Announcing new way of Analog Obsession

VST, AU, etc. plug-in Virtual Effects discussion
User avatar
KVRAF
34836 posts since 11 Aug, 2008 from another dimension

Post Sun Feb 23, 2020 3:01 pm

thecontrolcentre wrote:
Sun Feb 23, 2020 12:26 pm
I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
Just did a quick scan with windows defender and all was good.
Hi-de-Hi!

User avatar
KVRAF
31166 posts since 27 Jul, 2005 from the wilds of wanny

Post Sun Feb 23, 2020 3:03 pm

Aloysius wrote:
Sun Feb 23, 2020 3:01 pm
thecontrolcentre wrote:
Sun Feb 23, 2020 12:26 pm
I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
Just did a quick scan with windows defender and all was good.
Lucky you ;)

KVRian
988 posts since 3 Oct, 2011 from Christchurch, New Zealand

Post Sun Feb 23, 2020 3:06 pm

thecontrolcentre wrote:
Sun Feb 23, 2020 2:56 pm
You didn't quote all the info from my post.

Program:Win32/Unwasson.Alml

Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>

Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll


Trojan:Win32/Spursint.Flcl

Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll


I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.
the 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).

User avatar
KVRAF
34836 posts since 11 Aug, 2008 from another dimension

Post Sun Feb 23, 2020 3:08 pm

thecontrolcentre wrote:
Sun Feb 23, 2020 3:03 pm
Aloysius wrote:
Sun Feb 23, 2020 3:01 pm
thecontrolcentre wrote:
Sun Feb 23, 2020 12:26 pm
I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
Just did a quick scan with windows defender and all was good.
Lucky you ;)
I hadn't installed any of the plugins, so I guess being a lazy bugger can be a positive thing (sometimes). :)
Hi-de-Hi!

User avatar
KVRAF
31166 posts since 27 Jul, 2005 from the wilds of wanny

Post Sun Feb 23, 2020 3:10 pm

jdnz wrote:
Sun Feb 23, 2020 3:06 pm
thecontrolcentre wrote:
Sun Feb 23, 2020 2:56 pm
You didn't quote all the info from my post.

Program:Win32/Unwasson.Alml

Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>

Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll


Trojan:Win32/Spursint.Flcl

Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll


I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.
the 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).
Got ya. Thanks for explaining. :)

User avatar
KVRian
881 posts since 8 Aug, 2011

Post Sun Feb 23, 2020 3:12 pm

I tried the plugins in Linux using Linvst to convert the dll into .so
I can't find nothing as viruses in the suggested pathway.
I guess it's to be expected that Linux won't be affected. Or can it be ?
Win 7, 64Bit, 16 Gig RAM, Intel i7 Quad 3.9, Reaper 5.965, Steinberg MR816x

KVRist

Topic Starter

464 posts since 3 Oct, 2018

Post Sun Feb 23, 2020 3:49 pm

I have some bad news...

I've lost my website because attack was really big... I can't handle any new bad news...

So i have to start from scratch.

Some users gave me advice about Patreon and i started Patreon.

I'm uploading all plugins to my own pcloud server. First, i uploaded BlackShow for opening Patreon page. Tomorrow, i will start uploading others.

You can support me and motivate me...

https://www.patreon.com/analogobsession

Now, you can download it and become my patron...

I'm sorry.

Thanks.
https://www.patreon.com/analogobsession Support for free VST2, VST3, AU for WIN & MAC

User avatar
KVRAF
4624 posts since 8 Jul, 2009

Post Sun Feb 23, 2020 5:36 pm

Hey Tunca. Sorry that happened. wow, the internet has turned into a war zone in more ways that one. I really pine for the old days 70s-80s when I was on it and it was calm cool and collected with very few people , most of whom were smart and respectful. its a wasteland of humanity now.

Maybe a blessign in disguise because now you don't have to deal with the site at all. Just keep it simple and on Patreon. Dont' sweat any of this! Just try and relax. Nobody here owes you anything so dont take any sh*t. :phones:

FYI on my mac I installed the AU and VST3's and did a scan of those and the AO folder where I have all the zips and installers, using ClamXAV - no issues found.
Last edited by plexuss on Sun Feb 23, 2020 5:54 pm, edited 1 time in total.

KVRist
161 posts since 6 Jul, 2012

Post Sun Feb 23, 2020 5:50 pm

So far, the new upload of BlackShow:

Arcabit

Trojan.Razy.D93744
BitDefender

Gen:Variant.Razy.603972
Emsisoft

Gen:Variant.Razy.603972 (B)
FireEye

Gen:Variant.Razy.603972
GData

Gen:Variant.Razy.603972
MAX

Malware (ai Score=82)

User avatar
KVRist
344 posts since 26 Aug, 2019

Post Sun Feb 23, 2020 7:08 pm

Tunca, I recommend you share as many details as possible about what happened, because some people are likely chafed by the experience and disinclined to believe you. Also, it could happen to any independent developer on these forums with a website, so let this be a warning to the community.

Here is my suggestion for how to gain patrons on Patreon and earn back goodwill. Focus on updates, but provide updated versions of your plugs only to patrons ... and to customers of previous versions (or how else can you convert them into patrons?)

Don't just jam as many of the existing plugins from your old website into the Patreon page. Roll them out deliberately. Put all new projects aside until you work through all the legacy ones that you want to continue to develop.

:?: Maybe request patrons vote on which order to work through the archive?
:?: Maybe retire some of the existing ones and archive them somewhere for download posterity?

For each one that you do want to continue to develop, track down the list of reported bugs and feature requests -- also request unreported bugs and features. Trust your patrons if they report problems and do the hard work of communicating to ensure you can replicate them. Attend to every single item brought to your attention or explain why you will not fix something. Work through one product a week, or one every two weeks ... whatever it takes. Move slowly and deliberately. Focus strictly on stability and on pleasing your existing user base.

I think most people here want you to succeed and create great tools. Well clearly some people want to shit on you, but some people want to shit on someone some of the time :lol: ... I looked back in the archives and there's a lot of damaged goodwill here, so there is a long road back to redemption. It's a simple equation if you focus on stability. If people can't trust your tools to be stable, they won't use them. If they're not using them, they're not going to be patrons. I'm supporting your Patreon, because I believe that there need to be as many passionate independent developers out there as possible making tools for the rest of us. :tu:

User avatar
KVRAF
16411 posts since 16 Sep, 2001 from Las Vegas,USA

Post Sun Feb 23, 2020 7:31 pm

Damn I spent the whole day scanning my hard drive with Bitdefender to get rid of this malware. I recommend not downloading anything from this guy again. Looks like his stuff is still infected.
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe

User avatar
KVRist
344 posts since 26 Aug, 2019

Post Sun Feb 23, 2020 8:01 pm

Teksonik wrote:
Sun Feb 23, 2020 7:31 pm
Damn I spent the whole day scanning my hard drive with Bitdefender to get rid of this malware. I recommend not downloading anything from this guy again. Looks like his stuff is still infected.
The guy got kicked while he was down and you took collateral damage. That sucks, but maybe both you and Tunca are victims here? Pretty sure he doesn't want to infect his user base. I can come up with a lot of theories, but I do believe he was targeted and his website was hacked. Like why lie about that in the context of his identity on these forums? There's a certain earnestness that comes through that's hard to fake.

But the first step towards the stability I'm talking about would be to repackage everything from the ground up and dispose of all those existing packages. Treat them as all contaminated whether they are or not. The second step would be to run everything through VirusTotal before posting it ... every time ... for ever more. Make that a checklist item and go OCD with it Tunca!

Other developers here should be hoping that this was just a drive by that randomly caught AO and that the criminal organizations behind such endeavors have not set their sights on audio plugin developers. You're all responsible for diligently trying to not get hacked, but it's wildly difficult when the tools you build your website platform on (e.g. WordPress, Drupal) are constantly suffering security vulnerabilities that you have to patch against.

User avatar
Banned
3509 posts since 6 Sep, 2007 from France

Post Sun Feb 23, 2020 9:45 pm

Why an hacker team aim an audio dev ?..it suck...but everyone can access to ab3l & kain today , every kid could do it for fun...very bad times for AO...i hope everything will be better for you in a near futur.

User avatar
KVRist
344 posts since 26 Aug, 2019

Post Sun Feb 23, 2020 10:05 pm

hivkorn wrote:
Sun Feb 23, 2020 9:45 pm
Why an hacker team aim an audio dev ?
Didn't necessarily take a team. Could have been one solo operator. Could be a botnet. Whoever, I'm guessing found an unpatched website. Infecting ZIP file downloads was the payload. Why only some of the files infected? A team would have done more. I'd say a botnet or part of some automated scan and infect scheme (i.e. a botnet).

User avatar
KVRian
830 posts since 21 Nov, 2015

Post Mon Feb 24, 2020 12:12 am

I am sorry for all the trouble, Tunca. But you really need to check all of your machines/servers etc. - There's something really odd here, even considering a 'discredit' of your work by reporting 'false' - positives, yet signs are pointing in the other direction & pretty huge amount of your userbase had to deal with infections. Even it seems more than stressful for you to deal with this at the moment; there's need to take steps, also for your own safety. Hope Things sort out quick & fall into Place, again. :phones:
The art of knowing is knowing what to ignore.

Return to “Effects”