why does the new version 8.1.3.0 exe. show like this?

[RedFox 1]

I am using the Chrome Browser. If I am not mistaken this could be browser related. But I could be wrong.

 

[DrXenos]

Are there hash strings for the authentic files posted somewhere?

 

[Ch3vr0n]

no Xenos, but that might not actually be a bad idea to start with from now on. Though that's upto the staff

 

[Tourist]

@Clams
Another free portable one:
Emisoft Emergeny Kit

 

[clonedone]

I ran the bad one as well initially. While it seemed to finish the install, Windows Defender did pop up that it blocked something (and I got the notification there was a new version again a bit after that so I think it actually stopped it). Defender would block any download of the bad file after that. Flushing my DNS didn't seem to get rid of the bad IP but after rebooting my cable modem, router and computer everything seems to be OK now. Routes to the correct IP and download file is the normal download with the exe named with the version number.

 

[James]

Are there hash strings for the authentic files posted somewhere?

No, but the correct download has a valid digital signature.

 

[Clams]

I ran the bad one as well initially. While it seemed to finish the install, Windows Defender did pop up that it blocked something (and I got the notification there was a new version again a bit after that so I think it actually stopped it). Defender would block any download of the bad file after that. Flushing my DNS didn't seem to get rid of the bad IP but after rebooting my cable modem, router and computer everything seems to be OK now. Routes to the correct IP and download file is the normal download with the exe named with the version number.

Nothing seemed ot block when I ran it. However there was no normal install completion either. it just terminated.
the question is WHAT did it do while it was running before it terminated.
This PC is my main PC - trust me that a security breach on this one would be a very bad thing.
I still can't get anything to pick up a hit on the known bad download file.
-W

 

[James]

Nothing seemed ot block when I ran it. However there was no normal install completion either. it just terminated.
the question is WHAT did it do while it was running before it terminated.
This PC is my main PC - trust me that a security breach on this one would be a very bad thing.
I still can't get anything to pick up a hit on the known bad download file.
-W

Did it ask for elevation (admin rights)? If yes, did you grant them? (There should have been some warning about an unknown publisher, etc.)

 

[Clams]

Yes it did - and yes I did.
I was doing 5 other things at the time and had no reason to suspect anything since I used the link from this board. LOL!
Only when I read the board did I get concerned.
-W

 

[Yaris]

Yes it did - and yes I did.
-W

Better change your banking passwords, son.

 

[Clams]

This PC remembers no passwords, doesn't even ask.
But I won't use it now for anything until I know it's clear.
-W

 

[RedFox 1]

We caught this within minutes I believe, and Ivan and James were on it immediately. This has never happened before. RedFox will take every precaution that it never happens again.

 

[Clams]

Did they hack Redfox to cause the re-direct ??
Or did they hack some DNS server site(s) ??
If the latter - how can Redfox actually stop it?
-W

 

[Ch3vr0n]

As a user pointed out in an easier post, it looks like dns cache poisoning, simply put an attempt to hijack a DNS server and point it to a malicious one. Highly doubtful the RedFox site itself got compromised. How can they stop it? Well Ivan already contacted the host where the bad file got hosted. The server does no longer respond to a ping command so it looks like they took it down.

Verstuurd vanaf mijn Nexus 7 met Tapatalk

 

[RedFox 1]

Did they hack Redfox to cause the re-direct ??
Or did they hack some DNS server site(s) ??
If the latter - how can Redfox actually stop it?
-W

It can be stopped and it will. No, I do not think they hacked RedFox, they hacked the host.

 

[whatever_gong82]

Clams, I hope that you get your machine clean.

I just got online 20 minutes ago, and read all the stuff with the dns cache poisoning of the RedFox site. Luckily, the RedFox people were on top of it, and I downloaded the legit version of RedFox.

 

[Clams]

How can they stop it? Well Ivan already contacted the host where the bad file got hosted. The server does no longer respond to a ping command so it looks like they took it down.

I meant how to stop it in the FUTURE silly. Heh.
Not stop this attack which - was already stopped when I asked the question.
You set up a bad site and poison DNS servers to redirect to it - right?
How can you prevent THAT from recurring was my basic question.
-W

PS: The timing was no accident. A lot of people update AnyDVD on Monday in anticipation of new release DVD's on Tuesday. (US). The hackerz knew that.

 

[Ch3vr0n]

I guess that's an impossibility. You can't take action until something happens. But we all hope this never happens again.

Verstuurd vanaf mijn Nexus 7 met Tapatalk

 

[Clams]

I guess that's an impossibility. You can't take action until something happens. But we all hope this never happens again.

Verstuurd vanaf mijn Nexus 7 met Tapatalk

So I guess we check the digital signatures from now on. (a good habit anyway)
-W

 

[Ch3vr0n]

That's always a good idea but posting the hash like someone suggested would be too. Seeing as the icon looked different and there was a hidden? exe in it, the hash would not match the official one. There's multiple tools like 'hashtab' that add an extra tab to file properties for quick and easy hash verification.

Verstuurd vanaf mijn Nexus 7 met Tapatalk