mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 2 1 2
Joined: Dec 2002
Posts: 788
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 788
A good idea in principal but likely since each mirror would be required to be hosted on a completely differnet server to be "reliable" should one go down, also this would be required since there are some people who cant access specific websites from their geographical location.

An interesting idea that would prove somewhat reliable, would be to produce (few lines of coding) a very basic "redirection PHP page" that before it redirects you to one of the requested mirrors, remotely checks the .exe's MD5, whatnot, againest the one hosted on the mIRC server to see if it matches.

Eamonn.

Joined: Aug 2004
Posts: 8
A
Aeris Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
A
Joined: Aug 2004
Posts: 8
After today's AVP update it detects lsas32 as
Trojan.Win32.Zapchast.

Avp has proven to be much more reliable than Norton
for me many times.

Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
To check the mirror's MD5 would require downloading the entire program, since merely having some kind of MD5 query would mean that it could easily be faked. I don't think mirrors would appreciate their traffic being doubled, nor would mIRC's hosters whose traffic would go up by about 30x. A simple solution would be just to verify them once per day or something like that. At least then we wouldn't be in the position we are now where this thread has been up for around 36 hours and the mirror is still up. Who knows how many people have been infected in that time?


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Joined: Dec 2002
Posts: 788
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 788
Good point i suppose, hadnt really thought of it from the bandwidth suppliers point of view.

Eamonn.

Joined: May 2004
Posts: 4
Q
Self-satisified door
Offline
Self-satisified door
Q
Joined: May 2004
Posts: 4
I ran a few tests today to see what exactly happened once you downloaded the file from the CA mirror.

If you do a properties on the mirc616.exe from the CA mirror, there is no version information but if you compare the filesize to one of the real mirc616.exe files from another mirror they are exactly the same. Interesting I thought, how did they manage that?

Once you run it, it extracts the lsas32.exe file to C:\Windows and also the real mirc616.exe (which has the version information where it should be), which it then runs so you'd think nothing was wrong.

You have to stop the lsas32.exe process, delete the file and then remove the entry from your Run key in the registry.

---

Adding some instructions to the download page including a link to a freeware MD5 program plus the hash of the installation file to compare against might be a good idea, at least from a IT professional's view - I do realise most newbies and other computer users would probably not understand what it meant or just ignore it entirely.

Last edited by quack; 11/08/04 01:32 PM.
Joined: Feb 2004
Posts: 124
T
Vogon poet
Offline
Vogon poet
T
Joined: Feb 2004
Posts: 124
Quote:
Avp has proven to be much more reliable than Norton
for me many times.


Same here .. same also goes for McAfee

Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
This mirror has been removed.

Regards,


Mentality/Chris
Joined: Aug 2004
Posts: 1
D
Mostly harmless
Offline
Mostly harmless
D
Joined: Aug 2004
Posts: 1
OK great but just a suggestion xp sp2 has DEP enabled

[Data Execution Prevention]

this actually confirms whether the user wishes to run the program first however mirc.exec does not use this

Publisher unknown shows up because the exec doesn't have a valid digital signature that verifies its publisher

this problem would of been spared to us if that process would of been used to spread the program

However Fortunately problems like this never effect me (much lol) because I have a habit of always running task manager at first boot up and use startup control panel by Mike Lin to check whats going to start up next boot up

BTW you can get that program Here

also from him to alert you when something is set to run at Startup

Page 2 of 2 1 2

Link Copied to Clipboard