retox
Content Type
Profiles
Forums
Events
Posts posted by retox
-
-
ok give me a few mins I'll put a link to the file
here
http://s10.quicksharing.com/v/2272368/nLit...taller.rar.html
0 -
nuhi its good to talk to you but this isnt a false positive - I'm sorry I posted here first but on the nlite site I couldnt find where to send such a concern.Man I can't believe you never experienced false antivirus alert.Regarding Winrar selfextracting exe every other antivirus will report as some trojan, then you just report that to the antivirus author and they will correct, happened before.
Let me know what they say, but I assure you that nLite is clean and don't make me close this topic, so no insults please.
I know its not a false positive on these terms
1) the file infected came from a single source - no other source of the nlite software dropped registry entries
into my registry that were as written by the infection
2) I saw the registry entries myself and did a test without using any scanners but searching the registry - before and after installing the file that infected the machine
2.5) I did this on clean isolated computers and also on computers interfacing to the internet -
3) I downloaded several times instances of the installer - both infected and not infected from
different sources and still the only infection came from that one link
4) when I checked the ssource of html on the nlite site I saw nothing that would indicate it was a problem with the site
5) As you are confident of the integrity of your site and software there must or may be another explanation and I would like very much to help find that explanation but obviously sitting here I cannot see what you see behind those servers etc. - my aim is to help prevent a horrendous discharge of 180solutions viralware
I will take the advice of the others and do a full test and post full results - I will post the file to a filehost so others may see it
I am honestly not trying to undermine the softwre its creators or anything like that - I seriously had only good intentions and on reflection perhaps I could have been more subtle but I cant change that now and will remember in future that obviously this post is stressing others out as well as me.
but the thought that people might even now be loading entire networks with software that may have been compromised is horrendous - I am only thinking back to when I have had such awful problems with any malware that has infected files thats written by 180solutions - I was also thinking I couldnt just say nothing
Look everyone I am trying to be honest and to get a job done on your behalf for your benifit
If I've done something wrong I apologise sincerely give me 24 hours as I am really tired now and I will see if I can put a decent report together
0 -
Filesize 1.68 Meg (1,762,636)
file version 1.2.0.1
nLite-1.2rc.installer.exe
file info
company Dino Nuhagic (nuhi)
file description Windows Installation customizer
pest info
reported adware
author 180solutions
release date 13/10/2006
date today 24/10/2006
time 16:47
risk moderate
advice: delete
reported infection registry entries
HKEY_CLASSES_ROOT\sudokupuzzle
HKEY_CLASSES_ROOT\sudokupuzzle\shell
HKEY_CLASSES_ROOT\sudokupuzzle\shell\open
HKEY_LOCAL_MACHINE\software\sudoku
HKEY_LOCAL_MACHINE\software\sudoku\forms
HKEY_LOCAL_MACHINE\software\sudoku\forms\wnd_frmmain
dll's
npclntax.dll
executables
activesudoku_setup.exe
%program_files%\active sudoku\unins000.exe
sudokusetup.exe
%program_files%\active sudoku\skins\themebuilder.exe
%program_files%\active sudoku\sudoku.exe
if you take a look at the date the file became infected it was release date 13/10/2006
which is approx 9 days after a poster above said the file was put on the server and 10 days before I downloaded the file
It looks more and more like something somewhere needs to be investigated - after some of the comments above I dont even know why I'm bothering to do this except for the fact that spyware and spam and the thought of what it has done to the internet really gets me down - all I'm trying to do is help people - I would have thought that was obvious
0 -
I havent accused anyone and if you'd just read what I been saying and actually correlate it to the facts then you would see a pattern - its not like I'm a friggin noobie in technology I been working in IT systems and security for the past 25 years and I havent once before now found a site where people are so eager to praise a product that they forget the real world out there is getting more devious by the minute at manipulating technology for financial and malicious gain - I know nlite is a good product - I know the people who make it are good but believe me some of the best systems in the world are compromised on a regular basisNo need for hostility, but it's not nice to accuse nuhi, who has been dedicated for at least two years to delivering a product of unprecedented quality to allow extranneous files and features to be removed permanently from Windows XPLook I didnt want to get into a shouting match I presented the facts after doing a great deal of analysis on the problem I checked out everything from whether it was some sort of virus on my computer to whether there had been a redirect of the data packets along the way.
All I can sy is that I am telling the truth and if any of you experts want the infected file so you can analyse it I will gladly submit it for your inspection.
We could have got here sooner if you could have taken the issue seriously - my best advice is this - if someone shouts about security - deal with it from both ends of the chain - its no good getting your arse tight about someone saying theres a problem - best stay loose and actually see if there is a problem huh?
him being redirected to that link and that file being infacted is remote but still possibleyeah I thought of this and checked but I cant see that it happened - one possible explanation that I havent discounted is that the proxy server assigned by my isp (cuz Im at home this week) contained an instance of this file and it could be that I got the file from the proxy rather than the site - I dont know if they store anything other than html pages on their proxy but thats an explanation too however slight
WILL POST LOGS ETC VERY SOON
0 -
I have a copy of the infected file - and its definitely infected - I just installed a copy of bit defender and it pickd it up as I opened the file -
I mean if anyone is an expert in viral infection they may like to take a look at it I can zip the file and put it to a host somewhere
I know for a fact this could have only been infected outside of my system -
0 -
So no, it hasn't changed in the last half hour, it's more than 3 weeks old. It's just your own spyware problems that did stop a half hour ago
oh good, at least thats more of a sane response than just denying it had anything to do with n-lite
at least theres a fact in there to work with.
Ok so what could it have been since my approach was this
yesterday I downloaded nlite - made a install disk and run it
then sometime later added in a spyware scanner - one that I trust (IE one that is kept on a cd and only installed on computers I am checking offline)
another fact I know is that the situation only occurred if I downloaded n-lite
which I did several times to clean computers with only official MS software on there
further to that it never occured other than immediately after installing n-lite
also this behaviour only occurred if the n-lite install was got from 1 link on the nlite website
It did not occur if the nlite was taken from anywhere else
have you got any explanations for how the exact same version of nlite might not infect my computer from one source but from another source it does - even though no other webpage was visited except the msfn page for nlite?
0 -
Same here. Picked the one you said, installed, ran spyware scanner (something I never bother with), and it found absolutely NOTHING at all. No "sudoku" anywhere in my registry either. Stop spreading lies!
Youre havin a laugh aint ya ?
have you read three posts above yours
I TOLD YOU IT STOPPED SOMETIME AROUND 1300hrs UK TIME -
jeez ok that really is enough
next time I'll just let let you people get on with it
if you want infected computers and networks just go ahead I wont bother anymore - just dont bother replying to this forget it
0 -
well why are you interested - it strikes me that youre pretty fast to deny anything was wrong - surely it would have been better to ask what the values were in the registry. Its pretty much ineffectual to ask what software I used if the way to verify the infection is by scanning the registry
by typing "regedit" into a command prompt and looking for the signature
if it was a false positive or a faulty scanner the signatures wouldnt have been there
Since they were in the registry and only got there after installing the software its obvious the software n-lite carried them there
now why you cant accept this I dont know but I GOT A PRETTY GOOD IDEA WHY
0 -
i cant seem to find spyware in it anyware
Is anyone actually reading anything thats written or do you just reply to the first post
I'm telling you this happened and that by scanning the file that you download you would not have found it - also the file that infected my computer came from one single link on the download page - not the others
the only way to detect the infection is when it enters the registry and places registry values there
you cannot scan the file and detect it - you have to look in the registry
but since its stopped now and the file appears to have been cleaned - its largely academic now
I'll say it one more time - jeez
you can only find the infection in the registry not by scanning the file
for people who havent found the references to it
http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325
http://research.sunbelt-software.com/threa...;threatid=69482
http://www.pctools.com/mrc/infections/view/2500/
anyway - I've had enough - you do what you want with the information but I havent had any reason to say this other than to tell you to be careful - if you dont take that advice its up to you
0 -
i didnt know u are a guru in spyware and u found it just by scaning manually after some word u made up.....go party or other activities ....i scaned nlite with a lot of av and antispyware.....
and by the way if u dont like it cause its infecting you pc with the word u said DONT USE IT!!!!!1
well now you do know !
erm infact several anti spyware programs I just ran confirmed what I have been saying - I have been looking into the problem since 4am uk time and - All I have is the fact that on a fresh install downloaded from the nlite site they reported the error I'm not trying do anything but alert you to a problem - if you dont take it seriously enough thats your luck out
It was not a false positive and it was reported by my antispyware as zango software by 180solutions
which puts its signature in the registry and that signature contains the word sudoku
now I dont know what your problem is ! but I can tell you 2 things 1) this happened exactly as I reported it
and 2) the problem is now not occuring as of about 15 minutes ago (13:18 uk time)
two other facts are that it occured also using a download I took at around 7am yesterday morning
the other fact being that I tested it at 7am on a completely fresh install this morning on a computer not interfaced with the internet and got the same results as at 4:30am
also just FYI - there is little chance this could have come from anywhere else I am hooked up to a firewall and all my http traffic is scanned for malware before it gets to me by a subscription service - all my ports are closed and none of my antivirus scanners on any of the security behind the firewall picked it up till I rebooted and scanned the registry but my antispyware scanners saw it straight away
0 -
infact I just re-tested it and its still infected !!!!!
you on drugs?
and youre asking me that ?
look its pretty simple - you go to nlite os
http://www.nliteos.com/download.html
download from a mirror site the self extracting archive
install it
run it
search your registry does it contain an entry with the word sudoku? No
now get the version thats not on a mirror site
install it
run it
search registry
now the signature for the 180solutions software will be there
if you need to know full details of the signature read up on
180solutions zango software
the last time there was a mass infection there were 400,000 computers in one spambot network
If necessary I will get Edelman to test it for me - he is quite willing to do that, I have
had corespondence with him before now.
Incase the implications arent that obvious to you - anyone thats installing a disk made with the software will have to be careful they arent creating a spambot or spyware network
0 -
I got the file from this page here
http://www.nliteos.com/download.html
and it was the top link on the "self extracting archive" menu (not the mirrors from the site itself)
I just tested the ones from the mirror sites and they are OK
I retested the top link and its definitely infected
theres no mistake - if I download the self extracting archive from nliteos.com (not the ones from the mirror sites but the top one on the menu ) it definitely adds to my registry the zango software - theres no mistake - its that one file is infected FOR DEFINITE - dont rely on a scan - download the file and check the registry for the word "sudoku" then when it infects your computer edit it out and try a different download site for nlite - it wont do it. Then go back to the top link install n-lite and its there again - I'm not making this up !
0 -
After scanning for spyware I have been informed by pest patrol thatn-lite carries 180solutions zango software
and that pest patrol considers n-lite to be a risk - it lists zango as being by 180solutions. This wasnt infected by my computer it was carried into the computer on a download of n-lite
I got the file from this page here
http://www.nliteos.com/download.html
and it was the top link on the "self extracting archive" menu (not the mirrors from the site itself)
I just tested the ones from the mirror sites and they are OK
I retested the top link and its definitely infected
You might be wondering why I dislike 180solutions so much, well when you realise that they scam 2billion a year out of spamming the internet (or used to - personally I think they still do) and when you have had entire business networks go down because of them - perhaps you will realise.
Nlite has infected your computer - check the registry for the word "sodoku" and then read on
http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325
you may like to read up on the following
There are problems you will probably encounter with any title by 180solutions, just bear in mind the FBI threatened the directors with a legal case and also informed them they would press for custodial sentences unless they co-operated in making a case against other fraudsters - perpertrators of spyware viral code and other malware. Now considering they were making spambots at the time - do you want to take the risk - read on.
full story here at Ben Edelman's website - Edelman helped the FBI track these... "people" down
Ben's current research includes analyzing methods and effects of spyware, with a focus on installation methods and revenue sources. Ben has documented advertisers supporting spyware, advertising intermediaries funding spyware, affiliate commission fraud, and click fraud ...I present a methodology for rigorously examining the activities of 180's Zango software, and I show the results of my examination, including a list of affected merchants.http://www.benedelman.org/spyware/180-affiliates/
news item here
http://www.xbiz.com/news_piece.php?id=11111
Before you read any further see this page
http://www3.ca.com/securityadvisor/pest/pe...px?id=453100325
and find out if your registry or any files in unattended installations are infected
also
google for +180solutions +fbi
basically 180solutions is company that was raking in around 2 Billion dollars a year frrom infecting computers and networks with trojans and other malware designed to get advertising onto your desktop
My point being that its up to you whether you trust this software but I know for a fact that 180solutions is one of the most corrupt companies in existence and if I were you I'd think long and hard about using anything that was ever anything to do with them in a corporate environment or on my own home network.
You just cant trust it. I want to know what zango software is doing in n-lite ?
180 solutions is now spending a great deal of money to tell people they went to the FBI and that theyve cleaned up their act- infact the FBI basically went to them and threatened them with many years behind bars - also do you really believe anyone is going to give up 2Billion a year that easily?
0 -
I just looked on this site at win-get
http://windows-get.sourceforge.net/listapps.php
and you can search a huge database of programs for their silent install parameters
it tells you whether the program can be silently installed and, if so, what those parameters are
0 -
To be fair though, a lot of that was probably young children who managed to wreck the computers.
I got called out once to a house where they complaind that the floppy drive wasnt taking disks anymore and when I took the drive apart there were two small wax crayons inside. Another one was where some kid had managed stuff half of an egg sandwich through the fan duct on the power supply at the back of the computer
0 -
Take a look at this if you really want an unbiased opinion on what the war in asia and the middle east is about. This is not opinion or conjecture - if you follow the links off the page they take you to the academic and news resources that enabled the document to be collated. It is infact a highly independent summary of the world situation and why oil has caused the iraq and afghanistan situation - irony is that we dont like the war but its a war to prevent even bigger wars
http://lifeaftertheoilcrash.net/
The point is that in the year 1980 oil production was the same as in the year 2006, but in 2006 there is a vastly bigger world population - oil production therefore needs to increase in accordance with demand
turns out that its really about there being an abundance of oil but not the capacity to get it out of the ground. What happens in economic terms is that you have all the oil the world could need but it still feels like there is a shortage. Partially the reason why iraq needed to be invaded was so the west could put oil wells in there (a lot more) to ensure that capacity meets demand. At the moment we have a demand that far outstrips capacity.
That is in effect pushing prices up and causing governments to panic incase they dont get enough oil to supply their industries.
Oil is not just needed for cars to run - every plastic item - every computer chip - steel - iron nylon goods need it. Its about the bility to get the oil out of the ground and thats all the war was about - so that it would stabilise the world economy
0 -
I downloaded the latest service pack 2 today and slipstreamed it into the windows
installation disk using nlite as shown here
http://unattended.msfn.org/unattended.xp/view/web/6/
I had hoped it would contain the security fixes and updates but after reinstalling windows with the disk
I went to microsoft update site and they still needed installing so I suppose SP2 doesnt contain updates.
So is there a way to download them all in a way that I could integrate them into my custom XP installation disk ?
0 -
Well hi everyone - !!!
I am just here because I have discovered how to make
customised windows cd's and would like to become really
good at it. I made my first one today and it went ok
but could be a lot better. Seems like a great forum for people
at all skill levels
0
nlite infected by 180solutions ? Youre kidding !
in nLite
Posted · Edited by retox
Man I have no doubt the software is good - I'm going to use the uninfected version I have -
but surely you agree that with a program like nlite I am not wrong to bring this up for discussion - some critical machines could depend on it -
believe me I am neither insulting you or the software - I am glad there is no infection on your servers but mystified strongly puzzled about how this could have happened now.
I totally agree it does seem odd that I should say such things but all I can say is please believe me I am not lying and not trying to make anyone or any product look bad
I am geniuinely sorry if I have offended anyone and deeply concerned about networks and computers I take my job seriously and when at a forum like this I try to take a responsible attitude and get involved
It is such a mystery but please allow me back here tomorrow about the same time I will try to present you with a detailed description and analysis properly written up so you may be able to hazard a better guess at how it might have happened - can I ask a question
just supposing I was right and somehow either I was tricked into downloading from a non nlite server - or the nlite server had been compromised - that would be cause for concern wouldnt it?
impossible !! OK I will get some experts in data and network forensics to help -end of story I desist