Welcome Guest.   Make a donation to an author on the site September 18, 2014, 06:49:37 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2014! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Google Books Downloader - WARNING - contains search hijack "arccosine.com"  (Read 6354 times)
IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« on: March 19, 2012, 06:18:13 PM »

Just a quick warning about this.
I'm using Firefox 12.0 ß, but this problem may also occur with IE (according to a Mozilla Support thread, referred to below).

Out of interest, I downloaded and installed Google Books Downloader, having seen a reference to it in a blog post (Codeplex daily summary - http://www.codeplex.com/) in my feed aggregator.
The download site is/was: https://googlebookdownloa...x.com/releases/view/84266

The proggie did what it claimed to do - copied previews of books to .PDF - which unfortunately wasn't of much use as you are still frustrated  by Google's removing pages from all previews.

Then I noticed that my home page and also my default Google search page had been hijacked by a search page which was imitating Google, with a pretty seascape background (see copy in spoiler):
The ruddy thing wouldn't go away.

So, I de-installed Google Books Downloader and googled the problem, coming up with a useful Mozilla Support thread at https://support.mozilla.org/en-US/questions/850780

The hijack is persistent and comes from the website 'arccosine.com' and wants you to "sign up" for something.
I did a 'Whois' on arccosine.com, and it is hosted in the Russian Federation. (That figures.)

Fix:
I deleted all references to "arccosine" (i.e., 2x "C"s) and "arcosine" in history, just in case.
I checked in the 'about:config' entry for 'keyword.URL' and reset that back to "Default" - it had been set to 'arccosine.com,q=' by the hijack proggie Google Books Downloader (in the discussion thread someone writes that if you examine the proggie's code, you can see where it does that).

Hope this helps someone to avoid the thing.
Logged
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,554



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: March 19, 2012, 06:21:41 PM »

you forgot to upload the image attachment : Sad

Quote
[ ERROR: SPECIFIED ATTACHMENT MISSING ]
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss
wraith808
Supporting Member
**
Posts: 6,303



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: March 19, 2012, 06:25:11 PM »

Did you post a comment/report the project?  Because the source that's checked in pretty much does nothing, so its a misdirection...

I'm posting something about the source, but as I don't have experience with the binary, wouldn't post that.  I'd suggest going to http://googlebookdownload...x.com/releases/view/84266 and posting your experiences...

Update: Posted two issue tracker items and a review about the source code doing nothing.  I also sent a support e-mail to the Microsoft team over the site.
« Last Edit: March 19, 2012, 06:36:13 PM by wraith808 » Logged

IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: March 19, 2012, 06:27:03 PM »

you forgot to upload the image attachment : Sad
Quote
[ ERROR: SPECIFIED ATTACHMENT MISSING ]
Crikey, that was fast!
Five nanoseconds after I had posted it!     Grin
Fixed now. Thanks.
Logged
IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #4 on: March 19, 2012, 06:29:26 PM »

Did you post a comment/report the project?  Because the source that's checked in pretty much does nothing, so its a misdirection...

I'm posting something about the source, but as I don't have experience with the binary, wouldn't post that.  I'd suggest going to http://googlebookdownload...x.com/releases/view/84266 and posting your experiences...
Thanks! Good idea. I hadn't thought of doing that, supposing Codeplex to be a Wild West Frontier. Could be useful to others, I suppose.
Logged
PhilB66
Supporting Member
**
Posts: 1,510


View Profile Give some DonationCredits to this forum member
« Reply #5 on: March 19, 2012, 07:16:52 PM »

Thank you for the warning, IainB.

Google Books Downloader Website is at http://www.gbooksdownloader.com/. I thought CodePlex is for hosting .Net programs only. I guess not.

The installer has an opt out option though. Select 'custom' installation and deselect "arccosine". Sneaky, I know.

As for the program itself... it does download complete books (the free ones) and can convert them to other formats then just .pdf.

Btw, when I try to go to the CodePlex page I get a message about security certificate errors. Also, the installer is not digitally signed.
Logged
Stephen66515
Animated Giffer in Chief
Honorary Member
**
Posts: 2,554



see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #6 on: March 19, 2012, 07:17:29 PM »

you forgot to upload the image attachment : Sad
Quote
[ ERROR: SPECIFIED ATTACHMENT MISSING ]
Crikey, that was fast!

Thats what my wife said  Grin

Oh...wait... huh

 Sad  redface
Logged

No trees were harmed during the creation of this message.  Millions of electrons, however, were terribly inconvenienced

"Think left and think right and think low and think high. Oh, the things you can think up if only you try!" - Dr. Seuss
IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #7 on: March 19, 2012, 08:34:30 PM »

Well, I downloaded the proggy and the hijack from Codeplex, and I didn't notice any "options" for getting the hijack during install.
By the looks of things, neither did any of the people posting in the Mozilla Help forum on this subject.

After @wraith808's suggestion that I post to Codeplex, I registered there, then registered and at the Mozilla forum also.
When I tried to post to Codeplex (after registering/confirmation), I just could not get in. After messing about for ages, I decided that they must have a broken/moronic front end on the sign-in page, and, not wishing to waste any more time on the matter I abandoned the attempt.
After that, I successfully made a post to the Mozilla Help/Support forum.

Google Books Downloader Website is at http://www.gbooksdownloader.com/. I thought CodePlex is for hosting .Net programs only. I guess not.
The installer has an opt out option though. Select 'custom' installation and deselect "arccosine". Sneaky, I know.
As for the program itself... it does download complete books (the free ones) and can convert them to other formats then just .pdf.
Btw, when I try to go to the CodePlex page I get a message about security certificate errors. Also, the installer is not digitally signed.
Yes, well, evidently I didn't get the download from gbooksdownloader.com. I am disgusted by this in any event, because packing a scam hijack into a download either with or without a warning is categorically wrong in my book.

EDIT: Against my better judgement (I have wasted far too much time on this subject already), I have also emailed the contact point at the Google Books Downloader Website at http://www.gbooksdownloader.com/
Thanks for providing their link.
Yes, I know GBD outputs into other formats too, but I wasn't doing a review of the product and so omitted to mention its other features. All I was interested in was the .PDF output.
Anyway, I think I can guarantee that, after this experience, I shall never knowingly use this nor any product they might be peddling in the future.

Yours,
        Disgusted.
« Last Edit: March 19, 2012, 11:18:38 PM by IainB » Logged
wraith808
Supporting Member
**
Posts: 6,303



"In my dreams, I always do it right."

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: March 20, 2012, 06:15:00 AM »

Update: from the codeplex team...

Quote

Hi -

Thanks for contacting us.

We have escalated this request to our next level support team.
As soon as this has been completed, you will be notified.

Thanks -
Hengzhe Li

Another update:
Quote
Thanks for reporting.  I have unpublished the project.
 
Thanks,
Jonathan
« Last Edit: March 20, 2012, 05:00:11 PM by wraith808 » Logged

Patriciann
Participant
*
Posts: 1

View Profile Give some DonationCredits to this forum member
« Reply #9 on: April 28, 2012, 09:45:00 PM »

 Angry I got taken in by this 'bugger' also.  


I wanted to read a Google Book off line and downloaded a Good Book reader and it changed my home page to ‘arccosine.com’ which gave me a ‘Google Search’ screen ‘look-a-like’  I changed my homepage back to Google search and then discovered my wireless internet connection had been changed from ‘public’ to ‘home’ creating an unsecured internet connection.  I switched it back to ‘public’ and went looking into my ‘Services’ to see if anything ‘popped’ out at me as unusual.  I don’t know enough about how computers work but am trying to learn.  

I downloaded an application called ‘GooReader’ and think this may be where the ‘infection’ came from as it offered several services I have never even heard of before and I did not opt into any of them.  By the time I was finished with the screens they presented offering all of these unwanted services I began to notice ‘changes’ made to my computer.  The name of signer on this ‘GooReader’ is “Solimba Aplcaciones SL” The time stamp is Wednesday March 12, 2012.  I have searched for this in my registry – no show.  I have searched for this in my installed programs – no show.  When I clicked on the application again it let me know it was already installed and asked if I want it to reinstall.  I closed the dialog box and decided this is ‘bad news’.  Can someone guide me through the process of figuring this out?  I ran McAfree and it showed all clear.  

Two individual ‘Diagnostic System Host’ (WdiSystemHost) are listed in ‘Services’ – One has me locked completely out and one I can modify.
I downloaded the ‘SvchostAnalyzer’ from A&M Neuber Software and it gave two warning instances as follows:
Process: svchost.exe
ID: 1900
File Access is denied, Run program as Administrator!
Group: No Microsoft file
Services: 0

The second instance which showed up later appearing along with this one:
Process: svchost.exe
ID: 8664
File Access is denied, Run program as Administrator!
Group: No Microsoft file
Services: 0

How can I investigate if someone has ‘remote’ use of my computer?  What are the steps I need to follow to track this down?  Or what should I be looking for?
DcomLaunch has me frozen out.  

I don’t know enough about this subject to be of much good at tracking down what damage may have been done and what was ‘snagged’ from my computer and perhaps ‘sent’ to some unknown person.  Just very creepy and it takes a real CREEP to do this to people.  Time for me to learn what these JERKS are doing to us and how to intervene for our protection.  
Logged
IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: April 29, 2012, 12:05:33 AM »

How can I investigate if someone has ‘remote’ use of my computer?  What are the steps I need to follow to track this down?  Or what should I be looking for?
FWIW, my general recommendation is for a more private and secure PC and browsing experience via:
Set up OpenDNS (free) in your ADSL Router.
  • Download, install and run Microsoft Security Essentials (FREE and excellent virus checker). Uninstall any existing virus proggies.
  • Download, install and run Malwarebytes (there is a free and a paid version - go for the paid one as you need that for live scanning and monitoring of browsed sites).
  • Download, install and run Windows 7 Firewall Control (free).
  • Download, install and run PeerBlock (free). You may have to disable it from time to time as it's blocklists seem  a bit excessive at times.
Play around with these things and learn how they can best suit YOU. You will probably learn something useful in the process.

For what to do to clean the hijack up in Firefox, check my opening post about this (above):
Just a quick warning about this...
Logged
IainB
Supporting Member
**
Posts: 4,707


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #11 on: May 21, 2012, 12:53:12 AM »

Coincidence!
Where I said:
Then I noticed that my home page and also my default Google search page had been hijacked by a search page which was imitating Google, with a pretty seascape background (see copy in spoiler):The ruddy thing wouldn't go away.
- I came across the image in one of several .ZIP files of wallpapers that I had downloaded from http://minus.com/explore/Wallpapers
Filename: 02031_ageeba_1680x1050.jpg
Here it is after having been run through the irfanview Sharpen and Auto adjust colours:

Source:
http://minus.com/mS2zGqD2o/1g (collection)
http://minus.com/lozQK9TaJvMkH (image)
http://i.minus.com/mS2zGqD2o/gallery.zip (ZIP file of 297 images)
« Last Edit: June 08, 2012, 04:38:02 AM by IainB; Reason: Minor corrections. » Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.046s | Server load: 0.15 ]