topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 3:03 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Anyone using Blackbird?  (Read 51495 times)

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Anyone using Blackbird?
« on: February 16, 2016, 06:44 PM »
I noticed Blackbird on Start64.  I am just curious if anyone is using it and, if so, what are your impressions?

I have the feeling it uses Windows Update to update, which would be a deal breaker for me right there.  But I am curious.

Right now I am running without RollbackRX.  The system just seems smoother without it.  Otherwise I would be more inclined to stick it on and see what happens.  :)



phitsc

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 1,198
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #1 on: February 17, 2016, 01:27 AM »
That looks very interesting. Thanks for sharing.

Attronarch

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 147
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #2 on: February 17, 2016, 01:57 AM »
Just tried to download x64 version, and it is blocked with warning "Virus Blocked".

The funny thing is that I don't have AV which influences my browser(s) in such a way.

Maybe it is a W10 thing...


tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #3 on: February 17, 2016, 04:25 AM »
^ the blackbird page linked to gets me this (in palemoon / win.7)

Screenshot - 2016-02-17 , 11_19_37.pngAnyone using Blackbird?

In firefox I get to the page, but download gets blocked as per Attronarch, with no option to override.
Tom

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #4 on: February 17, 2016, 06:02 AM »
Just tried to download x64 version, and it is blocked with warning "Virus Blocked".

The funny thing is that I don't have AV which influences my browser(s) in such a way.

Maybe it is a W10 thing...

Happens in 8.1 also using PM or Slimjet, and on WHS2011 using K-Meleon.

I am doubting whether an x64 version exists.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #5 on: February 17, 2016, 07:06 AM »
Just tried to download x64 version, and it is blocked with warning "Virus Blocked".

The funny thing is that I don't have AV which influences my browser(s) in such a way.

Maybe it is a W10 thing...

If this is the one you got, it ain't from Win10 - I've never seen anything like it.

BlackBird Error.jpg

Here's a view source of the error:
Code: HTML5 [Select]
  1. <title>Blokada virusa / Virus Blocked</title>
  2. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  3. <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
  4. #content{border:1px solid#000000;background-color:#FFFFFF;margin:40;padding:40;font-family:Tahoma,Helvetica,Arial,sans-serif;font-size:12px;}
  5.   h1{font-size:20px;font-weight:bold;color:#CA5427;}
  6.   b{font-weight:bold;color:#CA5427;}
  7. </head>
  8. <body bgcolor="#E1E1E1">
  9. <div id="content">
  10. <h1>Blokada virusa</h1>
  11. <p>Ime: <strong>blackbird.exe</strong> </p>
  12. <p>IP naslov obiskovalca: <strong>My IP</strong> </p>
  13. <hr size="1" color="#000000" />
  14. <h1>Virus Blocked</h1>
  15. <p>Name: <strong>blackbird.exe</strong> </p>
  16. <p>IP address of the visitor: <strong>My IP</strong> </p>
  17. </div>
  18. </body>
  19. </html>

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #6 on: February 17, 2016, 01:29 PM »
Really strange.  I don't remember Start64 having weird links like that.  Perhaps some where you click the product and it is not linked to the page.  You know what though, if Blackbird does system tricks to protect your system it may be seen as a malware.  It could be similar to the 32 bit Snadboxie that patched the kernel in memory.  I believe Sandboxie got flagged quite often until the author registered it as a false positive or whatever he did to get if off the blacklists.

Edit:  I am getting that same virus blocked screen even in Opera 12.x.  It must be getting flagged right on the backbone or something?  Weird.
« Last Edit: February 17, 2016, 01:48 PM by MilesAhead »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #7 on: February 17, 2016, 03:02 PM »
I used the BlackBird link you posted above to go to their page, used their download latest version link to get to their download page, and then clicked their Download Blackbird V6 link. Which resulted in the above error.

You know what though, if Blackbird does system tricks to protect your system it may be seen as a malware.

That was my first thought as well, until I tried the download ... That's not a Windows error message - and nothing on my system is in Russian (or whatever language that is). So I'm thinking it's coming - odd as it may seem - from their end.

Attronarch

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 147
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #8 on: February 17, 2016, 03:06 PM »
It is Slovenian, I think. "Blokada virusa" could be Croatian, Serbian, Bosnian or Slovenian, but "obiskovalca" sounds pretty Slovenian.

Weird case, I thought it was my only problem...

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #9 on: February 17, 2016, 04:50 PM »
I used the BlackBird link you posted above to go to their page, used their download latest version link to get to their download page, and then clicked their Download Blackbird V6 link. Which resulted in the above error.

You know what though, if Blackbird does system tricks to protect your system it may be seen as a malware.

That was my first thought as well, until I tried the download ... That's not a Windows error message - and nothing on my system is in Russian (or whatever language that is). So I'm thinking it's coming - odd as it may seem - from their end.

I don't remember getting anything like this.  It seems like the network itself is sticking this page in.  The web just get weirder all the time.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #10 on: February 17, 2016, 05:24 PM »
I posted a question/comment on Facebook but I don't use it often enough to have any idea if there will be a meaningful response.  :)

In fact I think it is my first post.  I just got it for quickie login to sites I don't want to formally join.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #11 on: February 17, 2016, 07:11 PM »
Error 503, seems strange that it serves up the virus page though - web host AV software flagged it as a virus perhaps?

Code: Text [Select]
  1. GET http://www.getblackbird.net/download/BlackbirdV6_v0.9.85-x64.zip HTTP/1.1
  2. Host: www.getblackbird.net
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:2.0) Gecko/20100101 Goanna/20160204 PaleMoon/26.0.3
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  5. Accept-Language: en-au,en-gb;q=0.8,en;q=0.5,en-us;q=0.3
  6. Accept-Encoding: gzip, deflate
  7. Referer: http://www.getblackbird.net/download/
  8. Connection: keep-alive
  9.  
  10.  
  11. HTTP/1.1 503 Service Unavailable
  12. Content-Type: text/html; charset=UTF-8
  13. Content-Length: 819
  14. Connection: close
  15. P3P: CP="CAO PSA OUR"
  16. Expires: Thu, 01 Jan 1970 00:00:00 GMT
  17. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  18. Pragma: no-cache
  19.  
  20. <html>
  21. <head>
  22. <title>Blokada virusa / Virus Blocked</title>
  23. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  24. <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
  25. <style>
  26. #content{border:1px solid#000000;background-color:#FFFFFF;margin:40;padding:40;font-family:Tahoma,Helvetica,Arial,sans-serif;font-size:12px;}
  27.   h1{font-size:20px;font-weight:bold;color:#CA5427;}
  28.   b{font-weight:bold;color:#CA5427;}
  29. </style>
  30. </head>
  31. <body bgcolor="#E1E1E1">
  32. <div id="content">
  33. <h1>Blokada virusa</h1>
  34. <p>Ime: <strong>blackbird.exe</strong> </p>
  35. <p>IP naslov obiskovalca: <strong>Some IP</strong> </p>
  36. <hr size="1" color="#000000" />
  37. <h1>Virus Blocked</h1>
  38. <p>Name: <strong>blackbird.exe</strong> </p>
  39. <p>IP address of the visitor: <strong>Some IP</strong> </p>
  40. </div>
  41. </body>
  42. </html>
  43.  
  44. ------------------------------------------------------------------

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #12 on: February 18, 2016, 07:31 AM »
Error 503, seems strange that it serves up the virus page though - web host AV software flagged it as a virus perhaps?

I don't know.  In their text it says something about "Google not liking the 32 bit version" so it had to be hosted on MajorGeeks.  Maybe they will have to host the 64 bit version there also?  I don't know what is going on if Google has the power to blacklist individual files.  Seems peculiar.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #13 on: February 18, 2016, 11:22 AM »
I don't know what is going on if Google has the power to blacklist individual files.  Seems peculiar.

BlackBird's site does not appear to be hosted by Google.
I do not (read never) use Google's DNS.
Google was not used to search for the program.
Google was not a referrer for the page request.
Google did not have Jack Shit to do with anything even vaguely tangentially related to the electronic communication between me an BB's website ... So if Google managed to block that download we have some epically Orwellian Big Brother class serious shit hitting the fan.

(That was fun) But seriously, I don't think Google is involved in the errors we're getting.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #14 on: February 18, 2016, 02:45 PM »
I don't know what is going on if Google has the power to blacklist individual files.  Seems peculiar.

BlackBird's site does not appear to be hosted by Google.
I do not (read never) use Google's DNS.
Google was not used to search for the program.
Google was not a referrer for the page request.
Google did not have Jack Shit to do with anything even vaguely tangentially related to the electronic communication between me an BB's website ... So if Google managed to block that download we have some epically Orwellian Big Brother class serious shit hitting the fan.

(That was fun) But seriously, I don't think Google is involved in the errors we're getting.

All I can think of is google is providing hosting to these guys?  I know every time somebody sends an email to Hawk Host that one of my programs got a red flag or 2 out of 60+ malware scanners they pull the file first and ask me about it later.

I tried the MajorGeeks download link for the x64 version of Blackbird just now and the Miami Dade Public Library blocked it as "a known malware site."

Looks like more trouble than it is worth.  But I have the feeling it is going to end up like the certificate crap.  If the $100 or $200 payment clears, then all your software is certified malware free all of a sudden.


Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #15 on: February 18, 2016, 03:05 PM »
All I can think of is google is providing hosting to these guys?

Their domain name is registered with Realtime Register in the Netherlands, and their IP is on a block owned by (RIPE Network Coordination Centre) a provider in Amsterdam ... That don't sound like Google to me. Also the code in the error message page is nowhere near fancy/nosey enough to be Googles, it looks kinda mom & pop-ish to me.

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #16 on: February 18, 2016, 03:42 PM »
All I can think of is google is providing hosting to these guys?

Their domain name is registered with Realtime Register in the Netherlands, and their IP is on a block owned by (RIPE Network Coordination Centre) a provider in Amsterdam ... That don't sound like Google to me. Also the code in the error message page is nowhere near fancy/nosey enough to be Googles, it looks kinda mom & pop-ish to me.

Then I have no clue why they would say google did not like their 32 bit exe and had to host it on MajorGeeks.  I don't think I'll run the installer for the 32 bit one.  Just something wicked this way may come if I do.  :)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #17 on: February 20, 2016, 11:54 AM »
64bit download fine here, but Windows Defender doesn't like the executable inside the zip...
- carpe noctem

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #18 on: February 20, 2016, 12:15 PM »
Looking at the strings dump of the executable, it seems that "b2e" (a batch-to-exe thing) is involved - tools like that (including autohotkey/autoscript) are often flagged as malware because, well, they're often used by scriptkiddies. It also makes sense for a utility like this to have originated as a batch script, since it mostly needs to run system commands, modify registry, possibly delete some files.

So, there's a good chance that Blackbird is legit. Do exercise caution, though. I personally won't be running it, but I'm generally not too fond of stuff that tries to do too many unrelated things :)
- carpe noctem

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #19 on: February 20, 2016, 04:41 PM »
64bit download fine here, but Windows Defender doesn't like the executable inside the zip...

The two networks I used must have a similar malware filter.  One a public library.  The other a college.  If I try at Starbucks it may download without a hiccup.  In any case it doesn't seem to be something I need.



MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #20 on: February 20, 2016, 04:42 PM »
Looking at the strings dump of the executable, it seems that "b2e"  ...

Thanks for the info.  :)

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #21 on: February 20, 2016, 10:44 PM »
64bit download fine here, but Windows Defender doesn't like the executable inside the zip...

The two networks I used must have a similar malware filter.  One a public library.  The other a college.  If I try at Starbucks it may download without a hiccup.  In any case it doesn't seem to be something I need.

Jumped on a VPN to Denmark and it also downloaded OK for me using PaleMoon or wget.

Windows Defender (definitions are up-to-date) scanned the extracted executable as OK, MWAM also scanned the executable as OK.
« Last Edit: February 20, 2016, 10:50 PM by 4wd »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #22 on: February 21, 2016, 02:22 AM »
Windows Defender (definitions are up-to-date) scanned the extracted executable as OK, MWAM also scanned the executable as OK.
Weird, I've just updated definitions, and Defender still doesn't like it.

f0dder@ayanami /tmp> ll *ackbi*
-rw-r--r-- 1 f0dder f0dder 707K Feb  5 01:18 blackbird.exe.flaf
-rwxr--r-- 1 f0dder f0dder 121K Feb  5 09:16 BlackbirdV6_v0.9.85-x64.zip*
f0dder@ayanami /tmp> md5sum -b *ackbi*
c54e70df4b50ecf9c3917103c4909776 *blackbird.exe.flaf
fce8ab4a3de20830d553bd95daff4bb1 *BlackbirdV6_v0.9.85-x64.zip
- carpe noctem

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #23 on: February 21, 2016, 04:34 AM »
blackbird.exe                      723,968    c54e70df4b50ecf9c3917103c4909776
BlackbirdV6_v0.9.85-x64.zip  123,611    fce8ab4a3de20830d553bd95daff4bb1

Updated definitions to current in Defender and MBAM and both still test it OK.

VirusTotal Analysis also show it passing MBAM & Defender (19/55 hits).

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: Anyone using Blackbird?
« Reply #24 on: February 26, 2016, 07:58 PM »
I came at the x64 download through here and it downloaded OK.

Perhaps it is just coincidence?  But I have the file anyway.  :)