What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » General » Forum & Website » Dodgy Downloads

Pages: (3): « First [ 1 ] 2 3 » Last »
Dodgy Downloads
Author: Message:
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. Dodgy Downloads
Today on irc someone came in with a problem with installing Plus! Me and Sunshine went to work and found out it was a virus. When i downloaded Plus! From the site and from Simtel I got this.

[Image: attachment.php?pid=282122]

Now the 3-02 version i got from the site and the .zip I got from Simtel. Sunshine scanned and found no virus' but it is weird no?

EDIT: Both Files are 3.01.94

.jpg File Attachment: untitled.JPG (24.07 KB)
This file has been downloaded 323 time(s).

This post was edited on 07-25-2004 at 01:52 PM by GiantSpider.
07-25-2004 01:47 PM
Profile PM Find Quote Report
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. RE: Dodgy Downloads
quote:
Originally posted by Stigmata
simtel like to include there own files
Care to explain?
07-25-2004 02:05 PM
Profile PM Find Quote Report
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. RE: Dodgy Downloads
Well the only file in the .zip was MsgPlus!.exe
07-25-2004 02:33 PM
Profile PM Find Quote Report
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. RE: Dodgy Downloads
You betcha
07-25-2004 02:39 PM
Profile PM Find Quote Report
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. RE: Dodgy Downloads
rar a .zip?
07-25-2004 02:43 PM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Dodgy Downloads
Errmmm, Stigmata:
1) the files on Simtel are exactly the same as the one yo find on Patchou's server. The only thing that simtel does is to zip them, nothing more...
2) The point in being a mirrorsite is that they do not alter any of the files they host!
3) You can't hide a file inside a zipfile
4) "rar the file, then using winrar to unrar it it will show u everything inside  have a check" ... that makes absolutely no sense...


GiantSpider has send the file to me...

Size:
Original Plus! 3.01.94: 3.497.984 bytes
Infected Plus! 3.01.94: 3.502.080 bytes (=4096 bytes bigger)

TimeDateStamp: (this is not the timedatestamp that you'll see in windows, but this is the timedatestamp from when the exe file was actually made; it is found inside the exe-header itself)
Original Plus! 3.01.94: 2/6/2004 22:29:47
Infected Plus! 3.01.94: 24/7/2004 22:31:36 (=yesterday!)

The resources (aka setupfiles etc...) inside are the same

Remarks:
It is very strange that the file was downloaded at an official source while the file was named MsgPlus-302.exe.

Note that this happend only to GiantSpider and the person on IRC!

As well as GiantSpider as the person who came on IRC got this file from downloading it from an official source.

The thing that popuped up after installing was "Bad Elmo, u need to install this with the parental program"...

A scan of the file resulted in nothing, no detected infection. (at least as far as I can tell with a cheap/free scanner :p)

Although I can't find anything (at this moment after a quick search) related to a virus, this has been reported before with other people (and other files):
http://club.cdfreaks.com/showthread.php?t=84510
http://www.pchelper.nl/forum/index.php?showtopic=1718
http://www.talkroot.com/archive/topic/14496-1.html

Also, together with the "bad elmo"-talk, there is also talk about a related MP3_plugin.exe (someone says this is the source of the problem), and inside that file I find "http://www.lop.com". Logic, if you consider that someone else says that that file is the LOP installer. But why the strange name then?).. :/

Conclussion:
* Or both are infected with some kind of spyware/virus/trojan/whataver (but it is strange that this only happend once and only with Plus! downloading)
* Something is fishy with the sponsor-program (LOP acting up again?)

Note:
Although it seems that it is some malicious thing called "Bad Elmo", it is realy frustrating that you can't find ANYTHING about it on the net. The only things you find are "it is spyware", "it is a virus", etc... but nobody or no company reports about what it ACTUALY is and what it EXACTLY does....

This post was edited on 07-25-2004 at 03:40 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
07-25-2004 02:48 PM
Profile PM Find Quote Report
Kryptonate
Veteran Member
*****

Avatar

Posts: 2874
Reputation: 23
38 / Male / –
Joined: Jun 2003
RE: Dodgy Downloads
I just downloaded it from Simtel and there was nothing in it.
07-25-2004 03:01 PM
Profile E-Mail PM Find Quote Report
GiantSpider
Veteran Member
*****

Avatar

Posts: 1435
Reputation: 21
34 / Male / Flag
Joined: Sep 2003
O.P. RE: Dodgy Downloads
Nothing as in empty?
07-25-2004 03:02 PM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Dodgy Downloads
Kryptonate means "nothing" as in "nothing wrong with the file"....guess not :/

I highly doubt anybody else will get the MsgPlus-302.exe file, see my previous post...

This post was edited on 07-25-2004 at 03:20 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
07-25-2004 03:15 PM
Profile PM Find Quote Report
Kryptonate
Veteran Member
*****

Avatar

Posts: 2874
Reputation: 23
38 / Male / –
Joined: Jun 2003
RE: Dodgy Downloads
quote:
Originally posted by GiantSpider
Nothing as in empty?
yes, 0 kb.

Tried again to download it from Simtel but I couldn't access the page anylonger, perhaps they're looking into it.

quote:
Originally posted by CookieRevised
Kryptonate means "nothing" as in "nothing wrong with the file"....
I highly doubt anybody else will get the MsgPlus-302.exe file, see my previous post...
no I don't :p

This post was edited on 07-25-2004 at 03:17 PM by Kryptonate.
07-25-2004 03:17 PM
Profile E-Mail PM Find Quote Report
Pages: (3): « First [ 1 ] 2 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On