Announcing new way of Analog Obsession
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240 - KVRAF
- 35156 posts since 27 Jul, 2005 from the wilds of wanny
I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
-
- KVRian
- 985 posts since 10 Sep, 2014
I use AVG free. Should work, but don't take my word for it. I'm not an expert.
-
- KVRAF
- 8823 posts since 6 Jan, 2017 from Outer Space
Get rid of AVG. They installed spy software. The standard Windows protection is fine nowadays according to the experts of c’t magazine...
-
- KVRian
- 985 posts since 10 Sep, 2014
Oh.. Thanks for telling me. Normally I uninstall it after using it. I don't want a antivirus slowing down my pc.Tj Shredder wrote: ↑Sun Feb 23, 2020 8:49 pm Get rid of AVG. They installed spy software. The standard Windows protection is fine nowadays according to the experts of c’t magazine...
-
Echoes in the Attic Echoes in the Attic https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=180417
- KVRAF
- 11051 posts since 12 May, 2008
At what point could the viruses get into our system? I downloaded a bunch of the plugins but did not get around to opening the 64 bit zip files of the VSTs. I don't even know if there was an installer. Was it the downloads or running an installer can get the virus on your system?
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35156 posts since 27 Jul, 2005 from the wilds of wanny
As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.
-
Echoes in the Attic Echoes in the Attic https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=180417
- KVRAF
- 11051 posts since 12 May, 2008
Do you know what some of the files or folders were called in your appData folder? Do you mean the Programdata folder?thecontrolcentre wrote: ↑Sun Feb 23, 2020 9:19 pm As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.
I unzipped the first batch of zip files but inside those more zipped files for the 32 and 64 bit versions. I didn't unzip those. Do you mean those last zip files that were 32 or 64 bit specific? Or the downloaded zip packages? Windows scan has not found anything but I'm paranoid.
Last edited by Echoes in the Attic on Sun Feb 23, 2020 9:29 pm, edited 2 times in total.
-
- KVRist
- 188 posts since 6 Jul, 2012
Not really a user of AO plugs. But unzipped and checked each file 1 by 1, files of 3 days ago.
The 64's are clean.
All the 32's show infection except for Dynasaur and Jamp.
All the vst3's are clean, except Jamp shows infection.
The 64's are clean.
All the 32's show infection except for Dynasaur and Jamp.
All the vst3's are clean, except Jamp shows infection.
-
Echoes in the Attic Echoes in the Attic https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=180417
- KVRAF
- 11051 posts since 12 May, 2008
But this is what confuses me. You were able to download and check the files to see if there are viruses before they get on your system, yes? If there is no installer, how would those viruses actually get installed somewhere? OR were you able to check them before unzipping and it is the unzipping that releases the viruses? Sorry for my ignorance. I used a mac for a long time.
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35156 posts since 27 Jul, 2005 from the wilds of wanny
I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.Echoes in the Attic wrote: ↑Sun Feb 23, 2020 9:25 pmDo you know what some of the files or folders were called in your appData folder? Do you mean the Programdata folder?thecontrolcentre wrote: ↑Sun Feb 23, 2020 9:19 pm As soon as I unzipped the downloaded folders to get at the dll files I got a warning from Defender which then deleted the files. Unfortunately by then the Trojans, etc had already got into into my AppDate folder. So it looks like simply downloading and opening the zip file is dodgy.
I unzipped the first batch of zip files but inside those more zipped files for the 32 and 64 bit versions. I didn't unzip those. Do you mean those last zip files that were 32 or 64 bit specific? Or the downloaded zip packages? Windows scan has not found anything but I'm paranoid.
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35156 posts since 27 Jul, 2005 from the wilds of wanny
That is the question. I presumed the attached malware installed itself as it was showing up in various folders (please see my post on the previous page).Echoes in the Attic wrote: ↑Sun Feb 23, 2020 9:58 pm If there is no installer, how would those viruses actually get installed somewhere?
-
- KVRian
- 1021 posts since 3 Oct, 2011 from Christchurch, New Zealand
you posted it finding them in .zip files your firefox cache and the per-user temp directory - those are just copies of the .zip archive from downloading - it's not like the virus has managed to infect you without unzipping/executing the .dllsthecontrolcentre wrote: ↑Sun Feb 23, 2020 10:00 pm I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll
C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
-
Echoes in the Attic Echoes in the Attic https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=180417
- KVRAF
- 11051 posts since 12 May, 2008
^ Right so just temp download files, nothing that would actually do anything until perhaps the VST was actually opened? Just guessing.
-
- KVRAF
- 40216 posts since 11 Aug, 2008 from clown world
I'll keep watching. I downloaded Malwarebytes premium Trial. It quarantined two files but they looked harmless, so I restored them. I haven't actually installed any of the x64 files. I think I'll just delete them for safety sake.
Also:
Cleared Browsing & Download History, Form & Search History, Cookies, Cache, Site Preferences and Offline Website Data from FireFox.
Cleared Browsing History, Cookies, Cache and Download History from Microsoft Edge.
Cleared Browsing History, Cookies Etc and Cache in Google Chrome.
There's actually 'Virus & thread protection' on my W10 Machine. Windows Defender. Ran a quick scan. No current threats were registered.
Also:
Cleared Browsing & Download History, Form & Search History, Cookies, Cache, Site Preferences and Offline Website Data from FireFox.
Cleared Browsing History, Cookies, Cache and Download History from Microsoft Edge.
Cleared Browsing History, Cookies Etc and Cache in Google Chrome.
There's actually 'Virus & thread protection' on my W10 Machine. Windows Defender. Ran a quick scan. No current threats were registered.
Last edited by Aloysius on Sun Feb 23, 2020 10:59 pm, edited 1 time in total.
Anyone who can make you believe absurdities can make you commit atrocities.
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35156 posts since 27 Jul, 2005 from the wilds of wanny
You didn't quote all the info from my post.jdnz wrote: ↑Sun Feb 23, 2020 10:21 pmyou posted it finding them in .zip files your firefox cache and the per-user temp directory - those are just copies of the .zip archive from downloading - it's not like the virus has managed to infect you without unzipping/executing the .dllsthecontrolcentre wrote: ↑Sun Feb 23, 2020 10:00 pm I posted the scan results and locations on the previous page. The malware alerts started as soon as I opened the VST2 zip files containing the dll's, not before.
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll
C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
Program:Win32/Unwasson.Alml
Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll
Trojan:Win32/Spursint.Flcl
Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.
