Just did a quick scan with windows defender and all was good.thecontrolcentre wrote: ↑Sun Feb 23, 2020 8:26 pm I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
Announcing new way of Analog Obsession
- KVRAF
- 40242 posts since 11 Aug, 2008 from clown world
Anyone who can make you believe absurdities can make you commit atrocities.
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35168 posts since 27 Jul, 2005 from the wilds of wanny
Lucky youAloysius wrote: ↑Sun Feb 23, 2020 11:01 pmJust did a quick scan with windows defender and all was good.thecontrolcentre wrote: ↑Sun Feb 23, 2020 8:26 pm I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
-
- KVRian
- 1021 posts since 3 Oct, 2011 from Christchurch, New Zealand
the 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).thecontrolcentre wrote: ↑Sun Feb 23, 2020 10:56 pm You didn't quote all the info from my post.
Program:Win32/Unwasson.Alml
Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll
Trojan:Win32/Spursint.Flcl
Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.
- KVRAF
- 40242 posts since 11 Aug, 2008 from clown world
I hadn't installed any of the plugins, so I guess being a lazy bugger can be a positive thing (sometimes).thecontrolcentre wrote: ↑Sun Feb 23, 2020 11:03 pmLucky youAloysius wrote: ↑Sun Feb 23, 2020 11:01 pmJust did a quick scan with windows defender and all was good.thecontrolcentre wrote: ↑Sun Feb 23, 2020 8:26 pm I used Win Defender ... found several trojans & dodgy programs, all associated with AO, so would say yes, scan your PC.
Anyone who can make you believe absurdities can make you commit atrocities.
-
thecontrolcentre thecontrolcentre https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=76240
- KVRAF
- 35168 posts since 27 Jul, 2005 from the wilds of wanny
Got ya. Thanks for explaining.jdnz wrote: ↑Sun Feb 23, 2020 11:06 pmthe 'other' locations which I didn't bother to quote are your downloads folder, the place you backed up the .zip archive to and the place where you unzipped the .dll to - but you were implying that 'somehow' the virus had 'infected' your appdata folder as well - I was pointing out that this was NOT the case and the files you reference in appdata are the mozilla cache and the temp directory (both of which contain a copy of the .zip file from downloading it).thecontrolcentre wrote: ↑Sun Feb 23, 2020 10:56 pm You didn't quote all the info from my post.
Program:Win32/Unwasson.Alml
Items:
<file:C:\Users\Dave\Downloads\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:E:\Temp\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
<file:I:\BACKUPS\VST Plugins\Free VST\64 bit VST Plugins\Analog Obsession\AO Equalizers\SSQ 3.0\SSQ_3.0_VST_WIN\SSQ.dll.32\SSQ.dll>
Items:
containerfile:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7
file:C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\fey95g4e.default\cache2\entries\0C350065219505450D958784F344B8103A0565C7->SSQ.dll.32.zip->SSQ.dll
Trojan:Win32/Spursint.Flcl
Items:
containerfile:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip
file:C:\Users\Dave\AppData\Local\Temp\Temp1_Harqules_2.0_VST_WIN.zip\Harqules.dll.64.zip->Harqules.dll
I understood that these locations are where the malware files Program:Win32/Unwasson.Alml & Trojan:Win32/Spursint.Flcl were found and removed by Defender. Please correct me if I've misunderstood.
- KVRian
- 896 posts since 8 Aug, 2011
I tried the plugins in Linux using Linvst to convert the dll into .so
I can't find nothing as viruses in the suggested pathway.
I guess it's to be expected that Linux won't be affected. Or can it be ?
I can't find nothing as viruses in the suggested pathway.
I guess it's to be expected that Linux won't be affected. Or can it be ?
MXLinux21, 16 Gig RAM, Intel i7 Quad 3.9, Reaper 6.42, Behringer 204HD or Win7 Steinberg MR816x
-
AnalogObsession AnalogObsession https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=427177
- KVRian
- Topic Starter
- 557 posts since 3 Oct, 2018
I have some bad news...
I've lost my website because attack was really big... I can't handle any new bad news...
So i have to start from scratch.
Some users gave me advice about Patreon and i started Patreon.
I'm uploading all plugins to my own pcloud server. First, i uploaded BlackShow for opening Patreon page. Tomorrow, i will start uploading others.
You can support me and motivate me...
https://www.patreon.com/analogobsession
Now, you can download it and become my patron...
I'm sorry.
Thanks.
I've lost my website because attack was really big... I can't handle any new bad news...
So i have to start from scratch.
Some users gave me advice about Patreon and i started Patreon.
I'm uploading all plugins to my own pcloud server. First, i uploaded BlackShow for opening Patreon page. Tomorrow, i will start uploading others.
You can support me and motivate me...
https://www.patreon.com/analogobsession
Now, you can download it and become my patron...
I'm sorry.
Thanks.
https://www.patreon.com/analogobsession Support for free VST3, AU, AAX for WIN & MAC
- KVRAF
- 5943 posts since 8 Jul, 2009
Hey Tunca. Sorry that happened. wow, the internet has turned into a war zone in more ways that one. I really pine for the old days 70s-80s when I was on it and it was calm cool and collected with very few people , most of whom were smart and respectful. its a wasteland of humanity now.
Maybe a blessign in disguise because now you don't have to deal with the site at all. Just keep it simple and on Patreon. Dont' sweat any of this! Just try and relax. Nobody here owes you anything so dont take any sh*t.
FYI on my mac I installed the AU and VST3's and did a scan of those and the AO folder where I have all the zips and installers, using ClamXAV - no issues found.
Maybe a blessign in disguise because now you don't have to deal with the site at all. Just keep it simple and on Patreon. Dont' sweat any of this! Just try and relax. Nobody here owes you anything so dont take any sh*t.
FYI on my mac I installed the AU and VST3's and did a scan of those and the AO folder where I have all the zips and installers, using ClamXAV - no issues found.
Last edited by plexuss on Mon Feb 24, 2020 1:54 am, edited 1 time in total.
#NONFR Check out my music at Bandcamp Free Streaming!
Free music with your support on Patreon | Youtube: Music of Plexus Videos (music videos) | Youtube: Plexus Productions (audio related) Stop whining. Make music.
Free music with your support on Patreon | Youtube: Music of Plexus Videos (music videos) | Youtube: Plexus Productions (audio related) Stop whining. Make music.
-
- KVRist
- 189 posts since 6 Jul, 2012
So far, the new upload of BlackShow:
Arcabit
Trojan.Razy.D93744
BitDefender
Gen:Variant.Razy.603972
Emsisoft
Gen:Variant.Razy.603972 (B)
FireEye
Gen:Variant.Razy.603972
GData
Gen:Variant.Razy.603972
MAX
Malware (ai Score=82)
Arcabit
Trojan.Razy.D93744
BitDefender
Gen:Variant.Razy.603972
Emsisoft
Gen:Variant.Razy.603972 (B)
FireEye
Gen:Variant.Razy.603972
GData
Gen:Variant.Razy.603972
MAX
Malware (ai Score=82)
- KVRian
- 1323 posts since 26 Aug, 2019
Tunca, I recommend you share as many details as possible about what happened, because some people are likely chafed by the experience and disinclined to believe you. Also, it could happen to any independent developer on these forums with a website, so let this be a warning to the community.
Here is my suggestion for how to gain patrons on Patreon and earn back goodwill. Focus on updates, but provide updated versions of your plugs only to patrons ... and to customers of previous versions (or how else can you convert them into patrons?)
Don't just jam as many of the existing plugins from your old website into the Patreon page. Roll them out deliberately. Put all new projects aside until you work through all the legacy ones that you want to continue to develop.
Maybe request patrons vote on which order to work through the archive?
Maybe retire some of the existing ones and archive them somewhere for download posterity?
For each one that you do want to continue to develop, track down the list of reported bugs and feature requests -- also request unreported bugs and features. Trust your patrons if they report problems and do the hard work of communicating to ensure you can replicate them. Attend to every single item brought to your attention or explain why you will not fix something. Work through one product a week, or one every two weeks ... whatever it takes. Move slowly and deliberately. Focus strictly on stability and on pleasing your existing user base.
I think most people here want you to succeed and create great tools. Well clearly some people want to shit on you, but some people want to shit on someone some of the time ... I looked back in the archives and there's a lot of damaged goodwill here, so there is a long road back to redemption. It's a simple equation if you focus on stability. If people can't trust your tools to be stable, they won't use them. If they're not using them, they're not going to be patrons. I'm supporting your Patreon, because I believe that there need to be as many passionate independent developers out there as possible making tools for the rest of us.
Here is my suggestion for how to gain patrons on Patreon and earn back goodwill. Focus on updates, but provide updated versions of your plugs only to patrons ... and to customers of previous versions (or how else can you convert them into patrons?)
Don't just jam as many of the existing plugins from your old website into the Patreon page. Roll them out deliberately. Put all new projects aside until you work through all the legacy ones that you want to continue to develop.
Maybe request patrons vote on which order to work through the archive?
Maybe retire some of the existing ones and archive them somewhere for download posterity?
For each one that you do want to continue to develop, track down the list of reported bugs and feature requests -- also request unreported bugs and features. Trust your patrons if they report problems and do the hard work of communicating to ensure you can replicate them. Attend to every single item brought to your attention or explain why you will not fix something. Work through one product a week, or one every two weeks ... whatever it takes. Move slowly and deliberately. Focus strictly on stability and on pleasing your existing user base.
I think most people here want you to succeed and create great tools. Well clearly some people want to shit on you, but some people want to shit on someone some of the time ... I looked back in the archives and there's a lot of damaged goodwill here, so there is a long road back to redemption. It's a simple equation if you focus on stability. If people can't trust your tools to be stable, they won't use them. If they're not using them, they're not going to be patrons. I'm supporting your Patreon, because I believe that there need to be as many passionate independent developers out there as possible making tools for the rest of us.
- KVRAF
- 18558 posts since 16 Sep, 2001 from Las Vegas,USA
Damn I spent the whole day scanning my hard drive with Bitdefender to get rid of this malware. I recommend not downloading anything from this guy again. Looks like his stuff is still infected.
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
- KVRian
- 1323 posts since 26 Aug, 2019
The guy got kicked while he was down and you took collateral damage. That sucks, but maybe both you and Tunca are victims here? Pretty sure he doesn't want to infect his user base. I can come up with a lot of theories, but I do believe he was targeted and his website was hacked. Like why lie about that in the context of his identity on these forums? There's a certain earnestness that comes through that's hard to fake.
But the first step towards the stability I'm talking about would be to repackage everything from the ground up and dispose of all those existing packages. Treat them as all contaminated whether they are or not. The second step would be to run everything through VirusTotal before posting it ... every time ... for ever more. Make that a checklist item and go OCD with it Tunca!
Other developers here should be hoping that this was just a drive by that randomly caught AO and that the criminal organizations behind such endeavors have not set their sights on audio plugin developers. You're all responsible for diligently trying to not get hacked, but it's wildly difficult when the tools you build your website platform on (e.g. WordPress, Drupal) are constantly suffering security vulnerabilities that you have to patch against.
- Banned
- 3490 posts since 6 Sep, 2007 from France
Why an hacker team aim an audio dev ?..it suck...but everyone can access to ab3l & kain today , every kid could do it for fun...very bad times for AO...i hope everything will be better for you in a near futur.
- KVRian
- 1323 posts since 26 Aug, 2019
Didn't necessarily take a team. Could have been one solo operator. Could be a botnet. Whoever, I'm guessing found an unpatched website. Infecting ZIP file downloads was the payload. Why only some of the files infected? A team would have done more. I'd say a botnet or part of some automated scan and infect scheme (i.e. a botnet).
- KVRAF
- 2244 posts since 21 Nov, 2015
I am sorry for all the trouble, Tunca. But you really need to check all of your machines/servers etc. - There's something really odd here, even considering a 'discredit' of your work by reporting 'false' - positives, yet signs are pointing in the other direction & pretty huge amount of your userbase had to deal with infections. Even it seems more than stressful for you to deal with this at the moment; there's need to take steps, also for your own safety. Hope Things sort out quick & fall into Place, again.
The art of knowing is knowing what to ignore.