retox Posted October 24, 2006 Share Posted October 24, 2006 (edited) After scanning for spyware I have been informed by pest patrol thatn-lite carries 180solutions zango softwareand that pest patrol considers n-lite to be a risk - it lists zango as being by 180solutions. This wasnt infected by my computer it was carried into the computer on a download of n-liteI got the file from this page herehttp://www.nliteos.com/download.htmland it was the top link on the "self extracting archive" menu (not the mirrors from the site itself)I just tested the ones from the mirror sites and they are OKI retested the top link and its definitely infectedYou might be wondering why I dislike 180solutions so much, well when you realise that they scam 2billion a year out of spamming the internet (or used to - personally I think they still do) and when you have had entire business networks go down because of them - perhaps you will realise.Nlite has infected your computer - check the registry for the word "sodoku" and then read onhttp://www3.ca.com/securityadvisor/pest/pe...px?id=453100325you may like to read up on the followingThere are problems you will probably encounter with any title by 180solutions, just bear in mind the FBI threatened the directors with a legal case and also informed them they would press for custodial sentences unless they co-operated in making a case against other fraudsters - perpertrators of spyware viral code and other malware. Now considering they were making spambots at the time - do you want to take the risk - read on.full story here at Ben Edelman's website - Edelman helped the FBI track these... "people" downBen's current research includes analyzing methods and effects of spyware, with a focus on installation methods and revenue sources. Ben has documented advertisers supporting spyware, advertising intermediaries funding spyware, affiliate commission fraud, and click fraud ...I present a methodology for rigorously examining the activities of 180's Zango software, and I show the results of my examination, including a list of affected merchants.http://www.benedelman.org/spyware/180-affiliates/http://www.benedelman.orgnews item herehttp://www.xbiz.com/news_piece.php?id=11111Before you read any further see this pagehttp://www3.ca.com/securityadvisor/pest/pe...px?id=453100325 and find out if your registry or any files in unattended installations are infectedalsogoogle for +180solutions +fbibasically 180solutions is company that was raking in around 2 Billion dollars a year frrom infecting computers and networks with trojans and other malware designed to get advertising onto your desktopMy point being that its up to you whether you trust this software but I know for a fact that 180solutions is one of the most corrupt companies in existence and if I were you I'd think long and hard about using anything that was ever anything to do with them in a corporate environment or on my own home network.You just cant trust it. I want to know what zango software is doing in n-lite ?180 solutions is now spending a great deal of money to tell people they went to the FBI and that theyve cleaned up their act- infact the FBI basically went to them and threatened them with many years behind bars - also do you really believe anyone is going to give up 2Billion a year that easily? Edited October 24, 2006 by retox Link to comment Share on other sites More sharing options...
glent Posted October 24, 2006 Share Posted October 24, 2006 (edited) i have scanned the file here hxxp://www.virustotal.comherehxxp://virusscan.jotti.org/And herehxxp://housecall65.trendmicro.comThe sites report the file as clean , either this has been silently fixed or you have made mistake Edited October 24, 2006 by glent Link to comment Share on other sites More sharing options...
retox Posted October 24, 2006 Author Share Posted October 24, 2006 I got the file from this page herehttp://www.nliteos.com/download.htmland it was the top link on the "self extracting archive" menu (not the mirrors from the site itself)I just tested the ones from the mirror sites and they are OKI retested the top link and its definitely infectedtheres no mistake - if I download the self extracting archive from nliteos.com (not the ones from the mirror sites but the top one on the menu ) it definitely adds to my registry the zango software - theres no mistake - its that one file is infected FOR DEFINITE - dont rely on a scan - download the file and check the registry for the word "sudoku" then when it infects your computer edit it out and try a different download site for nlite - it wont do it. Then go back to the top link install n-lite and its there again - I'm not making this up ! Link to comment Share on other sites More sharing options...
bledd Posted October 24, 2006 Share Posted October 24, 2006 you on drugs? Link to comment Share on other sites More sharing options...
retox Posted October 24, 2006 Author Share Posted October 24, 2006 (edited) infact I just re-tested it and its still infected !!!!!you on drugs?and youre asking me that ?look its pretty simple - you go to nlite os http://www.nliteos.com/download.htmldownload from a mirror site the self extracting archive install itrun itsearch your registry does it contain an entry with the word sudoku? Nonow get the version thats not on a mirror siteinstall itrun itsearch registrynow the signature for the 180solutions software will be thereif you need to know full details of the signature read up on180solutions zango softwarethe last time there was a mass infection there were 400,000 computers in one spambot networkIf necessary I will get Edelman to test it for me - he is quite willing to do that, I have had corespondence with him before now.Incase the implications arent that obvious to you - anyone thats installing a disk made with the software will have to be careful they arent creating a spambot or spyware network Edited October 24, 2006 by retox Link to comment Share on other sites More sharing options...
bledd Posted October 24, 2006 Share Posted October 24, 2006 "finished searching through the registry"you on drugs? Link to comment Share on other sites More sharing options...
boooggy Posted October 24, 2006 Share Posted October 24, 2006 i didnt know u are a guru in spyware and u found it just by scaning manually after some word u made up.....go party or other activities ....i scaned nlite with a lot of av and antispyware.....and by the way if u dont like it cause its infecting you pc with the word u said DONT USE IT!!!!!1 Link to comment Share on other sites More sharing options...
glent Posted October 24, 2006 Share Posted October 24, 2006 (edited) infact I just re-tested it and its still infected !!!!!look its pretty simple - you go to nlite os http://www.nliteos.com/download.htmldownload from a mirror site the self extracting archive install itrun itsearch your registry does it contain an entry with the word sudoku? Nonow get the version thats not on a mirror siteinstall itrun itsearch registrynow the signature for the 180solutions software will be thereDid that,but the word did not appear in my registry, Maybe your already infected before?this do not need to be a flame war Edited October 24, 2006 by glent Link to comment Share on other sites More sharing options...
retox Posted October 24, 2006 Author Share Posted October 24, 2006 (edited) i didnt know u are a guru in spyware and u found it just by scaning manually after some word u made up.....go party or other activities ....i scaned nlite with a lot of av and antispyware.....and by the way if u dont like it cause its infecting you pc with the word u said DONT USE IT!!!!!1well now you do know !erm infact several anti spyware programs I just ran confirmed what I have been saying - I have been looking into the problem since 4am uk time and - All I have is the fact that on a fresh install downloaded from the nlite site they reported the error I'm not trying do anything but alert you to a problem - if you dont take it seriously enough thats your luck outIt was not a false positive and it was reported by my antispyware as zango software by 180solutionswhich puts its signature in the registry and that signature contains the word sudokunow I dont know what your problem is ! but I can tell you 2 things 1) this happened exactly as I reported itand 2) the problem is now not occuring as of about 15 minutes ago (13:18 uk time)two other facts are that it occured also using a download I took at around 7am yesterday morning the other fact being that I tested it at 7am on a completely fresh install this morning on a computer not interfaced with the internet and got the same results as at 4:30amalso just FYI - there is little chance this could have come from anywhere else I am hooked up to a firewall and all my http traffic is scanned for malware before it gets to me by a subscription service - all my ports are closed and none of my antivirus scanners on any of the security behind the firewall picked it up till I rebooted and scanned the registry but my antispyware scanners saw it straight away Edited October 24, 2006 by retox Link to comment Share on other sites More sharing options...
Mikep7779 Posted October 24, 2006 Share Posted October 24, 2006 your crazy.... Nuhi has been doing this for a long time... no need to go and destroy the community. I scanned aswell, CLEAN Link to comment Share on other sites More sharing options...
Lost Soul Posted October 24, 2006 Share Posted October 24, 2006 i cant seem to find spyware in it anyware Link to comment Share on other sites More sharing options...
retox Posted October 24, 2006 Author Share Posted October 24, 2006 (edited) i cant seem to find spyware in it anywareIs anyone actually reading anything thats written or do you just reply to the first postI'm telling you this happened and that by scanning the file that you download you would not have found it - also the file that infected my computer came from one single link on the download page - not the othersthe only way to detect the infection is when it enters the registry and places registry values thereyou cannot scan the file and detect it - you have to look in the registrybut since its stopped now and the file appears to have been cleaned - its largely academic nowI'll say it one more time - jeezyou can only find the infection in the registry not by scanning the filefor people who havent found the references to ithttp://www3.ca.com/securityadvisor/pest/pe...px?id=453100325http://research.sunbelt-software.com/threa...;threatid=69482http://www.pctools.com/mrc/infections/view/2500/anyway - I've had enough - you do what you want with the information but I havent had any reason to say this other than to tell you to be careful - if you dont take that advice its up to you Edited October 24, 2006 by retox Link to comment Share on other sites More sharing options...
bledd Posted October 24, 2006 Share Posted October 24, 2006 what software are you using it scan it with, lol Link to comment Share on other sites More sharing options...
retox Posted October 24, 2006 Author Share Posted October 24, 2006 well why are you interested - it strikes me that youre pretty fast to deny anything was wrong - surely it would have been better to ask what the values were in the registry. Its pretty much ineffectual to ask what software I used if the way to verify the infection is by scanning the registryby typing "regedit" into a command prompt and looking for the signature if it was a false positive or a faulty scanner the signatures wouldnt have been thereSince they were in the registry and only got there after installing the software its obvious the software n-lite carried them therenow why you cant accept this I dont know but I GOT A PRETTY GOOD IDEA WHY Link to comment Share on other sites More sharing options...
CoffeeFiend Posted October 24, 2006 Share Posted October 24, 2006 (edited) Same here. Picked the one you said, installed, ran spyware scanner (something I never bother with), and it found absolutely NOTHING at all. No "sudoku" anywhere in my registry either. Stop spreading lies!Don't take my word for it either: Not that I'm nlite user, but I figured that just couldn't be true.If you have spyware problems just ditch IE already, don't blame 'em on nlite. Edited October 24, 2006 by crahak Link to comment Share on other sites More sharing options...
Recommended Posts