hazard a better guess at how it might have happened - can I ask a question just supposing I was right and somehow either I was tricked into downloading from a non nlite server - or the nlite server had been compromised - that would be cause for concern wouldnt it? impossible !! OK I will get some experts in data and network forensics to help -end of story I desist

ok give me a few mins I'll put a link to the file here http://s10.quicksharing.com/v/2272368/nLit...taller.rar.html

nuhi its good to talk to you but this isnt a false positive - I'm sorry I posted here first but on the nlite site I couldnt find where to send such a concern.I know its not a false positive on these terms 1) the file infected came from a single source - no other source of the nlite software dropped registry entries into my registry that were as written by the infection 2) I saw the registry entries myself and did a test without using any scanners but searching the registry - before and after installing the file that infected the machine 2.5) I did this on clean isolated computers and also on computers interfacing to the internet - 3) I downloaded several times instances of the installer - both infected and not infected from different sources and still the only infection came from that one link 4) when I checked the ssource of html on the nlite site I saw nothing that would indicate it was a problem with the site 5) As you are confident of the integrity of your site and software there must or may be another explanation and I would like very much to help find that explanation but obviously sitting here I cannot see what you see behind those servers etc. - my aim is to help prevent a horrendous discharge of 180solutions viralware I will take the advice of the others and do a full test and post full results - I will post the file to a filehost so others may see it I am honestly not trying to undermine the softwre its creators or anything like that - I seriously had only good intentions and on reflection perhaps I could have been more subtle but I cant change that now and will remember in future that obviously this post is stressing others out as well as me. but the thought that people might even now be loading entire networks with software that may have been compromised is horrendous - I am only thinking back to when I have had such awful problems with any malware that has infected files thats written by 180solutions - I was also thinking I couldnt just say nothing Look everyone I am trying to be honest and to get a job done on your behalf for your benifit If I've done something wrong I apologise sincerely give me 24 hours as I am really tired now and I will see if I can put a decent report together

if you take a look at the date the file became infected it was release date 13/10/2006 which is approx 9 days after a poster above said the file was put on the server and 10 days before I downloaded the file It looks more and more like something somewhere needs to be investigated - after some of the comments above I dont even know why I'm bothering to do this except for the fact that spyware and spam and the thought of what it has done to the internet really gets me down - all I'm trying to do is help people - I would have thought that was obvious

I havent accused anyone and if you'd just read what I been saying and actually correlate it to the facts then you would see a pattern - its not like I'm a friggin noobie in technology I been working in IT systems and security for the past 25 years and I havent once before now found a site where people are so eager to praise a product that they forget the real world out there is getting more devious by the minute at manipulating technology for financial and malicious gain - I know nlite is a good product - I know the people who make it are good but believe me some of the best systems in the world are compromised on a regular basisLook I didnt want to get into a shouting match I presented the facts after doing a great deal of analysis on the problem I checked out everything from whether it was some sort of virus on my computer to whether there had been a redirect of the data packets along the way. All I can sy is that I am telling the truth and if any of you experts want the infected file so you can analyse it I will gladly submit it for your inspection. We could have got here sooner if you could have taken the issue seriously - my best advice is this - if someone shouts about security - deal with it from both ends of the chain - its no good getting your arse tight about someone saying theres a problem - best stay loose and actually see if there is a problem huh? yeah I thought of this and checked but I cant see that it happened - one possible explanation that I havent discounted is that the proxy server assigned by my isp (cuz Im at home this week) contained an instance of this file and it could be that I got the file from the proxy rather than the site - I dont know if they store anything other than html pages on their proxy but thats an explanation too however slight WILL POST LOGS ETC VERY SOON

I have a copy of the infected file - and its definitely infected - I just installed a copy of bit defender and it pickd it up as I opened the file - I mean if anyone is an expert in viral infection they may like to take a look at it I can zip the file and put it to a host somewhere I know for a fact this could have only been infected outside of my system -

oh good, at least thats more of a sane response than just denying it had anything to do with n-lite at least theres a fact in there to work with. Ok so what could it have been since my approach was this yesterday I downloaded nlite - made a install disk and run it then sometime later added in a spyware scanner - one that I trust (IE one that is kept on a cd and only installed on computers I am checking offline) another fact I know is that the situation only occurred if I downloaded n-lite which I did several times to clean computers with only official MS software on there further to that it never occured other than immediately after installing n-lite also this behaviour only occurred if the n-lite install was got from 1 link on the nlite website It did not occur if the nlite was taken from anywhere else have you got any explanations for how the exact same version of nlite might not infect my computer from one source but from another source it does - even though no other webpage was visited except the msfn page for nlite?

Youre havin a laugh aint ya ? have you read three posts above yours I TOLD YOU IT STOPPED SOMETIME AROUND 1300hrs UK TIME - jeez ok that really is enough next time I'll just let let you people get on with it if you want infected computers and networks just go ahead I wont bother anymore - just dont bother replying to this forget it

well why are you interested - it strikes me that youre pretty fast to deny anything was wrong - surely it would have been better to ask what the values were in the registry. Its pretty much ineffectual to ask what software I used if the way to verify the infection is by scanning the registry by typing "regedit" into a command prompt and looking for the signature if it was a false positive or a faulty scanner the signatures wouldnt have been there Since they were in the registry and only got there after installing the software its obvious the software n-lite carried them there now why you cant accept this I dont know but I GOT A PRETTY GOOD IDEA WHY

Is anyone actually reading anything thats written or do you just reply to the first post I'm telling you this happened and that by scanning the file that you download you would not have found it - also the file that infected my computer came from one single link on the download page - not the others the only way to detect the infection is when it enters the registry and places registry values there you cannot scan the file and detect it - you have to look in the registry but since its stopped now and the file appears to have been cleaned - its largely academic now I'll say it one more time - jeez you can only find the infection in the registry not by scanning the file for people who havent found the references to it http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325 http://research.sunbelt-software.com/threa...;threatid=69482 http://www.pctools.com/mrc/infections/view/2500/ anyway - I've had enough - you do what you want with the information but I havent had any reason to say this other than to tell you to be careful - if you dont take that advice its up to you

well now you do know ! erm infact several anti spyware programs I just ran confirmed what I have been saying - I have been looking into the problem since 4am uk time and - All I have is the fact that on a fresh install downloaded from the nlite site they reported the error I'm not trying do anything but alert you to a problem - if you dont take it seriously enough thats your luck out It was not a false positive and it was reported by my antispyware as zango software by 180solutions which puts its signature in the registry and that signature contains the word sudoku now I dont know what your problem is ! but I can tell you 2 things 1) this happened exactly as I reported it and 2) the problem is now not occuring as of about 15 minutes ago (13:18 uk time) two other facts are that it occured also using a download I took at around 7am yesterday morning the other fact being that I tested it at 7am on a completely fresh install this morning on a computer not interfaced with the internet and got the same results as at 4:30am also just FYI - there is little chance this could have come from anywhere else I am hooked up to a firewall and all my http traffic is scanned for malware before it gets to me by a subscription service - all my ports are closed and none of my antivirus scanners on any of the security behind the firewall picked it up till I rebooted and scanned the registry but my antispyware scanners saw it straight away

infact I just re-tested it and its still infected !!!!! and youre asking me that ? look its pretty simple - you go to nlite os http://www.nliteos.com/download.html download from a mirror site the self extracting archive install it run it search your registry does it contain an entry with the word sudoku? No now get the version thats not on a mirror site install it run it search registry now the signature for the 180solutions software will be there if you need to know full details of the signature read up on 180solutions zango software the last time there was a mass infection there were 400,000 computers in one spambot network If necessary I will get Edelman to test it for me - he is quite willing to do that, I have had corespondence with him before now. Incase the implications arent that obvious to you - anyone thats installing a disk made with the software will have to be careful they arent creating a spambot or spyware network

theres no mistake - if I download the self extracting archive from nliteos.com (not the ones from the mirror sites but the top one on the menu ) it definitely adds to my registry the zango software - theres no mistake - its that one file is infected FOR DEFINITE - dont rely on a scan - download the file and check the registry for the word "sudoku" then when it infects your computer edit it out and try a different download site for nlite - it wont do it. Then go back to the top link install n-lite and its there again - I'm not making this up !

After scanning for spyware I have been informed by pest patrol thatn-lite carries 180solutions zango software and that pest patrol considers n-lite to be a risk - it lists zango as being by 180solutions. This wasnt infected by my computer it was carried into the computer on a download of n-lite I got the file from this page here http://www.nliteos.com/download.html and it was the top link on the "self extracting archive" menu (not the mirrors from the site itself) I just tested the ones from the mirror sites and they are OK I retested the top link and its definitely infected You might be wondering why I dislike 180solutions so much, well when you realise that they scam 2billion a year out of spamming the internet (or used to - personally I think they still do) and when you have had entire business networks go down because of them - perhaps you will realise. Nlite has infected your computer - check the registry for the word "sodoku" and then read on http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325 you may like to read up on the following There are problems you will probably encounter with any title by 180solutions, just bear in mind the FBI threatened the directors with a legal case and also informed them they would press for custodial sentences unless they co-operated in making a case against other fraudsters - perpertrators of spyware viral code and other malware. Now considering they were making spambots at the time - do you want to take the risk - read on. full story here at Ben Edelman's website - Edelman helped the FBI track these... "people" down http://www.benedelman.org/spyware/180-affiliates/ http://www.benedelman.org news item here http://www.xbiz.com/news_piece.php?id=11111 Before you read any further see this page http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325 and find out if your registry or any files in unattended installations are infected also google for +180solutions +fbi basically 180solutions is company that was raking in around 2 Billion dollars a year frrom infecting computers and networks with trojans and other malware designed to get advertising onto your desktop My point being that its up to you whether you trust this software but I know for a fact that 180solutions is one of the most corrupt companies in existence and if I were you I'd think long and hard about using anything that was ever anything to do with them in a corporate environment or on my own home network. You just cant trust it. I want to know what zango software is doing in n-lite ? 180 solutions is now spending a great deal of money to tell people they went to the FBI and that theyve cleaned up their act- infact the FBI basically went to them and threatened them with many years behind bars - also do you really believe anyone is going to give up 2Billion a year that easily?

I just looked on this site at win-get http://windows-get.sourceforge.net/listapps.php and you can search a huge database of programs for their silent install parameters it tells you whether the program can be silently installed and, if so, what those parameters are

To be fair though, a lot of that was probably young children who managed to wreck the computers. I got called out once to a house where they complaind that the floppy drive wasnt taking disks anymore and when I took the drive apart there were two small wax crayons inside. Another one was where some kid had managed stuff half of an egg sandwich through the fan duct on the power supply at the back of the computer

Take a look at this if you really want an unbiased opinion on what the war in asia and the middle east is about. This is not opinion or conjecture - if you follow the links off the page they take you to the academic and news resources that enabled the document to be collated. It is infact a highly independent summary of the world situation and why oil has caused the iraq and afghanistan situation - irony is that we dont like the war but its a war to prevent even bigger wars http://lifeaftertheoilcrash.net/ The point is that in the year 1980 oil production was the same as in the year 2006, but in 2006 there is a vastly bigger world population - oil production therefore needs to increase in accordance with demand turns out that its really about there being an abundance of oil but not the capacity to get it out of the ground. What happens in economic terms is that you have all the oil the world could need but it still feels like there is a shortage. Partially the reason why iraq needed to be invaded was so the west could put oil wells in there (a lot more) to ensure that capacity meets demand. At the moment we have a demand that far outstrips capacity. That is in effect pushing prices up and causing governments to panic incase they dont get enough oil to supply their industries. Oil is not just needed for cars to run - every plastic item - every computer chip - steel - iron nylon goods need it. Its about the bility to get the oil out of the ground and thats all the war was about - so that it would stabilise the world economy

I downloaded the latest service pack 2 today and slipstreamed it into the windows installation disk using nlite as shown here http://unattended.msfn.org/unattended.xp/view/web/6/ I had hoped it would contain the security fixes and updates but after reinstalling windows with the disk I went to microsoft update site and they still needed installing so I suppose SP2 doesnt contain updates. So is there a way to download them all in a way that I could integrate them into my custom XP installation disk ?

Well hi everyone - !!! I am just here because I have discovered how to make customised windows cd's and would like to become really good at it. I made my first one today and it went ok but could be a lot better. Seems like a great forum for people at all skill levels