66cats Posted December 12, 2023 Share Posted December 12, 2023 (edited) 36 minutes ago, XPerceniol said: this has me concerned Sorry, was joking. (the drive light does flash, but it has nothing to do with malware). Edit: Now i think i get what people mean by 'drive spinning up' (watch the mouse pointer), just 115 being *broken* (only does this on Vista). Quote Edited December 12, 2023 by 66cats Link to comment Share on other sites More sharing options...
Dixel Posted December 12, 2023 Share Posted December 12, 2023 4 hours ago, 66cats said: Should i be worried? Are we being Shanghaied into exfiltrating valuable state & industrial secrets safeguarded on our XP HDDs? Is Mypal safe, or is Feodor1 a.k.a. Feodor2 a stealthy Ukrainian operative, and his lovable coon but a masked Trojan horse in disguise? Posting from Mypal now, and my drive light is flashing... I hope you don't mind me replying to this. Not sure about the industrial espionage, but stealing data from private users and later selling it to advertisers is a very well known and documented issue. I've never used that browser. Google says that user (you're referring to) is native Russian, not Ukrainian, if it helps you. (determined by the errors he makes in English) Could you please elaborate about the lights flashing? I was under the impression this was only Chrome related. 3 Link to comment Share on other sites More sharing options...
66cats Posted December 12, 2023 Share Posted December 12, 2023 24 minutes ago, Dixel said: [Feodor is] native Russian, not Ukrainian Not sure what made me think he was Ukrainian, i'm Russian myself (moved to US a long time ago). Link to comment Share on other sites More sharing options...
AstroSkipper Posted December 12, 2023 Share Posted December 12, 2023 (edited) 41 minutes ago, Dixel said: I hope you don't mind me replying to this. Not sure about the industrial espionage, but stealing data from private users and later selling it to advertisers is a very well known and documented issue. I've never used that browser. Google says that user (you're referring to) is native Russian, not Ukrainian, if it helps you. (determined by the errors he makes in English) Could you please elaborate about the lights flashing? I was under the impression this was only Chrome related. 2 hours ago, 66cats said: Posting from Mypal now, and my drive light is flashing... I use Mypal 68 regularly and have not noticed any unusual behaviour so far. If you want to be on the safe side, use a network sniffer to identify and analyse all incoming and outgoing connections of a browser. And it doesn't matter whether it is Mypal 68 or this Chrome 115 which is actually the topic here. However, this strange behaviour was already observed when using certain versions of Chrome browsers. Any problems observed in terms of Mypal 68 should be then posted in a corresponding thread, of course. Edited December 12, 2023 by AstroSkipper Update of content 1 Link to comment Share on other sites More sharing options...
66cats Posted December 12, 2023 Share Posted December 12, 2023 36 minutes ago, Dixel said: stealing data from private users and later selling it to advertisers *Hapless advertisers, who get stuck with useless data. As an XP user, I see no ads (use adblocker), and struggle to understand how anyone could profit from data gleaned from my XP box. 1 minute ago, AstroSkipper said: use Mypal 68 regularly and have not noticed any unusual behaviour so far. Sorry, was trying [and failing] to be funny, use Mypal 68 on XP as my main browser, have 0 security concerns. 3 Link to comment Share on other sites More sharing options...
grey_rat Posted December 13, 2023 Share Posted December 13, 2023 Fedor lives in Kyiv (Ukraine). People speak two languages: ukrainian and russian. The russian language understandable for many countries of the former USSR (for example, Ukraine, Russia, Kazakhstan, Belarus, Georgia, Latvia ....). Russian language is not Russia, analogy english is not England He also has mistakes in the Russian text (mostly there are not enough letters in words), or he gains the text to the smartphone, or lazy to correct More often writes at the github or on the russian-speaking forum http://forum.ru-board.com/topic.cgi?forum=2&topic=5894&start=3200 Sse version of the MyPal will appear soon 3 Link to comment Share on other sites More sharing options...
Milkinis Posted December 14, 2023 Share Posted December 14, 2023 On 12/12/2023 at 5:47 PM, 66cats said: Not sure what made me think he was Ukrainian, i'm Russian myself (moved to US a long time ago). there's a Ukraine flag on his profile but I also doubt he's living over there in the middle of a war. Link to comment Share on other sites More sharing options...
Milkinis Posted December 14, 2023 Share Posted December 14, 2023 On 11/26/2023 at 10:40 AM, NotHereToPlayGames said: We should give the author/creator of this Chrome 115 on XP every benefit of the doubt I wonder if this has anything to do with uncertified certs.... Link to comment Share on other sites More sharing options...
XPerceniol Posted December 14, 2023 Share Posted December 14, 2023 2 hours ago, Milkinis said: there's a Ukraine flag on his profile but I also doubt he's living over there in the middle of a war. I also wondered that myself. Link to comment Share on other sites More sharing options...
dmiranda Posted December 15, 2023 Share Posted December 15, 2023 (edited) I'm giving it i a try. Below report point by point for updates later. 1 Launching in VM: I launched fisrt on VM, monitoring connections, nohting out of the ordinary, but used to @Articfoxie's and @Humming Owl builds I see a few connections to gg sites. No news there on my end. In my first runs, I had to manually copy the entries for my firewall (probably a remaining restriction of some sort I put there when chrome was food for Conan types). I basically copied the very restrictive permissions I had given to 360chrome to chorme115). No upd, of course. 2 Launching with @articfoxie's loader (even though he frowns upon it): I renamed the loader and its corresponding ini to 115loader or so. Unlike 360chrome, Chrome15 complains if I set --gaia-url=0.0.0.0, so I dropped it. All the other stuff remains, no apparent damage done (TBR). See attached file, some paths edited. The apple and gecko suaos at the end are surely wrong, but do not damage yet. Does anyone have the correct apple/gecko ones? 3 To launch 2, I use Chrome115.bat, with which I load settings and files/folders I want to remain unchanged over time, and to prevent chrome creation of spyware placeholders. Marked with selection are those folders where there are real data (the extensions I want to keep unaltered, unless I manually updated them). The rest are empty dirs and extensionless files to prevent the creation of spyware folders or files in profile. Works most o the time. 4. I'm trying to figure out how to install my extensions, a few of them. Now I see what all that talk about V2 and V3 was about. I hope this helps someone, and that it prompts corrections from those who know better. . Cheer! 115Loader.ini 115Loader.exe Edited December 15, 2023 by dmiranda 1 Link to comment Share on other sites More sharing options...
dmiranda Posted December 15, 2023 Share Posted December 15, 2023 On 11/27/2023 at 10:02 AM, Dixel said: Argument is when both sides have valid facts, we haven't read any from you. Also, it's not "heresay", it's been confirmed by at least several members and Chrome developers, including the comments in your topic with 360Chrome. It's not only Floppy disks, it's basically any storage, HDD, USB stick, I actually read it is also DVD. The goal is not to "win". The goal would be to defeat the spying "features" coming from that dubious place. It's not only linked to XP, I can reproduce even on Win 7. Example, an external WD 8TB storage with "green" saving features sleeps, then it turns on and spins up when the browser starts. I have the same behaviour with 360Chrome and CatsXP. I never has such things happen in my set up. In my opinion, operator failure. Don't blame the browser (that only wants to spy to telemetry and "make your browsing better") for faulty system configuration. 2 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted December 15, 2023 Share Posted December 15, 2023 1 hour ago, dmiranda said: Launching with @articfoxie's loader (even though he frowns upon it) The loader is "generic" and not tied to any specific build, so no worries here, lol I actually use the same "loader" on ALL of my Chromium Forks. I also have one "loader" that is used on ALL of my Mozilla Forks. Link to comment Share on other sites More sharing options...
dmiranda Posted December 15, 2023 Share Posted December 15, 2023 Well, n a clean install runs as advertized. I'm getting issues installing extensions. Nothing to do with V2-V3, I reckpn, but with the files and forlders I block. Will relax things, try to install, and then harden again. And report, later on dduring the week. Cheers! Link to comment Share on other sites More sharing options...
dmiranda Posted December 15, 2023 Share Posted December 15, 2023 sometimes I get to install an extensions, but dowloading the next i get restarting the installed extension is gone, and on trying to reinstall, get the same error. Probably a minor glitch. Will try a clean install and add the extensions from there, later modify the settings to my taste. Link to comment Share on other sites More sharing options...
D.Draker Posted December 15, 2023 Share Posted December 15, 2023 On 12/14/2023 at 1:44 PM, Milkinis said: I wonder if this has anything to do with uncertified certs.... If true, it's not good. Did you try a different scanner? What Mal/EncPk-ZC virus can do? Executable code extraction Creates RWX memory Reads data out of its own binary image Network activity detected but not expressed in API logs Mimics icon used for popular non-executable file format How to determine Mal/EncPk-ZC? crc32: 168FF873 md5: 6a67ce2ec0835a820e52a3bb875a286f name: 6A67CE2EC0835A820E52A3BB875A286F.mlw sha1: 04e4061d8d9842f6ae2187f8b6853815691dfbd3 sha256: 093b8ac431922003c71d288fa956f535ef9f4ba2a033c2dc04998b33f79201fc sha512: 0edb694178e3c7ff9e1c1c1d185dbda008f0f185f1afd2d4badc5f04e439fcde2595cc096cf08e7bb88c35031e8a8afd463fe0056492b0ff36bc00675706a7d9 ssdeep: 12288:UFSgGPbKhiIfh/wWsnHTdUCnB4tZ0UwKWjepV:UFSgGDJO/EnHTd/nBYbhpV type: PE32 executable (GUI) Intel 80386, for MS Windows https://adwareremoval.info/mal-encpk-zc/ 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now