Jump to content

nlite infected by 180solutions ? Youre kidding !


retox

Recommended Posts

Same here. Picked the one you said, installed, ran spyware scanner (something I never bother with), and it found absolutely NOTHING at all. No "sudoku" anywhere in my registry either. Stop spreading lies!

Youre havin a laugh aint ya ?

have you read three posts above yours

I TOLD YOU IT STOPPED SOMETIME AROUND 1300hrs UK TIME -

jeez ok that really is enough

next time I'll just let let you people get on with it

if you want infected computers and networks just go ahead I wont bother anymore - just dont bother replying to this forget it

Link to comment
Share on other sites


Youre havin a laugh aint ya ?

No, not AT ALL. I'm taking this rather seriously (the wrongful accusations). This is pure and simple libel.

I TOLD YOU IT STOPPED SOMETIME AROUND 1300hrs UK TIME -

Check the Last-Modified date:

Last-Modified: Mon, 02 Oct 2006 16:49:48 GMT

So no, it hasn't changed in the last half hour, it's more than 3 weeks old. It's just your own spyware problems that did stop a half hour ago...

if you want infected computers and networks just go ahead

That's the first such claim I ever see about nlite, and honestly, there's lots of knowledgeable ppl using it, you'd think we'd have figured it out already. nlite's not going to infect other ppl's computers, no matter what you say or think. It's as clean as it gets.

@RyanVM: LOL. Been eBay'ing a bit much lately? ;)

Edited by crahak
Link to comment
Share on other sites

There is a simple explanation for this. That is that the link was hijacked and someone added spywear to nlite 12.rc file.

Last I checked thats not impossable. Files on webpages are always getting updated. This was just a fluk. Nuhi obviouslty had no part of it and its some lame-o trying to take advantage of nlites popularity.

Link to comment
Share on other sites

So no, it hasn't changed in the last half hour, it's more than 3 weeks old. It's just your own spyware problems that did stop a half hour ago

oh good, at least thats more of a sane response than just denying it had anything to do with n-lite

at least theres a fact in there to work with.

Ok so what could it have been since my approach was this

yesterday I downloaded nlite - made a install disk and run it

then sometime later added in a spyware scanner - one that I trust (IE one that is kept on a cd and only installed on computers I am checking offline)

another fact I know is that the situation only occurred if I downloaded n-lite

which I did several times to clean computers with only official MS software on there

further to that it never occured other than immediately after installing n-lite

also this behaviour only occurred if the n-lite install was got from 1 link on the nlite website

It did not occur if the nlite was taken from anywhere else

have you got any explanations for how the exact same version of nlite might not infect my computer from one source but from another source it does - even though no other webpage was visited except the msfn page for nlite?

Edited by retox
Link to comment
Share on other sites

There is a simple explanation for this. That is that the link was hijacked and someone added spywear to nlite 12.rc file.

Last I checked thats not impossable. Files on webpages are always getting updated. This was just a fluk. Nuhi obviouslty had no part of it and its some lame-o trying to take advantage of nlites popularity.

Uhmm. NO. Files and links on webpages don't get hijacked just like that. And I've NEVER heard of a hack being done to infect a download with spyware like that (and then the individual checking forums 24/7, and on the minute someone says anything, hacks the server again to restore the right files -- with the same timestamp no less). And if they wanted to get spyware spread, they wouldn't have picked nlite. It's relatively well known, but I doubt it's getting very much downloads (relatively speaking), and most of those are coming from users advanced enough to recognize and eradicate spyware, so it would be pointless. That theory makes NO sense whatsoever.

And like I said before, the file's timestamp has NOT changed in over 3 weeks. NOTHING's changed! And I just compared the download with the one I downloaded nearly a month ago when there were news about it, and it's identical bit for bit.

It's just him having spyware issues, and blaming them on nlite. Nothing more.

Link to comment
Share on other sites

I have a copy of the infected file - and its definitely infected - I just installed a copy of bit defender and it pickd it up as I opened the file -

I mean if anyone is an expert in viral infection they may like to take a look at it I can zip the file and put it to a host somewhere

I know for a fact this could have only been infected outside of my system -

Link to comment
Share on other sites

I have used nLite for the last two years, and I know that there isn't any spyware within the program. To end it all, simply state which file is causing this infection. Ad-aware results, as was posted earlier, have a detailed log which explains what is causing the spyware related infections on a computer.

No need for hostility, but it's not nice to accuse nuhi, who has been dedicated for at least two years to delivering a product of unprecedented quality to allow extranneous files and features to be removed permanently from Windows XP.

It is events like these that discourage people from sharing their hard work with the world, desiring to avoid the harsh scrutiny of the envious and the unappreciation by the selfish.

Edited by tap52384
Link to comment
Share on other sites

There is a simple explanation for this. That is that the link was hijacked and someone added spywear to nlite 12.rc file.

Last I checked thats not impossable. Files on webpages are always getting updated. This was just a fluk. Nuhi obviouslty had no part of it and its some lame-o trying to take advantage of nlites popularity.

Uhmm. NO. Files and links on webpages don't get hijacked just like that. And I've NEVER heard of a hack being done to infect a download with spyware like that (and then the individual checking forums 24/7, and on the minute someone says anything, hacks the server again to restore the right files -- with the same timestamp no less). And if they wanted to get spyware spread, they wouldn't have picked nlite. It's relatively well known, but I doubt it's getting very much downloads (relatively speaking), and most of those are coming from users advanced enough to recognize and eradicate spyware, so it would be pointless. That theory makes NO sense whatsoever.

And like I said before, the file's timestamp has NOT changed in over 3 weeks. NOTHING's changed! And I just compared the download with the one I downloaded nearly a month ago when there were news about it, and it's identical bit for bit.

It's just him having spyware issues, and blaming them on nlite. Nothing more.

ok.. well i figured it was at least a feasable explanation. I've used nlite since 04 and never had anything infect my system so I'm not standing with this guy. The possibility of a nlite release going up somewhere and him being redirected to that link and that file being infacted is remote but still possible.

Link to comment
Share on other sites

No need for hostility, but it's not nice to accuse nuhi, who has been dedicated for at least two years to delivering a product of unprecedented quality to allow extranneous files and features to be removed permanently from Windows XP
I havent accused anyone and if you'd just read what I been saying and actually correlate it to the facts then you would see a pattern - its not like I'm a friggin noobie in technology I been working in IT systems and security for the past 25 years and I havent once before now found a site where people are so eager to praise a product that they forget the real world out there is getting more devious by the minute at manipulating technology for financial and malicious gain - I know nlite is a good product - I know the people who make it are good but believe me some of the best systems in the world are compromised on a regular basis

Look I didnt want to get into a shouting match I presented the facts after doing a great deal of analysis on the problem I checked out everything from whether it was some sort of virus on my computer to whether there had been a redirect of the data packets along the way.

All I can sy is that I am telling the truth and if any of you experts want the infected file so you can analyse it I will gladly submit it for your inspection.

We could have got here sooner if you could have taken the issue seriously - my best advice is this - if someone shouts about security - deal with it from both ends of the chain - its no good getting your arse tight about someone saying theres a problem - best stay loose and actually see if there is a problem huh?

him being redirected to that link and that file being infacted is remote but still possible

yeah I thought of this and checked but I cant see that it happened - one possible explanation that I havent discounted is that the proxy server assigned by my isp (cuz Im at home this week) contained an instance of this file and it could be that I got the file from the proxy rather than the site - I dont know if they store anything other than html pages on their proxy but thats an explanation too however slight

WILL POST LOGS ETC VERY SOON

Edited by retox
Link to comment
Share on other sites

Filesize 1.68 Meg (1,762,636)

file version 1.2.0.1

nLite-1.2rc.installer.exe

file info

company Dino Nuhagic (nuhi)

file description Windows Installation customizer

pest info

reported adware

author 180solutions

release date 13/10/2006

date today 24/10/2006

time 16:47

risk moderate

advice: delete

reported infection registry entries

HKEY_CLASSES_ROOT\sudokupuzzle

HKEY_CLASSES_ROOT\sudokupuzzle\shell

HKEY_CLASSES_ROOT\sudokupuzzle\shell\open

HKEY_LOCAL_MACHINE\software\sudoku

HKEY_LOCAL_MACHINE\software\sudoku\forms

HKEY_LOCAL_MACHINE\software\sudoku\forms\wnd_frmmain

dll's

npclntax.dll

executables

activesudoku_setup.exe

%program_files%\active sudoku\unins000.exe

sudokusetup.exe

%program_files%\active sudoku\skins\themebuilder.exe

%program_files%\active sudoku\sudoku.exe

if you take a look at the date the file became infected it was release date 13/10/2006

which is approx 9 days after a poster above said the file was put on the server and 10 days before I downloaded the file

It looks more and more like something somewhere needs to be investigated - after some of the comments above I dont even know why I'm bothering to do this except for the fact that spyware and spam and the thought of what it has done to the internet really gets me down - all I'm trying to do is help people - I would have thought that was obvious

Edited by retox
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...