elementary
fully equipped rock polisher
Member since February 2006
Posts: 1,077
|
Post by elementary on Jul 8, 2012 11:46:18 GMT -5
It has been reported that some have received viruses from the Agate Index files. I am taking down the links until I find out what is going on.
I've had 95 downloads of the 2012 Southwest and 91 downloads of the Northwest. Neither of these files was changed in any way once I posted them onto Media Fire. They are the same files I posted on File4Share - unchanged in any way except the old files were retitled with the 2010 year.
Question 1- if you received a virus, what specifically was it? Question 2 - Was it all files - or specific ones. Question 3 - As I am not a techie, where would the virus be coming from? Could it be the download site rather than the file itself? Can the file be infected by downloading through a site? Can I have been given a photo that was 'infected' and inadvertently copied it into the file? Could my computer be infected with a virus and I not know it and that virus 'infect' my file? (I'll run a check on the computer in the meantime.)
--- As I posted earlier - I am not employed in this business by any means - so I am asking for help from you guys. I want this file to be useful and not damaging, so I need to find a way to eliminate/fix this problem.
Thanks sheltie for giving me a heads up on this.
(This project is getting frustrating....and I'm doing it for free....)
Lowell
|
|
sheltie
freely admits to licking rocks
Member since January 2012
Posts: 982
|
Post by sheltie on Jul 8, 2012 13:17:55 GMT -5
I got the following from a different rockhounding forum: "OK, for those that feel comfortable with file management. Here is where the nasty file is located for Windows 7 users. "C:\users\your user name\AppData\Local\unzziz.exe". Just delete it after you run a virus scan."
Hope it helps. I feel your pain as I REALLY like what you're doing and understand the time you have put into it.
|
|
Thunder69
Cave Dweller
Thunder 2000-2015
Member since January 2009
Posts: 3,102
|
Post by Thunder69 on Jul 8, 2012 19:39:22 GMT -5
Hey Lowell...I did get a virus from the download...A dll file trojan...I removed the virus,and I have scanned the Agate Index files on my computer with Avast Virus and Malwarebytes and nothing came up during the scans..I think it may have come from the file sharing site....If you have access to the site you put it on maybe you can go on there and run a scan and see if anything comes up.............John I downloaded both files on the same night so no help as to which one it could be...
|
|
Thunder69
Cave Dweller
Thunder 2000-2015
Member since January 2009
Posts: 3,102
|
Post by Thunder69 on Jul 8, 2012 21:04:52 GMT -5
Well I have tested it on another file share site and used my files and had no problems with either file..... If you want to try... here is the link .. www.sendspace.com/filegroup/MCnda32xdEjAshLXoeUr5A It has both indexes First...choose your download Then.... Click the box that says this..... Click here to start download from sendspace Lowell ...You and the crew are doing a hell of a job with it..I know it is alot of work and I appreciate what you are doing....John
|
|
|
Post by helens on Jul 8, 2012 21:23:16 GMT -5
Virus's are .dll's or .exe files (well, com and bat too, but all executable types). I have never heard of anyone EVER getting a virus from a pdf file because you cannot execute it, you only 'view' it.
However... how people manage to send virus infected pictures and other viewable file types is they RENAME a file in a sneaky way... like say picture.jpg.exe Many people have their file options set to 'hide known file extensions" ... which would HIDE the .exe part from you!!!
The way to get around this is always to verify that the file is NOT an executable of any type first, by attempting to open it with the actual program. Of course, if the virus was designed to exploit a weakness in that program (ie., photoshop), then it would fry your photoshop as intended, but that's super rare, since the virus wouldn't have a clue which viewer you would use.
It's always a good idea to run a virus and malware scanner on anything you download.
All that said, I do not think it's possible for the virus to have come from your database file, simply because you wrote it and know it's clean. It is USUALLY from the download site. It is common for a hacker to hack a download site or even a website. I've had it happen to me, and what a pain in the butt!!!
What I think happens is that someone hot linked the download button, so that when you click it, you are actually downloading your file with an exe wrapper. And when people go to view it, they do what people usually do with a pdf, they double click. That double click means OPEN the virus (which SHOULD set off your Windows 7 response of "do you want to allow this program Admin rights or do you want to run this program? You aren't RUNNING a PDF, it's a document, like a .doc or a .txt or an image, you are simply viewing it. It should never give you a windows warning. If you get a windows warning for a viewable file, you are opening a virus, 100% of the time. That windows warning is invaluable, because if it ever comes up when you are NOT trying to install a new software program, a virus is trying to get in.
You should have a good self-updating virus program and malware program in place at all times... they would catch it BEFORE it downloaded in most cases. If it's a new virus and there's not yet a definition update written for it yet, it can still install unfortunately, but a fix usually comes out pretty quick (because your virus checker will find it on YOUR computer when it does update, and start working on the definition just from automatic contact with your infected system).
I'd check through your original pdf file, then find a different download site til they fix their obvious problem.
I'm pretty sure there are other computer geeks here, but I would think that most would say the same thing, and add if I missed anything.
|
|
Minnesota Daniel
freely admits to licking rocks
A COUPLE LAKERS
Member since August 2011
Posts: 891
|
Post by Minnesota Daniel on Jul 8, 2012 22:04:10 GMT -5
Virus's are .dll's or .exe files (well, com and bat too, but all executable types). I have never heard of anyone EVER getting a virus from a pdf file because you cannot execute it, you only 'view' it... Sorry to burst your bubble Helen, but I believe the first PDF virus was reported in 2001. PDFs can make http calls, and are capable of executing Java Script, so they can most certainly contain viruses, and they do. They take advantage of weaknesses in PDF readers, including Adobe's. If some people believe they might be getting a virus from the Agate Index, the question to ask is, "What PDF reader (and what version) are they using, and under what version of Windows?" I hate it every time they ask to be updated, but you need to update PDF readers (read Adobe). I AM NOT a techie, but I know enough to be dangerous.
|
|
|
Post by helens on Jul 9, 2012 23:53:04 GMT -5
Virus's are .dll's or .exe files (well, com and bat too, but all executable types). I have never heard of anyone EVER getting a virus from a pdf file because you cannot execute it, you only 'view' it... Sorry to burst your bubble Helen, but I believe the first PDF virus was reported in 2001. PDFs can make http calls, and are capable of executing Java Script, so they can most certainly contain viruses, and they do. They take advantage of weaknesses in PDF readers, including Adobe's. If some people believe they might be getting a virus from the Agate Index, the question to ask is, "What PDF reader (and what version) are they using, and under what version of Windows?" I hate it every time they ask to be updated, but you need to update PDF readers (read Adobe). I AM NOT a techie, but I know enough to be dangerous. Well sorry you had to be so rude, since I don't see a 'bubble' for you to burst anywhere. Those virus PDF's are WRITTEN with the exe code embedded. Unless you think that Elementary intentionally put a virus in the agate index pdf, or someone tampered with his file itself (which would mean the owner of the upload site WROTE a virus to stick on HIS file for the download). Delivery method would be exactly the exe wrapper I stated in my post, whether added via the download button or wrapped to the pdf itself, even if the programming method and location is different. You click pdf, and the exe activates. I did omit to say in my first sentence EVER get one from a "KNOWN" pdf, but I thought I clarified it with the 'exe' wrapper on the pdf later. The semantic difference is that someone maliciously wanted to alter THAT file vs a generic attack on the download site, which is pretty darn common.
|
|
Minnesota Daniel
freely admits to licking rocks
A COUPLE LAKERS
Member since August 2011
Posts: 891
|
Post by Minnesota Daniel on Jul 10, 2012 1:17:47 GMT -5
This is what you said:
"I have never heard of anyone EVER getting a virus from a pdf file because you cannot execute it, you only 'view' it."
I was only intending to correct a factual error. You may call that semantics, I do not. Sorry you thought I was being so rude, that was not my intention. When I intend to be rude, you'll know it.
|
|
|
Post by 3rdrockfromthefun on Jul 10, 2012 3:58:23 GMT -5
Wow, getting warm in here.
Simplest way to be sure is to run a virus scan first on your computer and then on all files in question, including a compressed file/folder if that is part of the up/download.
I recommend McAfee - simply because I've been using it since that late 1990's and no computer I have had it on has ever been infected.
As to the source of the reported infections - my guess would be the file hosting site. I have had virus reports (via McAfee) from a host of different sources including just hitting a myspace profile. Apparently many sites are a constant target of hackers. The only ones I fully trust are those with the McAfee certified badges and even then I'm leery - could a virus not plant one of those badges? It stands to reason that file sharing sites would be like the Mother of all candy-dishes for hackers. If I wanted to spread something - that's where I'd plant it.
While these sites should better protect themselves it's also true that users should better protect themselves as well. If you're getting more than one virus every couple of years you might want to consider changing your virus software because whatever you're using is not protecting you.
I know you want desperately to keep this a free project but it may come to having to either you spending some money on a hosting site that protects itself and it's users better or asking for small donations (I should think it would not cost much per person).
At least you wouldn't be asking for millions like Wikipedia.
Another solution would be 'on demand' service. People write you and ask for copies - you email it to them.
Finally, you could always run a file service on your own computer (requires a fixed IP I believe - many providers offer this, usually for a higher monthly fee), a computer you can leave running full time and definitely run McAfee on that thing. If you're interested let me know - I can tell you the basic set of tools you'd need (most are free and it's generally not that hard to set up).
Anyone blaming you, Lowell, for this is just misinformed - most of us know how much you put into this project. And I should think those same people would see the obviousness of how nonsensical it would be for you to sabotage your own self.
You're doing awesome - keep up the great work and don't let crap like this get to you.
|
|
|
Post by helens on Jul 10, 2012 5:28:27 GMT -5
I apologize.
I read that fast, and when I see 'sorry to pop your bubble', it means 'sorry you made that up'. I have no problem with that in an opinion argument in politics, religion or sports, but somehow it sets me off in anything else:P.
I had in mind that no rock person would/could do that. And I know for a fact the file was clean because I downloaded them when I first joined the forum, so the virus could not have attached itself from elementary's computer to be uploaded. And of course, I know that Daniel wasn't implying that either.
When I've had a long day, I can get touchy when I post, I should really stay off the computer then, since I get really good at upsetting people when that happens:P.
If you can upload the file to ANY website, public or private, you can download it just by doing right click save...
|
|
|
Post by texaswoodie on Jul 10, 2012 17:49:01 GMT -5
I really appreciate your efforts Lowell. I have never downloaded the Agate Index because of the file share site. Those things are notorius for infections.
I don't know squat about computers but it seems to me you could put it on a free website and let people download it from there. Yes?
Curt
|
|