Announcing new way of Analog Obsession

[Aloysius]

I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.

Just did a quick scan with windows defender and all was good.

[thecontrolcentre]

I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.

Just did a quick scan with windows defender and all was good.

Lucky you

[jdnz]

You didn't quote all the info from my post.

Program:Win32/Unwasson.Alml

Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>

Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll


Trojan:Win32/Spursint.Flcl

Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll


I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.

the 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).

[Aloysius]

I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.

Just did a quick scan with windows defender and all was good.

Lucky you

I hadn't installed any of the plugins, so I guess being a lazy bugger can be a positive thing (sometimes).

[thecontrolcentre]

You didn't quote all the info from my post.

Program:Win32/Unwasson.Alml

Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>

Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll


Trojan:Win32/Spursint.Flcl

Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll


I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.

the 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).

Got ya. Thanks for explaining.

[Boone777]

I tried the plugins in Linux using Linvst to convert the dll into .so
I can't find nothing as viruses in the suggested pathway.
I guess it's to be expected that Linux won't be affected. Or can it be ?

[AnalogObsession]

I have some bad news...

I've lost my website because attack was really big... I can't handle any new bad news...

So i have to start from scratch.

Some users gave me advice about Patreon and i started Patreon.

I'm uploading all plugins to my own pcloud server. First, i uploaded BlackShow for opening Patreon page. Tomorrow, i will start uploading others.

You can support me and motivate me...

https://www.patreon.com/analogobsession

Now, you can download it and become my patron...

I'm sorry.

Thanks.

[plexuss]

Hey Tunca. Sorry that happened. wow, the internet has turned into a war zone in more ways that one. I really pine for the old days 70s-80s when I was on it and it was calm cool and collected with very few people , most of whom were smart and respectful. its a wasteland of humanity now.

Maybe a blessign in disguise because now you don't have to deal with the site at all. Just keep it simple and on Patreon. Dont' sweat any of this! Just try and relax. Nobody here owes you anything so dont take any sh*t.

FYI on my mac I installed the AU and VST3's and did a scan of those and the AO folder where I have all the zips and installers, using ClamXAV - no issues found.

[TMaudio]

So far, the new upload of BlackShow:

Arcabit

Trojan.Razy.D93744
BitDefender

Gen:Variant.Razy.603972
Emsisoft

Gen:Variant.Razy.603972 (B)
FireEye

Gen:Variant.Razy.603972
GData

Gen:Variant.Razy.603972
MAX

Malware (ai Score=82)

[kidslow]

Tunca, I recommend you share as many details as possible about what happened, because some people are likely chafed by the experience and disinclined to believe you. Also, it could happen to any independent developer on these forums with a website, so let this be a warning to the community.

Here is my suggestion for how to gain patrons on Patreon and earn back goodwill. Focus on updates, but provide updated versions of your plugs only to patrons ... and to customers of previous versions (or how else can you convert them into patrons?)

Don't just jam as many of the existing plugins from your old website into the Patreon page. Roll them out deliberately. Put all new projects aside until you work through all the legacy ones that you want to continue to develop.

Maybe request patrons vote on which order to work through the archive?
Maybe retire some of the existing ones and archive them somewhere for download posterity?

For each one that you do want to continue to develop, track down the list of reported bugs and feature requests -- also request unreported bugs and features. Trust your patrons if they report problems and do the hard work of communicating to ensure you can replicate them. Attend to every single item brought to your attention or explain why you will not fix something. Work through one product a week, or one every two weeks ... whatever it takes. Move slowly and deliberately. Focus strictly on stability and on pleasing your existing user base.

I think most people here want you to succeed and create great tools. Well clearly some people want to shit on you, but some people want to shit on someone some of the time ... I looked back in the archives and there's a lot of damaged goodwill here, so there is a long road back to redemption. It's a simple equation if you focus on stability. If people can't trust your tools to be stable, they won't use them. If they're not using them, they're not going to be patrons. I'm supporting your Patreon, because I believe that there need to be as many passionate independent developers out there as possible making tools for the rest of us.

[Teksonik]

Damn I spent the whole day scanning my hard drive with Bitdefender to get rid of this malware. I recommend not downloading anything from this guy again. Looks like his stuff is still infected.

[kidslow]

Damn I spent the whole day scanning my hard drive with Bitdefender to get rid of this malware. I recommend not downloading anything from this guy again. Looks like his stuff is still infected.

The guy got kicked while he was down and you took collateral damage. That sucks, but maybe both you and Tunca are victims here? Pretty sure he doesn't want to infect his user base. I can come up with a lot of theories, but I do believe he was targeted and his website was hacked. Like why lie about that in the context of his identity on these forums? There's a certain earnestness that comes through that's hard to fake.

But the first step towards the stability I'm talking about would be to repackage everything from the ground up and dispose of all those existing packages. Treat them as all contaminated whether they are or not. The second step would be to run everything through VirusTotal before posting it ... every time ... for ever more. Make that a checklist item and go OCD with it Tunca!

Other developers here should be hoping that this was just a drive by that randomly caught AO and that the criminal organizations behind such endeavors have not set their sights on audio plugin developers. You're all responsible for diligently trying to not get hacked, but it's wildly difficult when the tools you build your website platform on (e.g. WordPress, Drupal) are constantly suffering security vulnerabilities that you have to patch against.

[hivkorn]

Why an hacker team aim an audio dev ?..it suck...but everyone can access to ab3l & kain today , every kid could do it for fun...very bad times for AO...i hope everything will be better for you in a near futur.

[kidslow]

Why an hacker team aim an audio dev ?

Didn't necessarily take a team. Could have been one solo operator. Could be a botnet. Whoever, I'm guessing found an unpatched website. Infecting ZIP file downloads was the payload. Why only some of the files infected? A team would have done more. I'd say a botnet or part of some automated scan and infect scheme (i.e. a botnet).

[El°HYM]

I am sorry for all the trouble, Tunca. But you really need to check all of your machines/servers etc. - There's something really odd here, even considering a 'discredit' of your work by reporting 'false' - positives, yet signs are pointing in the other direction & pretty huge amount of your userbase had to deal with infections. Even it seems more than stressful for you to deal with this at the moment; there's need to take steps, also for your own safety. Hope Things sort out quick & fall into Place, again.