topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday November 11, 2024, 4:18 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: grab urls  (Read 33919 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: grab urls
« Reply #50 on: April 24, 2018, 04:43 PM »
Now I'm going to guess that Deozaan uses Chrome?

Yep. I'm using Vivaldi, which is Chrome-based.

But note that it wasn't Chrome/Vivaldi that flagged it for me. It was Windows Defender's real-time protection.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #51 on: April 24, 2018, 06:50 PM »
Now I'm going to guess that Deozaan uses Chrome?

Yep. I'm using Vivaldi, which is Chrome-based.

But note that it wasn't Chrome/Vivaldi that flagged it for me. It was Windows Defender's real-time protection.

There goes that idea, was hoping you'd say Chrome.

Now it's even stranger since we're both using Vivaldi and Defender on the same file and yet I don't get any hit from Defender, even when I scan it after download.

Makes absolutely no sense ...

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: grab urls
« Reply #52 on: April 24, 2018, 07:02 PM »
Now it's even stranger since we're both using Vivaldi and Defender on the same file and yet I don't get any hit from Defender, even when I scan it after download.

Are you using Windows 10? Maybe we're running different OSes or different versions of Defender/definitions. I'm on Windows 10 Version 1709 (OS Build 16299.402). My Windows Defender threat definitions are on 1.267.306.0.
« Last Edit: April 25, 2018, 05:19 PM by Deozaan »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #53 on: April 24, 2018, 07:36 PM »
Now I'm going to guess that Deozaan uses Chrome?

Yep. I'm using Vivaldi, which is Chrome-based.

But note that it wasn't Chrome/Vivaldi that flagged it for me. It was Windows Defender's real-time protection.

There goes that idea, was hoping you'd say Chrome.

Now it's even stranger since we're both using Vivaldi and Defender on the same file and yet I don't get any hit from Defender, even when I scan it after download.

Makes absolutely no sense ...

If it makes you feel better, I'm using Chrome, Windows Defender, and Malwarebytes, and none of them gave any indication.

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,758
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #54 on: April 24, 2018, 07:39 PM »
I'm on Windows 10 version 1709 (Build: 16299.371) Defender Definitions v1.267.267.0 (so below Deo for both, but mines showing no updates available on either - I wonder if those are regional or something.).

Just redownloaded and Chrome (or Windows Defender...I don't actually know which is murdering it...I just know that Chrome says "Virus" but the more info button opens Defender...so....yeah) caught it again.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,287
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #55 on: April 24, 2018, 09:50 PM »
Are you guys all positive you're downloading the same file?  How about posting some checksums?

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #56 on: April 24, 2018, 10:20 PM »
Are you guys all positive you're downloading the same file?  How about posting some checksums?

Using the link given in this post, (downloading the Windows installer but I have downloaded the Other Java installer and still nothing).

Directory Opus Screenshot 2018-04-25.jpg

The .exe is also signed off with a Digital Certificate assigned to Appwork GmbH by Comodo.
sha256: 4c87501159a97e0fa43cf04a705381fc
Revocation Status : OK. Effective Date <‎2018 ‎April ‎24, ‎Tue 16:03:27> Next Update <‎2018 ‎May ‎01, ‎Tue 16:03:27>
Thumbprint: 5f884266c8541f4eff424e805176d6dca8ae048f

I've got six Windows 10 Pro systems here, (x86, x64, including a new install VM), not one of them has detected a problem with the .rar, .exe, or the extracted NSIS installer files.

Windows 10 Pro Build 16299.371 or Build 16299.309 all Defender definitions are 1.267.267.0, (apparently the latest defs available for me).

Two of the systems have MBAM Premium on them, (mine with v2, another with v3), not a peep from it either.

Defender on WHS2011 system also doesn't find a problem.

If it makes you feel better, I'm using Chrome, Windows Defender, and Malwarebytes, and none of them gave any indication.

Not really, was kind of hoping Chrome was doing something which caused a fingerprint match but there goes that idea.
« Last Edit: April 24, 2018, 10:53 PM by 4wd »

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,758
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #57 on: April 25, 2018, 10:16 AM »
Are you guys all positive you're downloading the same file?  How about posting some checksums?

I'm not overly willing to allow the file to stay on my system (IE Force Chrome to allow it through even with the warnings).

However, I can run the route that I get the file from:

1. http://jdownloader.org/download/index
2. Click "Windows"
3. Get redirected around the internet for awhile:
   - http://jdownloader.org/dl?v=101
   - https://firsturl.de/02d38da?
   - https://mega.nz/#!DQUSDS4Q!3oCI6KwWTivL3PSTcTAv4YDQxKfkgxMEsehkdTLumP0

4. Prompted to download the file from Mega
Install JDownloader .rar
243 KB

I am then met with this:

jdown3.png

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #58 on: April 25, 2018, 12:36 PM »
I only get the rar (never tried to extract it), but get the same results as 4wd.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,768
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: grab urls
« Reply #59 on: April 25, 2018, 01:48 PM »
Like Stephen, I can't post a checksum of a file that gets immediately removed by Defender.

Defender Definitions v1.267.267.0 (so below Deo for both, but mines showing no updates available on either - I wonder if those are regional or something.).
-Stephen66515 (April 24, 2018, 07:39 PM)

I was on that version of the definitions when I started making the post but decided to check for updates just in case a newer version would result in the file not being flagged. The file was still flagged on the newer version. So I put down the newer version as what I was currently running.

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,758
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #60 on: April 25, 2018, 02:17 PM »
Like Stephen, I can't post a checksum of a file that gets immediately removed by Defender.

Defender Definitions v1.267.267.0 (so below Deo for both, but mines showing no updates available on either - I wonder if those are regional or something.).
-Stephen66515 (April 24, 2018, 07:39 PM)

I was on that version of the definitions when I started making the post but decided to check for updates just in case a newer version would result in the file not being flagged. The file was still flagged on the newer version. So I put down the newer version as what I was currently running.

Yep, also just updated to the latest and it still flags.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #61 on: April 25, 2018, 04:41 PM »
I'm on 1.267.306.0

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #62 on: April 25, 2018, 08:33 PM »
Just updated:

2018-04-26 10_42_28-Settings.png

Still no hit.

   - https://mega.nz/#!DQUSDS4Q!3oCI6KwWTivL3PSTcTAv4YDQxKfkgxMEsehkdTLumP0
-Stephen66515 (April 25, 2018, 10:16 AM)

Downloaded from that link, (in case there was some weird geo-specific packaging), exact binary equivalent as the one I have.

@Deo, @Stephen - you guys have weird systems  :P

Honestly, can't think of what else it can be unless something you guys are running is interacting with Defender.  I'm leaning towards you guys simply due to the numbers:

Wraith, Kalos don't indicate anything on their systems, I've got six systems (five Win10Pro + WHS2011) plus one completely brand new Win10Pro VM with no other programs and yet ... nothing ...

Not even MBAM mentions anything until I scan the files after installation, (I'm guessing it's because it didn't try to do anything bad, eg install PUP, even though it's set to treat it as malware).

And yet no one detects it as anything listed on VirusTotal ... so WTF?

VirusTotal
Jotti
VirSCAN

About the only thing I'm getting out of this is it's the AV that can't be trusted.
« Last Edit: April 25, 2018, 10:07 PM by 4wd »

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #63 on: April 25, 2018, 11:06 PM »
Wraith, Kalos don't indicate anything on their systems, I've got six systems (five Win10Pro + WHS2011) plus one completely brand new Win10Pro VM with no other programs and yet ... nothing ...

Windows 10 on both, with MBAM/Defender running.

About the only thing I'm getting out of this is it's the AV that can't be trusted.

I thought we'd already established that  :P

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #64 on: April 26, 2018, 12:40 AM »
About the only thing I'm getting out of this is it's the AV that can't be trusted.

I thought we'd already established that  :P

The technician in me wants to know :-\

(Damn stupid inner voice)

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,824
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #65 on: April 28, 2018, 11:14 AM »
I got told by these ridiculous people from JDownloader, that actually the adware downloaded is different for each user! Depending on its system, region, etc!

So has anyone figured out what the virus is and how to get rid of it?
It still messes up my Firefox Google results with fake results.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #66 on: April 28, 2018, 01:26 PM »
Why don't you ask them if you're already in contact with them...?

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #67 on: April 28, 2018, 02:25 PM »
I got told by these ridiculous people from JDownloader, that actually the adware downloaded is different for each user! Depending on its system, region, etc!

So has anyone figured out what the virus is and how to get rid of it?
It still messes up my Firefox Google results with fake results.

if you still have the original download, you could try resinstalling it, but this time look closely at whatever is ticked to install with it (and untick them and/or interrupt the install). I presume it's open candy, so everything should be visible. Or do what wraith says.
Tom

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,824
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #68 on: April 28, 2018, 03:01 PM »
Why don't you ask them if you're already in contact with them...?

They said they don't know because another company bundles the adware and it's chosen depending on the user.

Has anyone figured out where the downloads of the JDownloader installer end up? Which folder? I may be lucky that they are still there.

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,824
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #69 on: April 28, 2018, 03:44 PM »
I tried some more installations of this hideous JDownloader and some times it creates an entry in Add/Remove Programs called 'BingSearchby...' something.
Unfortunately I couldn't write down the exact name. I think that's the virus. The uniinstallation of it is completely silent and I believe it doesn't work well as it leaves your system infected.
The fake google results, all have BING as their referral.

It's such as shame that Microsoft approves this.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #70 on: April 28, 2018, 03:56 PM »
There are lots of forums to help you remove viruses / adware. I've used a couple over the years, probably mentioned them here somewhere.
Or try instructions as per multiple sites that tell you how to "remove BingSearchby". One I found was on malwaretips.com, appeared to give fairly sensible advice.
Tom

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,190
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #71 on: April 28, 2018, 08:11 PM »
There are lots of forums to help you remove viruses / adware. I've used a couple over the years, probably mentioned them here somewhere.
Or try instructions as per multiple sites that tell you how to "remove BingSearchby". One I found was on malwaretips.com, appeared to give fairly sensible advice.

 :Thmbsup:

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #72 on: April 28, 2018, 11:15 PM »
They use the installCorew installer.

The fake google results, all have BING as their referral.

2018-04-29 14_11_12-Options.pnggrab urls

JDownloader2 Ad-ware Free Installers from here and here.
« Last Edit: April 29, 2018, 08:25 AM by 4wd »

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,824
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #73 on: April 29, 2018, 05:00 PM »
They use the installCorew installer.

The fake google results, all have BING as their referral.

[ Invalid Attachment ]

JDownloader2 Ad-ware Free Installers from here and here.

Yeah, ofcourse I tried that with no luck.

kalos

  • Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 1,824
    • View Profile
    • Donate to Member
Re: grab urls
« Reply #74 on: May 01, 2018, 05:04 PM »
It is strange that when I download JDownloader with IE or Chrome, Windows Defender intervenes and blocks the file.
When I download with Firefox, nothing happens!