Recent Posts

23901

Screenshot Captor / Re: Trojan in Screenshot captor???

« Last post by mouser on March 12, 2008, 03:52 AM »

Tomos has it right, its a *confirmed* false alaram with McAfee.

This thread is a bit more useful than the one Tomos linked you to: https://www.donation...ndex.php?topic=12614

As for this:

Something to do with the hacking of the site?

The answer is decidely NO -- it's just a bad coincidence.  None of the downloadable files on DC were affected in any way.

This is simply (another) case of an anti-virus tool giving a false positive.  McAfee will be updated in a day or two and will stop triggering on the files.  Blame McAfee not me!

23902

General Software Discussion / Re: False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and

« Last post by mouser on March 12, 2008, 12:06 AM »

If you ever get a virus alert, you should know that it is very common to get false positives from over-aggressive antivirus tools which aren't very concerned about falsely identifying something as a virus.

I've complained a lot in the past about the failure of antivirus tools to usefully inform users when some new detection is more of a guess than a sure thing.  In cases where a brand new update detects something, it should be a no-brainer that the user should be told a little more about the possibility that it's a false alarm, and given more help and information for how to figure out if the threat is real.

If you get a virus alert one thing you can do is visit a few of the very cool free websites which will scan the file using a wide variety of different antivirus engines.  If your antivirus is the only one that detects something then chances are it's probably a false alarm.

Here are the reports for a file that McAfee started alarming on today:

From virustotal.com:

(the annotation is mine)

And another from http://virusscan.jotti.org/:

23903

General Software Discussion / Re: False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and Fix

« Last post by mouser on March 12, 2008, 12:00 AM »

I can confirm that using the Extra.DAT file it seems to stop alerting on all of our programs, so at least their temporary fix works -- and hopefully their new definitions will go out with fix this right away.

23904

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 11:59 PM »

I'm going to lock this thread so any further discussion of the issue occurs on the more general new thread here:
https://www.donation...ndex.php?topic=12614

23905

General Software Discussion / False Positive on Software (Generic.Dx) by McAfee Today: McAfee Response and Fix

« Last post by mouser on March 11, 2008, 11:46 PM »

Today's update of McAfee virus definitions has suddenly started alerting people that there is the Generic.Dx trojan found, whereupon the program exe is automatically deleted.

There is absolutely no malware in any of our programs -- it's a false alarm by an over eager antivirus company, which has a history of doing this software authors (see the funny articles in the linked thread).

We've gotten an official reply today confirming that it's a false alarm and there is no virus/trojan:

AVERT(tm) Labs, APAC
Thank you for submitting your suspicious file.
Synopsis -
Our Senior Virus Research Engineers have examined the file in question
and no virus was found.
Solution -
Attached is an extra.dat with correct detection.  This correction will
be included in the next DAT update.

Hopefully a new update will be pushed through to users very soon.


If you can't bear to wait i'm attaching the Extra.DAT update file I was sent, and instructions for installing it can be found here: http://vil.mcafeesec...lpdocs/extradat.aspx

23906

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 11:40 PM »

Ok I stand by my comment that McAfee = McCrapee because of the automatic deletion, the bad mistake they made with this false positive, and by not having a better system of alerting the user when a brand new definition has found something suspicious.

I will give them credit however for a fast reply to my submitted file.  Just got this in the mail:

> Thank you for submitting your suspicious file.
> Synopsis -
> Our Senior Virus Research Engineers have examined the file in question
> and no virus was found.
> Solution -
> Attached is an extra.dat with correct detection.  This correction will
> be included in the next DAT update.

SO, at least they have a good system in place to evaluate reported false positives -- now let's see how fast they push through the update.

For those that are interested and don't want to wait for that, i will attach the EXTRA DAT file sent to me.
Instructions for installing it are here: http://vil.mcafeesec...lpdocs/extradat.aspx

23907

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 09:14 PM »

it's affecting all of my programs -- i wonder if it isn't triggering on c++ builder compiler created programs.
what's the best part -- McAfee doesn't just "warn" about the detection, it just outright deletes the file.  Big thumbs down for McCrapfee.

I spent some time trying to find out how to report false positives to them -- best i found was an email address with an automated unhelpful reply.  My brief encounter with McCrapfee has left me with 0 respect for it.

23908

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 08:10 PM »

This may reassure you, it's a great free online service that can scan a file with a dozen different antivirus tools.


(the annotation is mine)

And another from here:

23909

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 07:13 PM »

a funny related article: http://www.neowin.ne...rs--excel-is-a-virus

also, "Developer considers McAfee suit after 'Trojan' error": http://news.zdnet.co...0121,39166163,00.htm

23910

LaunchBar Commander / Re: Generic.dx Trojan detected

« Last post by mouser on March 11, 2008, 06:16 PM »

i've just re-downloaded the launchbar commander setup program -- it has not been modified by anyone, and this is indeed the release from my computer created in August 2007, when the last release of LaunchBar Commander occurred.

This is a false alarm -- probably due to the fact that LBC is packed with PECompact.  I'm so sick of these damn antivirus programs giving people false fears -- it's so harmful to developers.  It's fine if they want to tell people that they don't know how to analyze a file, but it's not cool to scare people into thinking that a real virus has been detected. 

The problem is that there is no incentive for antivirus programs to not flag everything they dont understand as a virus -- no one penalizes or gives bad marks to an antivirus program that false alarms constantly -- i wish they did.

I've basic gave up packing all my programs because i got sick of the BS from the antivirus programs, but the LBC release was old enough that it's still packed.

I'll try to put up a new version, unpacked, next weektoday if possible, just to reassure people.  But there is nothing wrong with the current version.  If you wait a few days McAfee might get updated and change its mind -- or try another antivirus to convince yourself everything is ok.

23911

Official Announcements / Re: You can now subscribe to the RSS feed of our blog

« Last post by mouser on March 11, 2008, 07:58 AM »

cool!

23912

Living Room / What Are Your Favorite Science Blogs?

« Last post by mouser on March 11, 2008, 02:02 AM »

What are your favorite science blogs (can be general science or on a particular area)?

Here are a few of my favorites:

• Machines Like Us - http://www.machineslikeus.com/cms/ - nice site on recent general audience brain/ai general audience news
• Machine Learning Theory - http://hunch.net/ - this is for the hardcore machine learning people only
• The Frontal Cortex - http://scienceblogs.com/cortex/ - nice blog on brain research - mostly for researchers but general audience suitable too

23913

Living Room / How They Hack Your Website: Overview of Common Techniques

« Last post by mouser on March 10, 2008, 07:01 PM »

DC Member Chris Hanscom (Veign) has a blog that is reliably good at discovering interesting articles day in and day out.  Today is no exception.

Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.

Methods Discussed:

• SQL Injection
• Cross Site Scripting (XSS)
• Authorization Bypass
• Google Hacking
• Password Cracking

http://www.cmswire.c...echniques-002339.php

from http://www.veign.com/blog/

23914

Living Room / Re: OK - lets get to know each other... who are you, what do you do, where from?

« Last post by mouser on March 10, 2008, 02:10 PM »

Welcome to llc_silly and Nazzyon also, sorry i missed saying hello earlier (and to any one else i may have missed!) 

23915

Living Room / Re: OK - lets get to know each other... who are you, what do you do, where from?

« Last post by mouser on March 10, 2008, 02:01 PM »

Welcome to the site callrecall911!
ps. all the chemical engineering people i know seem to have good personalities -- why is that!?

23916

General Software Discussion / Re: check server to see if its up

« Last post by mouser on March 10, 2008, 01:53 PM »

DC member gothi[c] has been working on a really promising and very cool tool that does this kind of stuff and more -- he should post a progress report and some screenshots.

23917

N.A.N.Y. 2008 / Re: Click2LogIt

« Last post by mouser on March 10, 2008, 01:52 PM »

Was mentioned yesterday on ghacks.net:

http://www.ghacks.ne...-and-date/#more-3464

I’m keeping track of every change to Ghacks for about a year now which means that I write down the time of the change and what I did change, e.g. advertising position or links. This is invaluable to be able to reconstruct a previous state if something goes terribly wrong. If advertisement revenue goes down I can check the log and see if I made any changes to the positions in that time.

Click 2 Log It created by TINJAW was a contribution to the Donation Coder Nany Challenge. The application is available in the system tray if it is running. A left-click writes a new note while a right-click opens a context menu with the option to change the text that will be logged from now on.

It’s a little bit complicated - I think - that a left-click is not opening a form where you can enter a log text by yourself but you get used to that. Maybe the author reads this article and will update his version with this option, it would be great.

Another thing that bothers me is the sound that is played whenever a new log entry is created. It would be great if it would be possible to turn off the sound completely. Still, the application is nice and fast and makes my life easier. With the proposed changes it would simply rock.

23918

Find And Run Robot / Re: Alert: Bad Image; netsetup.cpl; invalid Windows image

« Last post by mouser on March 10, 2008, 01:38 PM »

I suspect the cause was close to what f0dder said -- it's just that instead of it being history items, the control panel shortcuts that you deleted are somehow pointing to the 64bit or 32bit versions, whichever are improper for the current operating system.

You should try typing just the word: cpanel and make sure you dont get any other errors on any of the other control panel shortcuts in that directory.

(ps. there is no harm in deleting those shortcuts, it just means you cant type those items to have farr launch them).

23919

LaunchBar Commander / Re: Abandonware?

« Last post by mouser on March 10, 2008, 01:11 PM »

I can understand the sentiment.  As the author, let me try to explain the state of development for LBC.

• First, it's definitely not abandonware.  I use it myself every day, and there will be further updates of it.
• Second, I'm pretty happy with the general feature set, and i can't remember any major things I want to add, but there are several small issues that are long overdue in adding (hotkey options, better display options, better docking/hiding behavior).
• Third, there have been very few updates to my programs in the last several months because i have been working on a paying job that takes up so much of my time; until and unless DC can become a full time job i have to take breaks from DC software development to work on other things.

I do appreciate that there needs to be some LBC updates soon -- I haven't abandoned it and in a month i should have some time to do some real work on my DC programs. 

23920

DC Gamer Club / Re: DonationCoder map - Sauerbraten FPS fun

« Last post by mouser on March 10, 2008, 12:08 AM »

where's cody and where are his coins? i don't see them in the screenshots?

23921

Official Announcements / Re: The site is now back online (March 6th, 2008) - Come Say Hello!

« Last post by mouser on March 09, 2008, 07:25 AM »

[offtopic] Oh, now that's curious... And i can't figure out how to link to the right place. Does anyone know how can we make a link to a donation page? [/offtopic]

your link was fine EXCEPT it had a "u=####" part in it, which, as was surmised in replies, will only work for you (you are user id=####).  so you just remove the "u=####" stuff and it will work fine.

By the way there is also a shortcut way to link to donate to someone, as illustrated in your profile page for Donation Buttons, which shows you how to put a button on your website so people can donate to you.

Read more here:
https://www.donation...credits;detail=links

It looks like this (for jazper): http://donationcoder.com/donate/195

23922

General Software Discussion / Re: Why is The Bat! e-mail app better than Mozilla Thunderbird (or other e-mail app)

« Last post by mouser on March 09, 2008, 05:37 AM »

same way you undo anything: Ctrl+Z.

23923

Find And Run Robot / Re: Default Hotkey Not Working - Vista on Dell XPS Notebook

« Last post by mouser on March 09, 2008, 03:06 AM »

I'd like to use CapsLock key - yeah i kind of like that idea.  it fits the model of using the break key -- i.e. to use a dedicated key that isn't useful for much else.

At the minimum I can add support for CapsLock key to TapTap -- the program i wrote specifically to let you use strange hotkeys with any program.

Which reminds me j-mac, you could use TapTap to map something like a double tap of the Control key to launch FARR.

23924

Screenshot Captor / Re: REQUEST: Prompt at startup if screenshot folder does not exist

« Last post by mouser on March 08, 2008, 02:15 PM »

This is a really EXCELLENT idea and i'm adding it to my todo list.
What makes it so good is that it could be useful also for first use of the program on any install, to help the user choose where they want their screenshot directory and let them know where it will be stored.

23925

Official Announcements / Re: Thread about the DonationCoder.com server Shutdown on March 2nd, 2008

« Last post by mouser on March 08, 2008, 02:13 PM »

I appreciate your message so much Stoic.

I can definitely see why there is such an incentive for companies to cover up when this happens to them -- it's incredibly embarassing, and the public relations damage could be severe, and put jobs on the line, etc.  You can definitely imagine why a company would just want to brush it under the rug and actively deny it happened if asked.  I suspect this happens a LOT.

But like you say -- the problem is that this just makes the situation for the end users worse.

We have tried from it's inception to just be totally up front about everything that happens on this site.  When the server goes down we try to post why and what we are doing, etc.  There was never really a question that we would post about exactly what happened and what we were doing about it.

I will be posting a much longer thread and gothic will chime in too about general lessons learned and strategies to avoid such things in the future.