Messages

1

fSekrit / Re: Beta: fSekrit 1.40 needs some abuse!

« on: November 04, 2009, 02:52 PM »

Just a minor update -> the trojan deal with temp files and Spybot Search & Destroy has been corrected with the latest updates. 1.35 and 1.40 show up clean now 

2

fSekrit / Re: Beta: fSekrit 1.40 needs some abuse!

« on: October 29, 2009, 06:55 PM »

Haha alright, sounds good. I'll play around with it some more on xp pro sp3 x86 and see how it compares to the results I got on my laptop running vista business. I asked about the read-only thing just because I wasn't quite sure what the intended function was - whether it's supposed to produce a read-only file or just keep it read-only for that session.

Let me know if there's anything in particular you would like me to test. One thing I haven't tried is running it under server 2003...


Aha! Same deal with the fonts on my desktop running XP. This happens both with a new unsaved file as well as one that has been saved and has had no changes made to it. Tested with and without highlighting the text (probably a moot point).

3

fSekrit / Re: Beta: fSekrit 1.40 needs some abuse!

« on: October 29, 2009, 01:11 PM »

So I fiddled with bets2 for a little while and noticed a couple things.

The make read-only command -> it only makes it read only until you close the file. Should this command be modifying the properties of the file so that it stays as read-only or is this made to just protect it from changes after you have it open? (which needs to be repeated every time it's opened)

If the file is set to read-only from the properties menu in windows, when you go to save it dumps a "fsk****.tmp" file in the same location as the executable. I'm assuming this is normal. I expected it to fail saving since it was set to read only, this is just an observation.

The choose font.. command does not see any of my fonts. I receive a message saying There are no fonts installed. Open the Fonts folder from the Control Panel to install fonts.

There's a chance Spybot Search and Destroy 1.6.2 no longer detects the temp file created in "%UserProfile%\Local Settings\Temp\" directory as a trojan but I need to verify this which I will do later on today. (on windows xp sp3)


This was tested on Vista Business SP2 x86.

Thanks f0dder!

4

fSekrit / Re: Trojan with fSekrit filename

« on: October 29, 2009, 12:06 PM »

Great, thanks for the quick response f0dder! I hope the posts can help anyone else that may be in the same situation. I did a byte-by-byte comparison and it came out clean. The software I used ("Binary Comparison of Files 3.0" by AX Systems) is new to me and I'm not sure of it's reliability. I just searched around for something that would do a binary comparison and the 30 day trial version came up   .

I saw the beta and plan on trying it out. I'll let you know if I find any new bugs. I'm curious if Spybot will report the same behavior with the new version. Thanks again for the great software.  

Is it possible to add the text "-false positive" to the thread title?
   edit: thank you  

Another edit -> This has since been corrected by the latest updates for Spybot.

5

fSekrit / Trojan with fSekrit filename -false positive

« on: October 28, 2009, 05:47 PM »

Hello, I stumbled across this forum from the donationcoder.com download page for fSekrit so this is my first post. I searched around for answers on my question but couldn't come up with much.

I've been using fSekrit 1.35 for a couple years now and have never had any issues other than one incident of corrupted files (hard drive crash unrelated to the software). It's been a great program to store information. Just today I updated my Spybot Search & Destroy definitions and ran a scan. I've done this many times in the past and come up with nothing but today I got a warning below about a trojan. I clicked to fix the problem and it did so but when I scanned again it picked up the same virus but the last 4 characters in the filename changed. AVG free didn't pick it up. After cleaning with Spybot, the file does not reappear until an instance of fSekrit is run.

Any ides on this? I'm thinking that it's either a false positive (but I'd like to verify that that temp file is supposed to be created), an infection unrelated to fSekrit or something that has come in and is working off my current fSekrit files.

When I run the application under Sandboxie it shows that it creates that temp file. This leads me to think that it's a false positive but I want to make sure it's not a security issue.

Thanks,
Mike

edit by jgpaiva: added '-false positive' to thread name