AstroSkipper Posted January 14 Author Posted January 14 On 12/17/2024 at 9:28 PM, AstroSkipper said: On 12/17/2024 at 8:46 PM, AstroSkipper said: On 12/17/2024 at 2:45 PM, XProxy said: I have errors when trying to access files linked in the beginning of this thread.. For example for ProxHTTPSProxy's PopMenu TLS 1.3 3V3, i get this Quote Dangerous File Blocked The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files. I was able to finally get it after creating a mediafire account and through URL manipulation. Hello! You are the very first reporting problems with the download of files I hosted on MediaFire. In any case, all my files are clean and free of malware. If MediaFire really reports something like this, it is very wrong. I have now checked my MediaFire account, and indeed, some of my files uploaded years ago are suddenly and wrongly flagged as malicious. MediaFire seems to use a new virus scanner, and it must be very bad. Therefore, all flagged files will be replaced by me with archives protected by a password to free MediaFire from such false positives. The password will be provided in the section 11. Downloads of my main article in the first post of this thread. Four archives are incorrectly classified as malicious by MediaFire's virus scanner. Of course, all my uploaded files are virus-free. I have now re-uploaded these files with password protection so that MediaFire doesn't continue to make such nonsense. As always, the download links with the corresponding password will be provided in the section 11. Downloads of my main article in the first post of this thread. Cheers, AstroSkipper 2
Multibooter Posted January 14 Posted January 14 1 hour ago, AstroSkipper said: Four archives are incorrectly classified as malicious by MediaFire's virus scanner. Could you temporarily upload again the 4 original files flagged by MediaFire's virus checker, to a different location? It would be interesting to see whether my ancient version of Kaspersky also flags them.
AstroSkipper Posted January 14 Author Posted January 14 54 minutes ago, Multibooter said: Could you temporarily upload again the 4 original files flagged by MediaFire's virus checker, to a different location? It would be interesting to see whether my ancient version of Kaspersky also flags them. These two files, for example, both created by @cmalex, are incorrectly classified as malicious by MediaFire's virus scanner although they are virus-free: https://www.mediafire.com/file/pdy1cd8insmdq7g/ProxyMII_220717.7z/file https://www.mediafire.com/file/yb0xjos28l110xx/ProxyMII_230813.7z/file 2
Multibooter Posted January 14 Posted January 14 (edited) 1 hour ago, AstroSkipper said: These two files, for example, both created by @cmalex, are incorrectly classified as malicious by MediaFire's virus scanner although they are virus-free: https://www.mediafire.com/file/pdy1cd8insmdq7g/ProxyMII_220717.7z/file https://www.mediafire.com/file/yb0xjos28l110xx/ProxyMII_230813.7z/file I cannot download these 2 files, I get the message: "Dangerous File Blocked, The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files." Any other way that I could get these 2 files? Added: sorry, I could just download the pw-protected files. Thanks anyway. Edited January 14 by Multibooter
AstroSkipper Posted January 14 Author Posted January 14 (edited) 9 minutes ago, Multibooter said: I cannot download these 2 files, I get the message: "Dangerous File Blocked, The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files." Any other way that I could get these 2 files? " Of course, you can download these files from the original source provided by @cmalex: https://mega.nz/folder/68dj2YTY#As2w31IO4Smr7gy6p1ciSg Edited January 14 by AstroSkipper Update of content 3
Multibooter Posted January 14 Posted January 14 I downloaded one of the files which mediafire did not like: https://www.mediafire.com/file/4sqkixfd2waaypt/ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper.7z/file I checked with my ancient version of Kaspersky, updated with the signature of 8Nov2024 (I only update once every 3 months). 1 Trojan and 1 riskware were detected: detected: Trojan program Trojan.Win32.Gamaredon.gj file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\cacert_Updater.exe detected: riskware not-a-virus:RiskTool.Win32.Cmdow.a file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\PopMenu\cmdow.exe Kaspersky gives substantially fewer false positives than other virus-checkers. My feeling is that there is only a 10% chance that the Trojan msg for cacert_Updater.exe is a false positive. I would not be concerned about the riskware msg.
AstroSkipper Posted January 14 Author Posted January 14 6 minutes ago, Multibooter said: I downloaded one of the files which mediafire did not like: https://www.mediafire.com/file/4sqkixfd2waaypt/ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper.7z/file I checked with my ancient version of Kaspersky, updated with the signature of 8Nov2024 (I only update once every 3 months). 1 Trojan and 1 riskware were detected: detected: Trojan program Trojan.Win32.Gamaredon.gj file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\cacert_Updater.exe detected: riskware not-a-virus:RiskTool.Win32.Cmdow.a file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\PopMenu\cmdow.exe Kaspersky gives substantially fewer false positives than other virus-checkers. My feeling is that there is only a 10% chance that the Trojan msg for cacert_Updater.exe is a false positive. I would not be concerned about the riskware msg. Then, Kaspersky is as bad as the virus scanner which MediaFire is using. These files are all clean and virus-free. The cacert_Updater.exe file has been fixed by me as the original version from @heinoganda stopped working. It is totally clean. And the cmdow.exe file is a DOS file from a trusted source and checked by me. Unfortunately, some scanners don't like it but it is totally clean, too. So, forget about Kaspersky! 1
Multibooter Posted January 14 Posted January 14 1 hour ago, AstroSkipper said: Then, Kaspersky is as bad as the virus scanner which MediaFire is using. These files are all clean and virus-free. The cacert_Updater.exe file has been fixed by me as the original version from @heinoganda stopped working. It is totally clean. And the cmdow.exe file is a DOS file from a trusted source and checked by me. Unfortunately, some scanners don't like it but it is totally clean, too. So, forget about Kaspersky! Kaspersky's flag of cacert_Updater.exe is most likely a false positive, only 5/74 scanners, including CrowdStrike, of virustotal flag the file: https://www.virustotal.com/gui/file/9f805311953057a944567d9a2e45ee4d65ffb7804925115b3b05bf02d3ff7821 When the content of cacert_Updater.exe is extracted with WinRAR, Kaspersky does not flag anything, so maybe Kaspersky doesn't like the .exe container. When cacert_Updater.exe is run in a sandbox, the program window "Mozilla trusted root certificates Updater" displays: "Do you want to update certificates?", maybe that's what Kaspersky doesn't like, no idea. With another root certificate updater for Windows, Cert_Updater_v1.6.exe (is a Windows Root Certificate Updater which I use for WinXP), Kaspersky does not flag anything when virus-checking. 1
AstroSkipper Posted January 14 Author Posted January 14 2 minutes ago, Multibooter said: With another root certificate updater for Windows, Cert_Updater_v1.6.exe (is a Windows Root Certificate Updater which I use for WinXP), Kaspersky does not flag anything when virus-checking. Just for clarification, the cacert_Updater.exe is not a root certificate updater for the Windows OS. It only updates the cacert.pem certificate bundle inside the ProxHTTPSProxy folder, exclusively the root certificates of ProxHTTPSProxy itself, so to speak. This is a quotation from my main article: Quote This file cacert.pem contains the currently valid root certificates (will be considered in more detail below) used by the proxy to verify the server connections That means it does not do the same as the Cert_Updater_v1.6.exe file. For more information, read the section 5.1 of my main article in the first post of this thread. 2
Multibooter Posted January 14 Posted January 14 (edited) 3 hours ago, AstroSkipper said: Just for clarification, the cacert_Updater.exe is not a root certificate updater for the Windows OS. It only updates the cacert.pem certificate bundle inside the ProxHTTPSProxy folder, exclusively the root certificates of ProxHTTPSProxy itself, so to speak. This is a quotation from my main article: That means it does not do the same as the Cert_Updater_v1.6.exe file. For more information, read the section 5.1 of my main article in the first post of this thread. I used Cert_Updater_v1.6.exe just as an example of another certificate updater, to see whether it also gets flagged when virus-checking. MiTeC EXE Explorer v1.2 indicates for cacert_Updater.exe an incorrect timestamp of 10May2012, even if the most recent file in the .exe, HTTPDL.exe, has the file modification date 13Feb2019. An incorrect timestamp is a little unusual, but not suspicious, many OK .exes have an incorrect timestamp. Maybe, if the content of cacert_Updater.exe (CERTUPD.bat, HTTPDL.exe and URLLINK) is put into a different SFX, it will not be flagged by virustotal/MediaFire? Edited January 14 by Multibooter
AstroSkipper Posted January 14 Author Posted January 14 8 minutes ago, Multibooter said: Maybe, if the content of cacert_Updater.exe (CERTUPD.bat, HTTPDL.exe and URLLINK) is put into a different SFX, it will not be flagged by virustotal/MediaFire? The files were uploaded to MediaFire by me more than two years ago. Only in the last few months they have been flagged as malicious by MediaFire. They are probably using some new scanner that works just as well as Kaspersky. 2
Multibooter Posted January 14 Posted January 14 (edited) I just saw a description of the Gamaredon trojan flagged by Kaspersky in cacert_Updater.exe: "Gamaredon ... is a Russian, state-sponsored cyber-espionage hacking group with cybersecurity researchers linking them to the FSB (Russian Federal Security Service)" https://www.bleepingcomputer.com/news/security/gamaredon-hackers-start-stealing-data-30-minutes-after-a-breach/ Russian Kaspersky is very unlikely to flag real Russian state-sponsored trojans, cacert_Updater.exe for ProxHTTPSProxy must therefore be clean, and this must be a false flag Why not just create a different SFX? Edited January 14 by Multibooter 1
Multibooter Posted January 14 Posted January 14 1 hour ago, AstroSkipper said: The files were uploaded to MediaFire by me more than two years ago. Only in the last few months they have been flagged as malicious by MediaFire. It is not unusual that trojans etc only get detected/added to virus signature updates several years after they came out. Again, why not just create a different SFX?
AstroSkipper Posted January 14 Author Posted January 14 6 minutes ago, Multibooter said: It is not unusual that trojans etc only get detected/added to virus signature updates several years after they came out. Again, why not just create a different SFX? The four files are now password protected and stops MediaFire from spreading further untruths. That's quite enough for me. 2
user57 Posted January 14 Posted January 14 8 minutes ago, AstroSkipper said: The four files are now password protected and stops MediaFire from spreading further untruths. That's quite enough for me. that might be a good point to point out that this false flagging is done quite often, what was not case in the past because at some point it did not have to be a virus, trojan horse, keylogger it has to be "potentional unwanted software, malware" - what this is they defined but rather going into a direction where software gets marked what is not on the want list after that they just flagged unwanted programms as virus, also coming over the anti virus software i could not even run the heic en/decoder in a win10 vmware test machine because all it said is that this executable is a virus, this was the case with many other 100 % virus free software i compiled up - other such as the one core api are also flagged as virus - even tho its open source its a monopoly 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now