Announcing new way of Analog Obsession

VST, AU, AAX, CLAP, etc. Plugin Virtual Effects Discussion
RELATED
PRODUCTS

Post

I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.

Post

Aloysius wrote: Sun Feb 23, 2020 12:23 pm Do we need to scan our PCs? Any freeware that will do it?
I use AVG free. Should work, but don't take my word for it. I'm not an expert.

Post

Get rid of AVG. They installed spy software. The standard Windows protection is fine nowadays according to the experts of c’t magazine...

Post

Tj Shredder wrote: Sun Feb 23, 2020 12:49 pm Get rid of AVG. They installed spy software. The standard Windows protection is fine nowadays according to the experts of c’t magazine...
Oh.. Thanks for telling me. Normally I uninstall it after using it. I don't want a antivirus slowing down my pc.

Post

At what point could the viruses get into our system? I downloaded a bunch of the plugins but did not get around to opening the 64 bit zip files of the VSTs. I don't even know if there was an installer. Was it the downloads or running an installer can get the virus on your system?

Post

As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.

Post

thecontrolcentre wrote: Sun Feb 23, 2020 1:19 pm As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.
Do you know what some of the files or folders were called in your appData folder? Do you mean the Programdata folder?

I unzipped the first batch of zip files but inside those more zipped files for the 32 and 64 bit versions. I didn't unzip those. Do you mean those last zip files that were 32 or 64 bit specific? Or the downloaded zip packages? Windows scan has not found anything but I'm paranoid.
Last edited by Echoes in the Attic on Sun Feb 23, 2020 1:29 pm, edited 2 times in total.

Post

Not really a user of AO plugs. But unzipped and checked each file 1 by 1, files of 3 days ago.

The 64's are clean.
All the 32's show infection except for Dynasaur and Jamp.
All the vst3's are clean, except Jamp shows infection.

Post

TMaudio wrote: Sun Feb 23, 2020 1:53 pm Not really a user of AO plugs. But unzipped and checked each file 1 by 1, files of 3 days ago.

The 64's are clean.
All the 32's show infection except for Dynasaur and Jamp.
All the vst3's are clean, except Jamp shows infection.
But this is what confuses me. You were able to download and check the files to see if there are viruses before they get on your system, yes? If there is no installer, how would those viruses actually get installed somewhere? OR were you able to check them before unzipping and it is the unzipping that releases the viruses? Sorry for my ignorance. I used a mac for a long time.

Post

Echoes in the Attic wrote: Sun Feb 23, 2020 1:25 pm
thecontrolcentre wrote: Sun Feb 23, 2020 1:19 pm As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.
Do you know what some of the files or folders were called in your appData folder? Do you mean the Programdata folder?

I unzipped the first batch of zip files but inside those more zipped files for the 32 and 64 bit versions. I didn't unzip those. Do you mean those last zip files that were 32 or 64 bit specific? Or the downloaded zip packages? Windows scan has not found anything but I'm paranoid.
I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.

Post

Echoes in the Attic wrote: Sun Feb 23, 2020 1:58 pm If there is no installer, how would those viruses actually get installed somewhere?
That is the question. I presumed the attached malware installed itself as it was showing up in various folders (please see my post on the previous page).

Post

thecontrolcentre wrote: Sun Feb 23, 2020 2:00 pm I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.
you posted it finding them in .zip files your firefox cache and the per-user temp directory - those are just copies of the .zip archive from downloading - it's not like the virus has managed to infect you without unzipping/executing the .dlls

C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7

C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll

C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip

C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll

Post

^ Right so just temp download files, nothing that would actually do anything until perhaps the VST was actually opened? Just guessing.

Post

I'll keep watching. I downloaded Malwarebytes premium Trial. It quarantined two files but they looked harmless, so I restored them. I haven't actually installed any of the x64 files. I think I'll just delete them for safety sake.

Also:

Cleared Browsing & Download History, Form & Search History, Cookies, Cache, Site Preferences and Offline Website Data from FireFox.

Cleared Browsing History, Cookies, Cache and Download History from Microsoft Edge.

Cleared Browsing History, Cookies Etc and Cache in Google Chrome.

There's actually 'Virus & thread protection' on my W10 Machine. Windows Defender. Ran a quick scan. No current threats were registered.
Last edited by Aloysius on Sun Feb 23, 2020 2:59 pm, edited 1 time in total.
Anyone who can make you believe absurdities can make you commit atrocities.

Post

jdnz wrote: Sun Feb 23, 2020 2:21 pm
thecontrolcentre wrote: Sun Feb 23, 2020 2:00 pm I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.
you posted it finding them in .zip files your firefox cache and the per-user temp directory - those are just copies of the .zip archive from downloading - it's not like the virus has managed to infect you without unzipping/executing the .dlls

C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7

C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll

C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip

C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
You didn't quote all the info from my post.

Program:Win32/Unwasson.Alml

Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>

Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll


Trojan:Win32/Spursint.Flcl

Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll


I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.

Return to “Effects”