15 Apr 2015

Hijacking of Super software from erightsoft.com

Something that I never even grappled with until now was the thought that the open source software that many people download could be a source of potentially unwanted programs (PUP) distributing adware, malware or even worse.

How wrong I was, and when you think about, it is a pretty easy thing to do for people with malicious intent.

Open source is by definition developed within a community of individuals, most of whom are only interested in getting picked up by headhunters to get more lucrative programming jobs, or they may just be interested in developing a solution for their own particular special needs.

The problem with these communities, is that it is easy for bad seeds to get in.

Much open source software is distributed via other well known platforms, think of CHIP.DE or CNET.COM as two examples. Most of us who visit these sites see no reason not to trust their links, but the fact is that even these sources can be compromised.

Then of course there is sourceforge.net, which is where you can find the original source code for many open source programmes.  But how secure is it ? That is an open question by the way and i would love feedback.

Here is a description of one problem I had with one particular piece of software for video converting, namely SUPER from www.erightsoft.com   

SUPER - not this time....

For years I have been using this software which has served me very well for compressing and converting the sometimes large videos produced by Adobe's After Effects and other programmes. I have never had any reason to expect anything wrong with it, although it has to be said that their website is a challenge to browse, and seems to be geared for indirect revenue generation. Still, if you know where to find the hidden download link on the site, you will get the goods.  

My last experience, however, was in another league.

On March 29th 2015 I downloaded an update which I wish I hadn't.

Firstly the installer deviously got me to accept the download of other software (which I am usually wary of, but sometimes in a hurry one clicks on one OK too many).

Once it was downloaded and installed, I noticed that my browsers had become hijacked, and that my computer would start reporting KERNEL DATA IMAGE ERRORs which I had never had before. Upon the self initiated restart after this error, I got a blue on black BIOS screen saying that the boot drive was missing or the boot had failed. thankfully upon a hard restart the computer booted up normally.



This error would repeat itself after 5 hours, or when I ran my Ad Aware scans.

I then uninstalled all the little nasties that had installed with SUPER from the programme manager, deleted the directories they were installed too, deleted all the temp files, deleted strange tasks that had been created. Then I ran MALWAREBYTES, HITMAN and ADWCLEANER, and sure enough lots of little nasty entries came up which I removed...there were two notable omissions though which I shall come to in the next section.

For a while after restart my browsers ran OK, but adter a while I noticed these annoying adware tabs coming up in the browsers. Apparently the clean had not been complete, and I also noticed that my computer was wtill periodically crashing in the way that I mentioned above.

 AC3DX.AX and LIBBLURAY.DLL


The only persisting problems which my scanners were reporting (which i didnt remove) were two hidden files in the Windows/SysWOW64 file which were evaluated as "Suspicious" but no  threat by Hitman. I was loath to remove them as they appeared to be system files which Windows might have a problem living without.

I checked both files with virus-total.com, and no flags were raised, none of the 57 antivirus solutions were flagging the files as dangerous.

Upon searching these files on the internet, it was apparent that they were indeed part of the SUPER installation process, but apart from a few badly written blogs claiming they were indeed malicious files, they were for the most part reported as normal.

There were some unusal features however:
  • The hidden flag was set
  • They were in a system folder
  • There was no author or signature information
Pointing towards their legitimacy was the fact that their file size seemed to tally with what was expected from internet searches.

However, there was one remaining suspicioous thing about the files, namely, Hitman reported that they were written at the time that I installed my SUPER, which was to be expected since they seemed to belong to Super and were reported on the internet as such. However, upon inspection in the file manager, their "Last Modified Date" was reported as sometime long in the past (2009). This seemed really strange to me, as they had clearly been written during my recent SUPER installation.

Given that i had first experienced problems upon installing the upgraded SUPER, and I figured that they probabley werent central to my computers operating system (Windows 8), I decided to quarantine them in Hitman.

Then I rebooted.

And then I had a crisis, because Windows rebooted extremely slowly, had no internet function when it did, and I couldnt even open the Control Panel. Windows explorer seemed to be functioning normally, and non Office programmes were running (Office 365 needs online authentication), but everything was clearly not right.

Panic stations....

I thought it was time for a complete system restore....

Luckily I kept a cool head, ran MALWAREBYTES (reported 12 nasties), HITMAN (none) and ADWCLEANER (about 8), and rebooted.

Thankfully everything rebooted fine, and after 12 hours operation I havent had a single crash, so MAYBE my system is finally cured.

MALWARE CREATORS ARE GETTING MORE DEVIOUS


I know this isn't the most obvious statement to make, but it seems to me that these miscreants are creating malware that can evade the majority of anti-virus scanners. Also, they are obfuscating the modified legitimate files so that they have more or less the same size as the originals that they engineer, I am lucky that Hitman found these damned things, I dont know what they may have been capable of.       
 My advice BE CAREFUL DOWNLOADING OPEN SOURCE STUFF AND TRUST NOBODY, EVEN POPULAR DOWNLOADER SITES.

This seems to be a new way for folks with bad intentions to hijack your PC 


Below is a synopsis of the same problem I wrote in German, for those who might be interested.     

 

AUF DEUTSCH




Für Jahren habe ich der Video Converter von Erightsoft "SUPER" ohne Problemen benutzt. Der Webseite war immer schwer umzugehen und mit Ads vollgepumpt, aber der Software hat mich gut über die Jahren verdient, und ich hatte kein Problem es als "vertrauten" Software zu behandeln.

Mein letzter Erfahrung war aber in ein ganz andere Liga.

Ende Maerz (29er) habe ich ein neue Version downgeloadet und installiert, und seit dann habe ich nur Problemen mit mein Computer.

Erstens hat es ohne Menge Adware downgeloadet, der schwer zu entfernen war. Mein Browsern war konstant unter Attacke von unerwuenschten Browser Bars und redirects, und mein Computer stuerzte sich jeden 2 Stunden mit KERNEL DATA IMAGE ERRORS ab, und beim Reboot hat es mir sogar ein DEFAULT BOOT DRIVE MISSING Fehler gegeben ohne in Windows 8 einzugehen. Gluecklierweisnach ausschalten und einschalten ging es immer wieder normal hoch.

Ich hab MALWAREBYTES, HITMAN und ADWCLEANER eingesetzt, TEMP Ordnern geleert, komische Aufgaben (im Task Maneger und unter Windows-Tasks) geloescht. Aber immer kommt der Scheisse irgenwann zurueck.

HITMAN hat immer 2 Dateien als "Verdächtig" gemeldet, aber nicht als bedrohlich eingestüft. Die Dateien war immer als in Ordnung gemeldet von virus-total.com, aber tatsächlich waren ein Paar Features merkwürdig. Dieser Dateien hiess "ac3DX.ax" und "libbluray.dll" und befand sich im Windows/SysWOW64  Ordner. Da sie Teil des normale Installationsvorgang fuer SUPER zu gehoeren schien, habe ich es zuerst ignoriert. Tatsächlich war ein Paar Sachen merkwürdig aber, z.B. vertseckte Flag würde gesetzt, und es gab kein Autor oder Signatur. Das Merkwüdigste aber, war das Hitman hat korrekt die installierten Datum angegeben fuer dieser Dateien (zeitgleich mit Super). In der File Manager war aber die "Last Modified Dates" weit in der Vergangenheit. Ich hatte Angst die Beiden Dateien zu entfernen, weil die System Dateien war, aber irgenwann habe ich mich entschieden die in die Quarantäne beizulegen.

Das habe ich gemacht, und auf Reboot ging Windows extrem langsam hoch, und obwohl ich zur Windows Explorer gekommen war, mein Internet funktionierte garnichts, und ich könnte nicht mals ins "Control Panel" kommen,

PANIK


Ich dachte alles war im Arsch, und es hilfte nur ein totaler neuer Windows Installation.

Gluecklicherweise hab ich ein kühlen Kopf bewahrt, MALWAREBYTES, HITMAN und ADWCLEANER wieder durchgeführt, und nach Reboot ist alles jetzt wieder normal...seit 20 Stunden habe ich auch keiner Abstürze mehr.

Ich weiss nicht ob alles vorbei ist, aber bisher scheint alles in Ordnung zu sein.

Der Thema um Hijacking von Open Source software ist bisher niemals zur meinen Augen gekommen....aber jetzt weiss ich, man muess vorsichtiger gehen, und selbst Downloads von rumhaftere Webseiten beobachten. Online Erkündigung bringt auch nichts, meisteins wird dieser Dateien als harmlos und nutzvoll gegeben, nur spurios gibt es Inforrmation das sie Trojaner usw. enthalten koennen. VirusTotal gibt nur negativen, aber die Scans von fast alle ihrer Lieferwebseiten sind ueber 2 Monaten alt. Die Dateien war offensichtlich auch so obfusziert, das ihrer Groesse ähnelten sich der normalen zur Verfügung stehende Dateien.

Also vorsicht Leute beim SUPER von www.erightsoft.com.






15 Jan 2014

HAVING WHEELS

Having a set of wheels to cruise about London has made a big difference to "get out there" and announce myself to the world. Last night I decided to take a little ride around town, hopefully to catch an open mike somewhere where I could perform. On a Tuesday in South London there are basically three options I know of, namely the Half Moon at Herne Hill, the New Cross Inn in New Cross and the British Oak in Blackheath/Greenwich. I plumped for the New Cross Inn.

NEW CROSS INN
Unfortunately this turned out to be a bit of a mistake, since the closing time for bookings there is 19:00 (at the Half Moon it is 20:00), but nevertheless I did hang around to check out a couple of acts. The pub itself is built for live music, the stage area dominates at the back and the mixing desk is at the front by the door. The pub is basically furnished with long benches and tables for the most part, and it has a pool table and various stand up tables  the equip,et seemed decent enough. I noticed the main stand up speakers were electrovoice, and there were a couple of monitors before the stage. The house drum set, proudly sporting New Cross Inn on the bass drum skin, was surprisingly not miked for bands, and when I arrived there was one playing, who were OK but not jaw dropping. I have to say though, that the quality of the sound considering this was a music pub was well below par, indistinct and way too tinny, note enough bass tones which should not have been a problem...and they should have miked the bass drum. The next act up was a young lady performing some nice acoustic stuff, sweet voice and she did renditions of "Smells like teen spirit" and "Use somebody", all laid back. I had a brief chat with Sean Bennett who was also up to play for 9:30, but decided to leave and check other places out.

LOUSY EQUIPMENT
My first plan was to head for the British Oak, as I knew I was too late to get a slot at the Half Moon. On the way to Greenwich I took the road to Deptford, only to stop off at the Birds Nest. This is seems to be a rather in pub for live music, but when I had a look at the tiny stage area and the equipment, I couldnt frankly understand why. Everything lloked at least 40 years old, extremely tatty, and the only thing remotely new was a Mackie mixer, preumably the main one for the shop. Hopsing would be really jealous of the equipment here, I can tell you.

COMEDY ON THE BUSES
After I left the Birds Nest I went next door to a place built around a double decker bus...a very interesting place with the bus fitted with restaurant seats somewhat reminiscent of an american diner (without the tableside jukeboxes). I asked the charming barmaid whether they did any live music in the place, she said no but proudly announced that there was live comedy at the back. She showed me around and I entered a room which seems to have been built from a trailer.....very narrow indeed, filled with about 20 students. I managed to catch one full act, a young man who could clearly pull off a decent best man speech, but who could be well advised to stay away from bull sperm in his routine. He was basically telling anecdotes around his core theme of McDonalds. The funniest moment came when he talked about "Mind control à la chocolate orange", clearly confusing engineering and confectionery. Clearly his droogs didnt seem to mind and thought it was all horrorshow.

POP IN THE NORTH POLE
My next stop was the North Pole in Greenwich, where I went upstaits ro the piano restaurant, which was completely empty. The waiter asked me what I wanted as if I was Colin Ireland walking in on a gaysoc meeting. I explained that I was a pretty reasonable piano player and he of course spieled me with "well we already have a couple".....well I left my card anyway. It did seem like a good venue for weddings though...I shall approach them more officially I think with a more comprehensive concept. They look like they could do with some extra business in truth.

Well after that I headed back home for a last pint in my local, and then off to sleep.

I can see, however, how this culd turn out to be a fruitful way of getting myself about with a bit of planning. .            

28 Jan 2013

GRIN OF THE CHESHIRE CAT is back

After quite a while not being listed on the various online music portals, my album GRIN OF THE CHESHIRE CAT is now available for pourchase on the major ones including iTunes, Amazon and Spotify. Even if you are not interested in buying, some feedback would be nice as this also helps me get known amongst the public. 


COMING SOON - JULES DOES ELTON

After years of tracking the shirt tails of artists such as Elton John, I recently decided to start up a tribute band devoted to the music of the man, and particularly the music he wrote and performed during the 70s, which all agree was his best period. 

As well as the hits I shall be performing some of his more interesting tracks which did not become singles, I really love some of his old ballads such as "Come Down In Time", "Mona Lisas and Mad Hatters" and "Tiny Dancer". But Elton during his early years wasn't just interested in ballads, great though they were, and there shall be more than a fair share of his rock material. I will of course also be playing a good deal of his later material too, songs like "Sacrifice", "Blue Eyes" can not be forgotten so easily. Look at the full list of songs I plan to cover.

Initially I do not intend the project to be a one to one cover band, as a strong performer (along with my comusicians) I think its right that my character also comes through. I hope what I can achieve is to freshen up many of his songs and present them in a new and refreshing way.

The project will be starting in March, and I already have my musicians lined up and motivated.

If anyone has any requests I would be glad to consider them.
    

4 Jul 2012

MAN AND HIS DOG DISPUTE HIGGS DISCOVERY CLAIM



A man from Lewisham claims his dog, a basset by the name of Ruffles, were the first to discover the Higgs boson lying at the bottom of a skip at the back of Lewisham University Hospital last Tuesday. The alleged discovery has thrown the scientific world into complete disarray, with questions now being asked about why so many resources were devoted to tracking down this elusive and shy particle. 

Sources say that the boson may have already been discovered by the dog in the autumn of last year, only for it to be buried again for retrieval after the summer.

“There is no doubt about it, its definitely the Higgs boson…I took it down to the lab in the hospital and they confirm that it fits the description perfectly” said Bob Scroggs proudly holding his dog to the press cameras.

As scientists were gathering in Geneva, the sense of confusion and disbelief was palpable, with scientists scurrying around to fashion a response to this unexpected trumping. Sources close to the senior management at  CERN said that the Lewisham discovery did appear to have been confirmed at the “Sigma 5” level, approximately equivalent to the chances that Adele would start talking in a posh accent after getting 8 successive number ones.    

For years two teams at CERN, the European Centre for Nuclear Research in Geneva, were competing with a US team for the discovery of something which until now only existed in the human imagination. Dr. Carl Forstwith, lead researcher at the facility stated “The discovery of the Higgs will surely open up our understanding of almost everything in the universe, such as why we exist, what it’s all about, and why you can never buy an egg boiler to produce a softie with exactly the right consistency”. 

The trumping by Bob and his dog Ruffles, however, has clearly disrupted the euphoric mood that was expected when many of the worlds leading scientists were summoned to Geneva this morning.

Years of careful planning as to how this discovery should be released to the world have now come to nothing, with world leaders now bracing themselves for the serious social unrest which will surely now follow.

It also calls into question what the CERN discovery actually is, since the original Higgs boson is currently doing very well getting chewed upon in Ruffles’s outdoor kennel.

One forlorn scientist stated “It could of course be in two, many, or even an infinite number of places at once……which makes you wonder why it took so long to find the bloody thing in the first place…”     


  

15 Apr 2012

Albums possibly unavailable on iTunes

Some of you may be having problems getting my albums off iTunes, I am working on a solution to this. I am also planning to distribute hard copies via Amazon, also of the DVD we produced from our gig in late 2011 in Sounds. In the meantime you can try buying the albums from my website. Digital versions are available there for under 10 US dollars. If anyone has any problems with using that let me know as it is currently untested.

14 Apr 2012

This and that before I go to Germany again


Well its been sometime since i've really been that active musically, having spent most of the past few months in England, partly due to financial constraints on my part, and partly due to my mothers catalogue of health issues. It hasn't been so easy for her and she needed an extra pair of hands around the house.

Recently my ambition was to write a number of songs in German, and I have had limited success in writing about half an album full, although I am yet to get the text of all of them corrected. Many of those songs are about an old theme, but I decided that I really had to get them out. I also wrote a number of newer english language pieces which I recently recorded on a basic sequencer system which I set up in England. All I really have here is a Yamaha keyboard (which doesnt even have jack or midi outs), an SM58 microphone, my Takamine guitar and an open source sequencer on my computer. I dont have any monitoring to speak of, just a couple of crappy computer speakers, so the mixes are certainly rough and unrefined. People can get an idea of  these works on Soundcloud which I recently joined up to. The direction is very acoustic and mellow, like a lot of my stuff. And please forgive the corny keyboard drums on "Throwing Away What She Loves".


The truth is that while in England I have engaged myself only a little with music. I am trying to concentrate on bringing my translation business back up to par. I have done a hell of a lot of work updating all my websites, and wasted a lot of time making them look nice for Google, a very frustrating task indeed. Interestingly, however, I found a new way to monetise my websites courtesy of Amazon. I've put shops on all my websites where their entire catalogue of goods is available. I made my first commissions yeterday, courtesy of a replacement vacuum cleaner my mum ordered.


Affiliate marketing seems to be an interesting way of promoting yourself and your digitised goods, however, I cant seem to find a service where I can do this for my music. There were a few startups on facebook that offered these services but these were promptly closed down by the look of it. Whoever did that I have no idea. For those who don't know the idea behind affiliate marketing, its getting your friends to promote your music by offering them a commission on the sales they make. Nice idea, but the problem is setting up a reliable tracking and remuneration system, and that is what is hard to find.

Anyway for now I'll stick to selling musical instruments on my website, and textbooks and language aids on my translations website. I might sell everything on my networking website.

While I have been in England, I spent most of my time at home. I only really ventured out for Open Mike nights in Bromley (Thursdays in the The Railway Hotel and  The Barrel and Horn), Ladywell (Sundays in the Ladywell Tavern), and Fridays in a basic Polish restaurant at the Elephant and Castle (Mamuska's). I wasn't so impressed with the food there, but the atmosphere is very much like a working class cafe in the middle of Gdansk, and its like being culturally teleported when you take a walk into the place.  

As far as taking in culture I had an excellent night out with my brother and sister-in-law at the Betsey Trotwood in Farringdon.  Their future daughter-in-law (and I suppose my niece-in-law if there is such a thing) was playing violin alongside Michele Stodart, former frontwoman for the Magic Numbers. The gig was held in a tiny upstairs room where about thirty people at most were crammed in. It was a very laid back acoustic set and I was very impressed with Maddy's contribution, she played excellent hooklines on the violin and applied balanced vibrato. Hopefully one day I can have her play on a recording of my own....who knows.




On Tuesday as it happens I am returning to Germany, I have a few gigs lined up, notably with Hopsing in Sounds for the session night.


I am pretty glad for him that the whole sessions experiment has worked out so well. Although his nightclub always fills out on a Saturday, getting people in on Friday for bands can be a pain. It is very difficult to get people away from their trusted locations in Lübeck, as all my years of living there have shown.


One of my major musical ambitions now is to set up a band in Sounds with Hopsing and Lukas on guitar, Rudi or Christian on Bass, and an as yet undefined drummer. Material such as Metallica would be perfect, as well as many of my own tunes. I've always wanted to rock as well as soothe, and Hopsing is well set up for recording rehearsals there (he has a mixer that can record every track separately....quite a thing).