XP post-SP3 QFE compromised by an attack at the hoster of the file! Take care!

[RJARRRPCGP]

The XP post-SP3 QFE package over at Ryan VM has been compromised by an attack at the hoster of the file!

Edited March 22, 2016 by dencorso
Corrected title...

[bphlpt]

You are over-reacting.  The post-SP3 QFE package has NOT been compromised.  You have just been a victim of one of the tactics that many of the free file hosting services uses.  That's one way these free file hosting services make their money.  In this case you just need to UN-check the "Fast Download" box that is pre-selected, as 5eraph told you over at RyanVM.  When using this type of service, NEVER use the "fast" or "helper" type of link, that they try to get you to use if you're not careful.  I assume that using the service will probably deluge you with ads, best case.  I don't know for sure and I'm not going to use their "service" to find out.  All of these services will have at least one way to download the desired file directly and cleanly, you just have to make sure you only download that way.  Always have your browser download setting such that it always asks you where to store the file before downloading it so that you can be sure you are download the correct file you are looking for with the correct extension.

For any of the files that are linked to by anyone here, WinCert, RyanVM, or any of the "good" sites, if the service changes so that it does not have a clean download method, then if it is reported then I'm sure the file host will be changed.

Cheers and Regards

[RJARRRPCGP]

OK, here's what happened:

The first try, everytime I un-checked the fast download option, I get redirected to a page with a message telling me that my PC is suspicious and to notify technical support. Obvious malicious web page.

And with it checked, the download response looks normal, but it got transformed into an .exe that opens Internet Explorer.

The host needs to be changed, pronto! I tried and all attempts failed with a compromise.

Edited March 23, 2016 by RJARRRPCGP

[bphlpt]

My experience is different.  I un-check the "fast download" option, I click "Download" and immediately get redirected to a page with a "Download Now" button which downloads the correct file.  That is while using a Chrome variant browser with ad-blockers installed on Windows 7 x64.

At other times in the past I have run into similar behavior to what you reported where I also got a page saying that my PC is suspicious, but never for u_h's update pack.  In those cases it opened a separate tab or window with that attempt to get me to "clean" my PC, another attempt by those free hosting services to make their money, but if I closed that tab, which was sometimes more annoyingly difficult to do than it should be with persistent  "Are you sure?" pop-ups that had to be gotten rid of, the correct download page was back on the original tab.

I definitely sympathize with your frustrations, but while you might have better success if u_h was using a different host, it is possible to get the correct file with this host, as I and others have proved and no one else is currently complaining of difficulties.  So let's try to help you make changes to your system so that you can get the requested file.  The necessary changes might help make your overall web browsing experience more pleasant.

I assume you are using XP x64, but which exact browsers have you tried and do you have any ad-blocker installed?  And just curious, but which real-time AV do you use?

Cheers and Regards

Edited March 25, 2016 by bphlpt
grammer