Jump to content











Photo
* * * * * 4 votes

[NotActiveProject] Win7RescuePE


  • Please log in to reply
1166 replies to this topic

#676 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 29 November 2009 - 08:45 PM

It looks like a nice option for building a win7PE environment, but sadly, I will not be using your site until it is cleaned.

I tried to access your site, but got the below message, thank God I use G Data. Ironically, G Data is a German based company.

Posted Image

#677 patsch

patsch

    Silver Member

  • Advanced user
  • 785 posts
  •  
    Germany

Posted 29 November 2009 - 09:06 PM

look into this thread ... there are many posts about this ... there are no risks entering the site.
But feel free not to use the advices presented on the site.

#678 joalke

joalke

    Newbie

  • Members
  • 26 posts
  •  
    Sweden

Posted 29 November 2009 - 10:04 PM

And where IS "Joshua"???
Nothing from him/her after the virus
on his site appeared?

#679 patsch

patsch

    Silver Member

  • Advanced user
  • 785 posts
  •  
    Germany

Posted 29 November 2009 - 10:36 PM

if you would have read this thread, then you would have found this post:
http://www.boot-land...?...ost&p=84315

#680 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 29 November 2009 - 11:27 PM

look into this thread ... there are many posts about this ... there are no risks entering the site.
But feel free not to use the advices presented on the site.


Why exactly would I read 67 pages of this one thread to find out the site linked to has virus code in an IFRAME?!

The admins should have put an advisory or sticky at the top of this thread if they wanted to quench concerns!

#681 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 29 November 2009 - 11:54 PM

Why exactly would I read 67 pages of this one thread to find out the site linked to has virus code in an IFRAME?!

The admins should have put an advisory or sticky at the top of this thread if they wanted to quench concerns!


Hi corelogic,

I want to inform you that there is a great invention on internet, called "Search Engine", and a very popular one, called "Google". This inventions would mostly help you to find things that are mentioned before (re)posting.
Here is an example of a simple usage (click the following link)
http://www.google.co...u...mp;oq=&aqi=
even simple, first link that appears as a result of search take to the helpfull post of patsch with a definate link and following that link (with a little patience if exists) lead you the reason why you have this warning (if you read)

ALSO

IF you follow "Forum Rules" you may notice (IF you read) "common sense" advice list, which at the top you can see (being more helpfull here is a quote)

a. Please do use the Search function before posting a question that has already been asked and (hopefully) answered to. This is another reason for rule #10 above, searching meaningful titled posts is easier and faster.




@patsch

I guess in order to Keep the fun, no need to reply any virus related posts anymore at current topic since answer can be found easly with a "common sense" and replies to your helpfull post can be ..... Thanks a lot for supporting Win7RescuePE topic, Keep the Fun :thumbup:

#682 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 30 November 2009 - 01:50 AM

Hi corelogic,

I want to inform you that there is a great invention on internet, called "Search Engine", and a very popular one, called "Google". This inventions would mostly help you to find things that are mentioned before (re)posting.
Here is an example of a simple usage (click the following link)
http://www.google.co...u...mp;oq=&aqi=
even simple, first link that appears as a result of search take to the helpfull post of patsch with a definate link and following that link (with a little patience if exists) lead you the reason why you have this warning (if you read)

ALSO

IF you follow "Forum Rules" you may notice (IF you read) "common sense" advice list, which at the top you can see (being more helpfull here is a quote)




@patsch

I guess in order to Keep the fun, no need to reply any virus related posts anymore at current topic since answer can be found easly with a "common sense" and replies to your helpfull post can be ..... Thanks a lot for supporting Win7RescuePE topic, Keep the Fun ;)



Quite comical that you should take the time to "WARN" a new member and many visitors about using the search function - obviously we all know how to use it since we found your virus/malware/Trojan ridden forum.

If you could stop being arrogant and provide a solution to the problem, instead of supporting the "common sense" approach of disabling antivirus products, firewalls, and anything that would otherwise protect our computers, you would be a more productive forum member. Legitimate developers manage to create code that is virus/malware/Trojan free every day and those that find themselves in your predicament would contact the various vendors to provide proof your code is not a "false-positive". It is up to the developer(s) to assure users that his/her code is not garbage or infectious! Not the user's responsibility!

I will summarize since it will help people looking for answers to Joshua's infectious site:

Post No.: #81 - files in win7rescuePE contain viruses
Page: 9
Detected by: AVIRA
Joshua's response: contact AV vendor

Post No.: #85 – files in win7rescuePE contain viruses
Page: 9
Detected by: ASquared (Emisoft)
Joshua's response: none

Post No.: #255 - site contains malware
Page: 26
Detected by: StopBadware.org reported by Google.com
Joshua's response: hopes admin or Nuno can help resolve problem

Post No.: #328 – site marked as an attacking site by Google.com
Page: 33
Detected by: Google.com
Joshua's response: none

Post No.: #483 – site marked as containing malware by Google.com
Page: 49
Detected by: Google.com/Chrome
Joshua's response: points visitors to links throughout the forum
-> http://www.boot-land...?...95&hl=virus
-> http://www.boot-land...?...56&hl=virus
The above led me to here:
-> http://www.boot-land...?showtopic=7835
The short of which is:
1. Disable your computer from the Internet
2. Disable your AV and just trust the developers
3. Report the false-positive reports and complain to the AV vendors
4. Go away and use another site

Post No.: #489 – Firefox reporting “attack site” by Google.com
Page: 49
Detected by: Google.com
Joshua's response: patsch speaks for Joshua and tells people the issue has been reported multiple times, while Joshua himself makes light of the matter (page 50 post # 491)

Post No.: #596 – repost of post #483
Page: 60
Detected by: same as post #483
Joshua's response: none

Post No.: #597 – files in win7PE contains viruses
Page: 60
Detected by: Avira and confirmed by VirusTotal
Joshua's response: patsch answers for Joshua and states that this is a false-positive, then recommends to disable AV and firewall.

Post No.: #634 – site blacklisted
Page: 64
Detected by: Firefox – Google.com
Joshua's response: Nuno Brito says to move the site to a non-blacklisted domain

Post No.: #635 – site contains malicious Trojan
Page: 64
Detected by: not stated
Joshua's response: none

Post No.: #637 – PDF file on Joshua’s site contains Trojan
Page: 64
Detected by: VirusTotal -> http://www.virustota...b4c7-1256808440
Joshua's response: none

Post No.: #676 – site contains Trojan
Page: 68
Detected by: G Data TotalCare 2010
Joshua's response: patsch responds instead and states that the infectious issue has been raised in this thread/forum in the past and that there are no issues entering the site


I hope members of this forum and visitors see what little the site is willing to do for the community and steer clear of Joshua's build, until Joshua and the forum clean up the site. :thumbup:

BTW, you can shove your "REPOSTING WARNING" because my original post #676 was not a repost since it was the first post in 68 pages to show G Data reporting the Trojan when attempting to use Joshua's link. Also, you took no effort in the past to WARN others who posted repeatedly that AVIRA or Firefox or Google.com reported the site as bad! So Piss off, Lancelot! I am trying to be a more productive member than you!

BTW, I would have read the FORUM RULES, if I could get to the lame-a** page. Clean up your code!

Forum Rules link -> http://www.boot-land...hp?showtopic=82

Website blocked!
G Data TotalCare 2010 has denied access to this website.
The site contains infected code: JS:ScriptIP-inf [Trj] (Engine :).

#683 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 30 November 2009 - 02:56 AM

Hi corelogic,

Your previous post is quite "productive" since it gives a summary, besides verry unpolite which makes me smile a lot during late at night, thanks a lot :thumbup:
I feel patsch and I can point your post whenever someone forgets to google-kungfu :)
Besides collecting this info into a post make you miss some vital points.

Keep in mind: Many people spend their free time (when they have) and freely (nobody gets richer) to keep wheels turning. You should have noticed Joshua is not available for a while , patsch and others are supporting the current topic (project).

Assuming you read those posts and links there should be no word to say more about the subject, but I guess a little more needed:

If you could stop being arrogant and provide a solution to the problem

There are 2 problems none of which is pointing me.
1) false positive: you should be aware there is no way to hide from false positive (If it is) http://www.legroom.net/node/534/184 , there are also unreported false positives exists around in projects ;)
Only way is informing the AV company (If you find a better way, good for you).

It is up to the developer(s) to assure users that his/her code is not garbage or infectious! Not the user's responsibility!

So you expect good people who would like to develop and share their works on website also chase the AV companies !!. It is not developers responsibility, It is AV company responsibility to provide an AV that can distinguish between Virus and none-virus, they need support from end users YOU to report them that you believe it is false positive and ask them to recheck... (you may have read a strategy by jacklaz about how to use totalvirus as a false positive catcher). Also It is verrry boring and disturbing a file reported virus by an AV after using it for months or more than a year :thumbup: . Even having sourcecode and recompiling again do not solve a false positive (I guess you read that).
ps: Joshua's advice of disableing AV is a general advice which is valid for all projects.
2) website warning: I guess Nuno can not find time to work on this for a while and could not find a quick solution for it. I feel after final exams he may find more time. (I guess issue is well defined here ). If you can buy time, please buy some for Nuno. I can not.

BTW, I would have read the FORUM RULES, if I could get to the lame-a** page. Clean up your code!

Forum Rules link -> http://www.boot-land...hp?showtopic=82

Website blocked!


Try: Board Rules 2 (the vengeance), Let's see if we can make AVAST like this one :)
http://www.boot-land...?showtopic=9101



Well, for further replies about "clean site" and "false positives" please use either a previously opened topic
http://www.boot-land...?showtopic=7835
or open a topic here
http://www.boot-land...hp?showforum=75

#684 ReD

ReD

    Newbie

  • .script developer
  • 25 posts

Posted 30 November 2009 - 05:48 PM

Most often false positive came from exe files packed with UPX (wich is an exe packer) because it uses "routine" that are sometimes detected as malware.
In a lot of case, utilities are coded using autoit. The compiled (exe) trigger false-positive.

That's may be why Joshua's website is being marked as potentially dangerous, since it holds both of the above.

So far i remember, since i'm into it for years now (911cd,bootland), Joshua is on the "live cd scene" since a while too and it's proof to be "honest" are done. This is subjective and of course a new comer is not aware of that.
On that point, 'old' members should help new comers to give them that kind of information (search will not tell you about the reputation of some one).

It's right to be bored answering a previously asked question.
I understand the feeling of replying "hey man uses search or just read rules".
I understand too that searching for tons of posts might be a huge pain in da a..

May be wisdom is in the middle, if i'm bored i don't answer.
If i don't get answers to my question, may be it's because it does not deserve one.

Now let's end with that and back to the basic : beer :thumbup:

#685 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 30 November 2009 - 06:14 PM

Just to give some stuff to think about:

Linked to nativeEx_Win7 project, I copy the peloader (by Joshua) to my target.
In the past never some problems.

Since about two weeks, after an update of the database avast tells me that in that UNCHANGED file there is a virus.

A mail to avast about false positive did not bring any response.

My afraid is: In some months also my programs (and I'm sure that I never tried / will try to build a virus, I do not even know the HowTo) any sequence in my exe is recognized by an over-sophisticated scanner as virus.

And that is the 'begin of the end' of freeware.
And if one looks at e.g. the new Google OS, maybe there is some intention to create Orwell's 1984 Big Brother ...

... since we found your virus/malware/Trojan ridden forum.

If you worry about your PC's health, be on the safe side, and leave this virus ridden forum.
To discuss something, could be done by different formulations.

Peter

#686 dera

dera

    Gold Member

  • .script developer
  • 1335 posts
  •  
    Hungary

Posted 30 November 2009 - 06:53 PM

just want to notice that
Kaspersky Anti-Virus
also blocks the page
"joshua.winbuilder.net/Projects/Tutorial-Creating-Win7RescuePE/Creating-Win7RescuePE.htm"
reporting
viruses: HEUR:Trojan.Script.Iframer

#687 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 30 November 2009 - 07:46 PM

OK, peeps.

Let's try to take this problem into account in a logical way.

No need whatsoever, (from corelogic) to tell the Admins what they should do or not do, no need (from Members) to start being hostile. :thumbup:

Let me say this thing ONCE, and ONCE only:
Advising to disable Antivirus when connected to the Internet is one of the most irresponsible advice one can give, please NEVER give this kind of advice again, NO MATTER how "safe" you personally think a site is.

What has been presented is a problem similar to the one already discussed here:
http://www.boot-land...?showtopic=8414

For which a solution has NOT been found/agreed upon.

The issue psc just posted is a completely different one.
In the case of a program one can take his chances and try with tools like VirusTotal what different vendors have to say.
Then he can take his decisions.

For a web page it is not so easy, advising to disable the Antivirus is NONSENSE.
(and the last character in the above sentence is a full stop or period)

The only thing to do is to understand what the problem is and remove it.

Due to the current commitments in "real" life that both Nuno and Joshua apparently have (and also due to a certain stubborness of Nuno about mantaining features that are liable to create such a problem), there is NO way to correct this kind of problems shortly.

They do know the problem and hopefully find a solution, but there is NOT a definite timeline.

Since I have no way to correct the problem myself for BOTH:
  • lack of knowledge in the specific field
  • lack of needed access/authorizations/credentials

The only "official" statement that boot-land can make at the moment (should you consider me an "authorized" representative of the board) is the following (should you not, consider this my personal take on the matter, and feel free to ignore it):

Dear user,
unfortunately for a number of reasons that are very difficult to explain, a number of pages on boot-land and on connected sites, like winbuilder.net, have been blacklisted by a number of anti virus tool.
Some of these are "trailers" of a previous (possibly "real") infection that has later been solved, but the anti virus firm has not updated their "blacklisted" database.
Some of these are perfectly safe and the Anti virus is reporting a "false positive".
Some of these may actually contain malicious code.
There is no "safe", unique way to say which is which.

Due to a number of reasons that, again, would be too long to list, we are currently doing our best to solve this problem but do not expect this problem to be solved any soon, as most of the people involved in the process are currently busy on other things.

We apologize for the inconvenience.


jaclaz

#688 dera

dera

    Gold Member

  • .script developer
  • 1335 posts
  •  
    Hungary

Posted 01 December 2009 - 08:30 AM

They do know the problem

and

Some of these are perfectly safe and the Anti virus is reporting a "false positive".
Some of these may actually contain malicious code.
There is no "safe", unique way to say which is which.

i am not sure either what is it
but currently i get this:
kav1.png
kav2.png
kav3.png

#689 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 December 2009 - 02:34 PM

and

i am not sure either what is it
but currently i get this:
kav1.png
kav2.png
kav3.png


dera >> the site domoktov.com no longer has any infectious code on it. it could possible have something to do with a plain old install of CentOS and Apache. Maybe the site was so full of crap that they decided to wipe it clean. again, it is all speculation, but the site no longer is posting any danger other than being marked as an attack site.

Per the Google.com information...

Malicious software includes 9737 exploit(s).

This site was hosted on 1 network(s) including AS4134 (China Telecom backbone).


Go figure, a site hosted in China!


With respect to Joshua's tutorial on creating a win7rescuepe page...

http://joshua.winbui...in7RescuePE.htm

Malicious software includes 2 scripting exploit(s), 1 trojan(s).

Malicious software is hosted on 4 domain(s), including d-mediagroup.com/, check-your-iq.ru/, x3y.ru/.

This site was hosted on 1 network(s) including AS30083 (SERVER4YOU).


I can not even bypass/continue to the site because G Data TotalCare 2010 blocks the site completely due to the iframe scripting issue. Hopefully, someone in this forum has a 2nd link to the tutorial like they did with the "Forum Rules" - which was extremely helpful BTW.

#690 dera

dera

    Gold Member

  • .script developer
  • 1335 posts
  •  
    Hungary

Posted 01 December 2009 - 02:48 PM

ok
but Kaspersky rather complain about
emilsburger.com/images emil_front.php
Detected Trojan program Trojan-Downloader.JS.Gumblar.x High Exact
kav4.png
and the reason is not Database
and the precision is not probably

#691 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 01 December 2009 - 02:52 PM

With respect to Joshua's tutorial on creating a win7rescuepe page...

http://joshua.winbui...in7RescuePE.htm



I can not even bypass/continue to the site because G Data TotalCare 2010 blocks the site completely due to the iframe scripting issue. Hopefully, someone in this forum has a 2nd link to the tutorial like they did with the "Forum Rules" - which was extremely helpful BTW.


Well i do not have a copy of joshua's tutorial and it seems impossible to open any page of http://joshua..... even index.html of project server seems infected.

I guess joshua's site OR some parts of boot-land is under a kind of attack for a while....

#692 ReD

ReD

    Newbie

  • .script developer
  • 25 posts

Posted 01 December 2009 - 04:21 PM

i had to risk my life, i had to stop my antiviral protection (damned Jaclaz gonna kill me... well i don't use antivirus so may be not :clap: ), i had to fight against malwares but ... here is the tutorial to build your seven rescue CD (made by joshua).


WIN7RESCUEPE TUTORIAL

Hope this will help some of you. :clap:

#693 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 December 2009 - 04:29 PM

ok
but Kaspersky rather complain about
emilsburger.com/images emil_front.php
Detected Trojan program Trojan-Downloader.JS.Gumblar.x High Exact
kav4.png
and the reason is not Database
and the precision is not probably


The site you mention must have been an advertisement on Joshua's site because I tried to go to the main site and it is down temporarily. More than likely they are cleaning up their infected site. Try the site again for yourself.

It appears that, like usual, an unsuspecting website was compromised and injected with malicious code that just happened to be used as an advertisement. Thankfully, it is being cleaned up.

#694 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 01 December 2009 - 05:52 PM

i had to risk my life, i had to stop my antiviral protection (damned Jaclaz gonna kill me... well i don't use antivirus so may be not ;) ), i had to fight against malwares but ... here is the tutorial to build your seven rescue CD (made by joshua).


WIN7RESCUEPE TUTORIAL

Hope this will help some of you. :clap:

Until we have a better solution, it is online at
http://psc.boot-land...in7RescuePE.doc

Peter :clap:

#695 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 December 2009 - 07:30 PM

Thanks to psc - I now have 1 piece to the pie and look forward to accessing all of the pieces. It has been worth sicking around this forum.

#696 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 01 December 2009 - 10:20 PM

i had to risk my life, i had to stop my antiviral protection (damned Jaclaz gonna kill me... well i don't use antivirus so may be not :clap: ), i had to fight against malwares but ... here is the tutorial to build your seven rescue CD (made by joshua).


For the record, you are perfectly free to (and you are very welcome to) do whatever you want, it is your machine, your security, your whatever. :cheers:

The point was only about "advising" other people.

:cheers:

jaclaz

#697 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 01 December 2009 - 10:55 PM

i had to risk my life, i had to stop my antiviral protection (damned Jaclaz gonna kill me... well i don't use antivirus so may be not :clap: ), i had to fight against malwares but ... here is the tutorial to build your seven rescue CD (made by joshua).


WIN7RESCUEPE TUTORIAL

Hope this will help some of you. :cheers:


Hey ReD, thanks for the link, but it too is infected - I'm going to kill you. j/j It is getting funny in here. :cheers:

ReD_Link_01.PNG

#698 allanf

allanf

    Gold Member

  • .script developer
  • 1256 posts

Posted 01 December 2009 - 11:04 PM

Hey ReD, thanks for the link, but it too is infected - I'm going to kill you. j/j It is getting funny in here. :clap:


The infection is/was in the pdf. I experienced it first hand a month or two ago.

#699 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 02 December 2009 - 02:10 AM

A tutorial also available at joshua.w07.net
written at post 1 :clap:

Build a Win7PE RescuePE with Winbuilder 077 RC 2
Detailed build tutorial: http://joshua.w07.ne...in7RescuePE.htm

can someone confirm if it is clean or not ?

#700 corelogic

corelogic

    Newbie

  • Members
  • 14 posts
  •  
    United States

Posted 02 December 2009 - 04:46 AM

A tutorial also available at joshua.w07.net
written at post 1 :clap:

can someone confirm if it is clean or not ?


The detailed build link provided is clean and is almost a replica of the Word document provided by psc. Both psc file is clean and the link from Lancelot is clean...so when, Lancelot was the ".htm" or Word document re-uploaded to replace the infected page mentioned in "Post #1"? :cheers:

Until we have a better solution, it is online at
http://psc.boot-land...in7RescuePE.doc






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users