Jump to content

nlite infected by 180solutions ? Youre kidding !

retox

By retox
in nLite

 Share

Recommended Posts

mark strelecki

mark strelecki

Posted
Posted

retox -

First, many thanks for the concern you've shown in bringing this issue to a public forum. I know it can be very stressful to be a whistleblower, but I also know something else:

Once a system has been compromised, any number of tests, checks, scans or investigations can go awry due to the nature of rogue processes and invisible services that control the system.

You've already told us you found evidence of corruption on your computer. What you haven't put forth (yet) is the methodology and procedure you've used to insure that system has been totally and completely cleaned.

Since some infections REQUIRE a hard drive wipe and complete reinstall, I would ask yhou to verify your own research and do whatever it takes (beyond a shadow of a doubt) to verify that your system is now totally free of corruption. Perhaps use the tools we use here (Ad-Aware, Hijack This, MS Defender, etc.) to see what you can find.

As experienced and concerned as you are, you owe it to yourself and your constituents to be ABSOLUTELY POSITIVE that when you're blowing that whistle, we can all take it to the bank.

Thank you for your dialogue here, and because of you I became interested and involved, as well. That can only be a GOOD thing. :D

Best wishes, always. I look forward to hearing what your extended investigation reveals. Please keep us posted.

Link to comment
Share on other sites

mazin

mazin

Posted
Posted

I've always used adaware/spyware scanners.

And I strongly believe your log is a real and honest one.

Your downloaded file is apparently infected.

I searched my Registry and searched my %ProgramFiles% directory.

I didn't find any traces like yours.

I could not say you're lying. Your downloaded file is apparently infected.

Link to comment
Share on other sites
nuhi

nuhi

Posted
Posted

Man I can't believe you never experienced false antivirus alert.

Regarding Winrar selfextracting exe every other antivirus will report as some trojan, then you just report that to the antivirus author and they will correct, happened before.

Let me know what they say, but I assure you that nLite is clean and don't make me close this topic, so no insults please.

Link to comment
Share on other sites
Capricorn

Capricorn

Posted
Posted

I do use nlite and I did NOT find anything on sudoku in my registry. That is good. However, when using the Mcafee SiteAdvisor tool and when I go to the website www.nliteos.com, it does give me the following warning:

When we tested this site we found links to german-nlite.de, which we found to be a distributor of downloads some people consider adware, spyware or other unwanted programs.

Therefore, there is reason to be careful and to be worried that nlite does introduce something bad in your system.

Link to comment
Share on other sites
retox

retox

Posted
  • Author
Posted (edited)
Man I can't believe you never experienced false antivirus alert.

Regarding Winrar selfextracting exe every other antivirus will report as some trojan, then you just report that to the antivirus author and they will correct, happened before.

Let me know what they say, but I assure you that nLite is clean and don't make me close this topic, so no insults please.

nuhi its good to talk to you but this isnt a false positive - I'm sorry I posted here first but on the nlite site I couldnt find where to send such a concern.

I know its not a false positive on these terms

1) the file infected came from a single source - no other source of the nlite software dropped registry entries

into my registry that were as written by the infection

2) I saw the registry entries myself and did a test without using any scanners but searching the registry - before and after installing the file that infected the machine

2.5) I did this on clean isolated computers and also on computers interfacing to the internet -

3) I downloaded several times instances of the installer - both infected and not infected from

different sources and still the only infection came from that one link

4) when I checked the ssource of html on the nlite site I saw nothing that would indicate it was a problem with the site

5) As you are confident of the integrity of your site and software there must or may be another explanation and I would like very much to help find that explanation but obviously sitting here I cannot see what you see behind those servers etc. - my aim is to help prevent a horrendous discharge of 180solutions viralware

I will take the advice of the others and do a full test and post full results - I will post the file to a filehost so others may see it

I am honestly not trying to undermine the softwre its creators or anything like that - I seriously had only good intentions and on reflection perhaps I could have been more subtle but I cant change that now and will remember in future that obviously this post is stressing others out as well as me.

but the thought that people might even now be loading entire networks with software that may have been compromised is horrendous - I am only thinking back to when I have had such awful problems with any malware that has infected files thats written by 180solutions - I was also thinking I couldnt just say nothing

Look everyone I am trying to be honest and to get a job done on your behalf for your benifit

If I've done something wrong I apologise sincerely give me 24 hours as I am really tired now and I will see if I can put a decent report together

Edited by retox
Link to comment
Share on other sites
Viscon

Viscon

Posted
Posted (edited)

OK - enough is enough.

retox, please upload the file that's supposed to be infected and i will scan it with bit defender plus v10.

you say your bit defender alarmed positively, let's see what mine says then.

you may upload the file on rapidshare and tell us a link.

hopefully this test will finish all that embarrassing thread.

Edited by Viscon
Link to comment
Share on other sites
nuhi

nuhi

Posted
Posted

retox, if no one else reports it then what am I to think other than it's on your side somehow.

Thousands of people use nlite and no one ever complained about injecting reg entries, nor does nlite do it even for saving settings (it uses ini files).

I can only explain this by you having some infection already on your os prior installing nlite and somehow it triggers it to reapply that reg.

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted

I tried the "infected" installer you uploaded. It's identical to the official one on the web site and the one I downloaded a while ago. I installed it, still no references of sudoku in registry, nor any spyware found...

Your spyware's coming from elsewhere.

Link to comment
Share on other sites
retox

retox

Posted
  • Author
Posted (edited)
retox, if no one else reports it then what am I to think other than it's on your side somehow.

Thousands of people use nlite and no one ever complained about injecting reg entries, nor does nlite do it even for saving settings (it uses ini files).

I can only explain this by you having some infection already on your os prior installing nlite and somehow it triggers it to reapply that reg.

Well this is why I posted here I knew some people who developed the program come here - so I thought we could have solved it if people had been more willing to say " hey so what happened"

Man I have no doubt the software is good - I'm going to use the uninfected version I have -

but surely you agree that with a program like nlite I am not wrong to bring this up for discussion - some critical machines could depend on it -

believe me I am neither insulting you or the software - I am glad there is no infection on your servers but mystified strongly puzzled about how this could have happened now.

I totally agree it does seem odd that I should say such things but all I can say is please believe me I am not lying and not trying to make anyone or any product look bad

I am geniuinely sorry if I have offended anyone and deeply concerned about networks and computers I take my job seriously and when at a forum like this I try to take a responsible attitude and get involved

It is such a mystery but please allow me back here tomorrow about the same time I will try to present you with a detailed description and analysis properly written up so you may be able to hazard a better guess at how it might have happened - can I ask a question

just supposing I was right and somehow either I was tricked into downloading from a non nlite server - or the nlite server had been compromised - that would be cause for concern wouldnt it?

I tried the "infected" installer you uploaded. It's identical to the official one on the web site and the one I downloaded a while ago. I installed it, still no references of sudoku in registry, nor any spyware found...
impossible !! OK I will get some experts in data and network forensics to help -

end of story I desist

Edited by retox
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...