Page 1 of 1

from today Harmful site?

Posted: Sat Feb 29, 2020 1:09 am
by evaluator
this warning was absent on my previous visit (-3 day). whattodo?

Posted: Sat Feb 29, 2020 5:07 pm
by Kayaker
Nice to see you around eval, stick around :)

It's been that way for several months actually, don't you feel safer now knowing that Firefox/Chrome is protecting you?

Some of that might be from the odd file or tool on this site that was AV flagged as bad, but those who have been here for a long time know those are all false positives, and that's been an issue for years.

What I take exception to is the Firefox claim that

Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

https://developers.google.com/safe-browsing/v4/advisory


We all know that there has never been any malicious intent from this site for over 20 years, since the days of Fravia, that was never the point or purpose of this community.

However I do have a suspicion there might be an innocent thread we had discussing javascript that might have been a trigger. The whole point was to decipher what a malicious encrypted redirect js was doing, some code was posted of course and an instructive reversing discussion followed to learn how to reverse and understand this type of code, for example using window.alert() messages for debugging. All done with the best intent, but not a real threat.

A six year old thread may have recently triggered Google Safe Browsing. I just deleted it and another one I found, they will no longer be flagged.

Kayaker

Posted: Sat Feb 29, 2020 9:38 pm
by evaluator
Hello, Kayaker!
some time ago I read about automated attempt to decrypt "malware" passworded malware containing zip files.. Can be this case?

another question is: why "HTTPS" gone?

Posted: Sun Mar 01, 2020 3:55 pm
by Kayaker
Could be, we always zip protected malware samples with the password 'malware' or 'infected', a common practice elsewhere as well, perhaps even in the larger malware sharing sites. So I guess it's quite possible an AV might test a few common passwords.

In this case though, even my Avast protection flagged that one particular thread as
JS:Redirector-BWJ [Trj]

I might test the thread to see what js code signature it's picking up on. Everything was written in the forum CODE tags, but it seems the AV script must be reading all text (well, byte comparisons) based on a database of signatures.

Hmm, makes me wonder a bit about the whole mechanism of updating av signatures, how they are accessed by the program, a database of some sort, somewhere in memory, API's used?


Oh, no https here ever.

Posted: Sun Mar 01, 2020 9:53 pm
by WaxfordSqueers
Kayaker wrote:Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).

I understand the caution, and Firefox does a fine job in protecting the innocent from potentially bad sites. But, flagging woodmann.com is a false positive from Google Safe Browsing

https://developers.google.com/safe-browsing/v4/advisory
I saw that red window sometime ago and it annoyed me. It seems to be coming from Google as well, is it not?

Anyway, where do we go to protest this ridiculous slander?

BTW...it was more than a month ago that I saw it. I don't get it using Firefox normally, only got it when I went through Google from another machine.

Posted: Fri Mar 06, 2020 4:50 am
by evaluator
just now FireFox didn't want to gave me dlded file
www.aescrypt.com/download/v3/windows/AE ... _win32.zip
well, retrived it from cache :P
is this "safe browsing" just based on detection counts from VTotal??

Kayaker, does HTTPS gone bcoz of $ reqs?

Posted: Fri Mar 06, 2020 2:55 pm
by Kayaker
Weird, there's a thread from 2 years ago on the google support forum from a site admin reporting the file was falsely flagged, and a link to where you can get the current Safe Browsing status of the file site.

https://support.google.com/webmasters/f ... Yw0/?hl=tr

https://transparencyreport.google.com/s ... _win32.zip

Google Safe Browsing now reports it safe, but when I try to download it Firefox blocks it as being malicious. The download button at least allows you to bypass that and save it.

When I check with my Avast free it doesn't detect any problem with the file.

So why is Firefox still blocking the download? Is it NOT using Google Safe Browsing, while the image above states it is?


Yeah, cost I guess. Could W ensure the "s" part of that?

Posted: Fri Mar 13, 2020 1:20 pm
by WaxfordSqueers
Kayaker wrote:So why is Firefox still blocking the download?
Because Mozilla are turning into a load of Net Nazis. I'm having trouble running Firefox on XP although my current version, 52, is supposed to run on XP. Many of my add-ons have been blocked by Mozilla 'for my own good', including any Adobe plugins below version 9. The Catch-22 is that FF52 apparently won't run versions newer than 9.

Who asked them to look after my own good? It is not beyond belief for me to think they have likely crippled Firefox on XP for the good of all of us. Bless their Big Brother hearts.

BTW...I tried to post on the Google safe browsing forum to defend RCE. My post was immediately deleted. The Net Nazis seem to have spread to Google.

Anyway, Firefox on XP is behaving weirdly (don't worry, my XP OS is isolated to it's own disk at any one time). I can get it to work by having Task Manager open. FF won't take input till I click on TM. So, on Google, I have to insert a cursor in the search box, type blindly, touch the mouse cursor on TM, at which time the text magically appears in the Google search box in FF. To scroll down the Google page I have to drag the scroll bar blindly, but it won't move till I touch the cursor on TM. When I click on a hyperlink I want, I have to go back to TM and touch it anywhere with the cursor then FF goes to the page.

This is not a focus issue, I checked it with a tool that checks focus. The focus is fine on both FF and TM.

Posted: Sat Mar 14, 2020 10:01 am
by evaluator
WaxfordSqueers wrote:
I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?

Posted: Sat Mar 14, 2020 10:04 am
by evaluator
WaxfordSqueers wrote:Many of my add-ons have been blocked by Mozilla 'for my own good
I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?
as about go0safebro, I think, should be asked "Yellow" shirts instead of red :D

Posted: Sat Mar 14, 2020 1:57 pm
by WaxfordSqueers
evaluator wrote:I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?
Brilliant. Yes, changing it's name reactivates all my plugin. I need to be careful with the script because I know some plugins and extensions stop FF working correctly. I'll have to look closer at the script to see which ones to activate.

Thanks, very helpful. I am currently trying to update the Adobe Acrobat plugin version 5?????? Has not been updated since 10 September 2001.!!!!! :devil: Don't know if Adobe supplies plugins for XP anymore.

Ultimately, I want to get XP going on my new mobo with a 300 series chipset so I can debug apps that I cannot be debug easily otherwise, For example, I have a DirectX 3D game going that has video problems. Another freezes at startup. I want to get into the code to see what is going on and I can't do that in a VM because the video requirements are high.

I am learning to use windbg but I am still not convinced that it can single-step through ring 0 code like softice can. I will keep trying but any time I try to 'step' into ring 0 with windbg I get thrown out the other end immediately. I suppose I could use BPs in ring 0 but sometimes I prefer single-stepping to see what the code is doing.

I am thinking of starting a new thread since softice has frozen the system when I try to start it on this new chipset. We have reasoned it is the video driver. However, I was running in 800x600 mode the other day for a game and decided to try sice for the fun of it. It did not freeze the system this time but it gave an error about cpthook.sys not working. Have no idea what that's about yet. I also came across this interesting article in how to set up softice in the registry so it will catch a driver early in the loading sequence. You guys probably know about it already.

https://community.microfocus.com/t5/Dev ... -p/1753634

Don't know why the hyperlink doesn't work. I used both the link button above and the bracket method with the URL inside and it does not produce a clickable link.

Posted: Sat Mar 14, 2020 2:38 pm
by Kayaker
WaxfordSqueers wrote: Don't know why the hyperlink doesn't work. I used both the link button above and the bracket method with the URL inside and it does not produce a clickable link.
That's my doing from way back, a plugin script to prevent clickable outside links in the Off Topic forum, the other forum isn't affected. Don't worry, it's not some insidious FF enforcement :p

Posted: Sat Mar 14, 2020 6:56 pm
by WaxfordSqueers
Kayaker wrote: Don't worry, it's not some insidious FF enforcement :p
That's a relief. I've had a bad week as it is. :p

Posted: Wed Mar 25, 2020 7:06 am
by Elenil
i wanted to fix the video problem for a long time

it wasnt neccesary games it also apeared if i had a video running

so i tryed 2 different grafic cards of the same type and even the same pcp manufactor

what i could see is diffrent is the video load screen (one was a asus 7800 gt , the other a msi 7800)
those got the same identical pcb looks like only the firmware/bios is diffrent

so i run a video to cause the problem to happen for the asus 7800 gt directly bsod
so then i switched the cards and tryed out the msi 7800 gt and did the same thing again (same driver version and same drivers)
and nothing no bosd everything works

i also tryed some different driver versions and yes that affected the bsod problem for example the bsod apeared on a different driver version
and the msi 7800 gt also got the bsod problem


the dumpfile says it happens in ntice.sys , but it could be anywhere maybe even a wrong address that came from a different part

so what i done next is i tryed to set up a vm and trying to debug softice over a vm debugger
but when i was about to do that i saw a other problem

the problem does not apear in vmware not at all not any card not any version of drivers

so what i would need is to debug softice while the problem apears then i very likely can find out what cause this problem

making a road with the dumpfile, a non runtime debugger and having no source code leaded to nothing
the function is very big chained so that road didnt work

a other thing is that this problem seems to apear when softice wants to apear or maybe draw itself

as i might sayed in the past if some1 can make a vm where this problem happen and i take a look on the softice process i can very certain see the problem

Posted: Wed Mar 25, 2020 3:28 pm
by Kayaker
Hi Guys, I split this thread for Softice discussions, please continue replies there, thanks

http://www.woodmann.com/forum/showthrea ... iscussions