Do you think I have a virus? Probably not.

  • Thread starter Thread starter RayLopez99
  • Start date Start date
R

RayLopez99

I installed what may have been a pirated copy of Visual Studio 2010
Ultimate (is it possible to buy a legal copy of a USD $3000 program
for $5 in Russia? I guess so, Mr. Customs Officer), and all of a
sudden by system is really sluggish connecting to the internet. On
the other hand, my antivirus program so far has not detected anything
(Webroot), and in Athens, Greece where I'm posting they have huge
problems with the internet being slow, though now at 3:30 AM it
usually runs fast.

Do you think I have a virus? Probably not. But I'll check later
today. If it's a virus it's one that cannot be detected by Webroot,
which I would imagine is unusual, but maybe they only check for
'typical' viruses. Luckily I backed up everything before install and
can do a clean reinstall of the HD image file.

One thing a bit suspicious: I got a request for Verclsid.exe to
connect to the internet after installing VS2010--on the other hand,
the file is 28673 bytes large, which the net says is a 'typical' value
for 93% of all Windows users. I wonder however if a virus author can
make the file match the 'file size signature' of a clean .exe Windows
System file, and thus fool people. I guess I can do a checksum using
FastSum 1.6 (a great program), and here it is:

91790D6749EBED90E2C40479C0A91879 *verclsid.exe

Is this file checksum authentic (clean)? If not please let me know.

RL
 
I installed what may have been a pirated copy of Visual Studio 2010
Ultimate (is it possible to buy a legal copy of a USD $3000 program
for $5 in Russia? I guess so, Mr. Customs Officer), and all of a
sudden by system is really sluggish connecting to the internet. On
the other hand, my antivirus program so far has not detected anything
(Webroot), and in Athens, Greece where I'm posting they have huge
problems with the internet being slow, though now at 3:30 AM it
usually runs fast.
Click to expand...

You are an idiot for installing a cracked program from FSU or
China or wherever in the first place.
If you really need a copy of the program that badly, either buy a
legit copy or get a student friend of yours to buy the educational
version for you. Ethically wrong but still one step above what you
are doing. You probably are a student anyway and not using it for
commercial use so you are reasonably close to fitting the
criteria.
I'll bet you open those emails from Nigeria claiming you just won
a million dollars.
 
From: "RayLopez99" <[email protected]>

| I installed what may have been a pirated copy of Visual Studio 2010
| Ultimate (is it possible to buy a legal copy of a USD $3000 program
| for $5 in Russia? I guess so, Mr. Customs Officer), and all of a
| sudden by system is really sluggish connecting to the internet. On
| the other hand, my antivirus program so far has not detected anything
| (Webroot), and in Athens, Greece where I'm posting they have huge
| problems with the internet being slow, though now at 3:30 AM it
| usually runs fast.

| Do you think I have a virus? Probably not. But I'll check later
| today. If it's a virus it's one that cannot be detected by Webroot,
| which I would imagine is unusual, but maybe they only check for
| 'typical' viruses. Luckily I backed up everything before install and
| can do a clean reinstall of the HD image file.

| One thing a bit suspicious: I got a request for Verclsid.exe to
| connect to the internet after installing VS2010--on the other hand,
| the file is 28673 bytes large, which the net says is a 'typical' value
| for 93% of all Windows users. I wonder however if a virus author can
| make the file match the 'file size signature' of a clean .exe Windows
| System file, and thus fool people. I guess I can do a checksum using
| FastSum 1.6 (a great program), and here it is:

| 91790D6749EBED90E2C40479C0A91879 *verclsid.exe

| Is this file checksum authentic (clean)? If not please let me know.

I always seem to have to state, don't assume a "virus".

All viruses are malware but not all malware are viruses and the preponderance of malware
are trojans, not viruses.

It sure is possible that that pirated copy contains malware. I have seen so many forms of
legitimate software re-packaged with malware it isn't funny.

Performing a MD5 checksum on verclsid.exe is insufficient. They would embed their malware
into the OS not a legitimate file.

The ONLY valid MD5 checksums would have to be performed on the installers of the package.

Scanning with just Webroot is also insufficient. If you suspect that you bought an
illegitimate, tainted, software you need to use MULTIPLE different vendor's On Demand
scanners.

comp.os.linux.advocacy removed as the subject matter is OT for that group as this is a
Windows application.
I also have to question adding; alt.comp.hardware.pc-homebuilt as this is NOT a hardware
issue. But I will leave it in the news group D-List.

After all this I have to question your judgment.
 
Glenn said:
You are an idiot for installing a cracked program from FSU or
China or wherever in the first place.
If you really need a copy of the program that badly, either buy a
legit copy or get a student friend of yours to buy the educational
version for you. Ethically wrong but still one step above what you
are doing. You probably are a student anyway and not using it for
commercial use so you are reasonably close to fitting the
criteria.
I'll bet you open those emails from Nigeria claiming you just won
a million dollars.
Click to expand...
I got one for 2/12 million and I only had to send them $250.00 US.
I can hardly wait for their check. NO, it won't be for 2 1/2 million silly,
it will only be for $347,000 US. :)
Wow, I can hardly wait. I just purchase a new Lexus (I know, but I wanted to
put some in the stock market also).
Keep up the good work!~!!
Buffalo
 
You are an idiot for installing a cracked program from FSU or
China or wherever in the first place.
If you really need a copy of the program that badly, either buy a
legit copy or get a student friend of yours to buy the educational
version for you. Ethically wrong but still one step above what you
are doing. You probably are a student anyway and not using it for
commercial use so you are reasonably close to fitting the
criteria.
I'll bet you open those emails from Nigeria claiming you just won
a million dollars.
Click to expand...

Well I may be an idiot in your eyes but I did install Vista on my
other machine with no problems, as well as other programs, from a shop
in Thailand, at $5 a copy. This one, and all the ones I bought from
Russia, were much worse--none work correctly. Apparently the Thai
'pirates' are honest; honor amongst thieves? None of the programs the
Russians sold me work just right (and I'm not talking about detecting
viruses on the DVDs--even the Thais had such viruses, which are easy
to deal with and remove--rather, the programs just don't work
correctly, and may have malware in them). Now this copy of Visual
Studio 2010 Ultimate seemed to work OK, but during installation it
asked I allow it to connect to the internet. That was blocked by me,
and then problems began: after reboot, 90% of my internet access was
restricted because some process kept trying to dial out repeatedly.
Interestingly, my firewall shows it was trying, among other sites, to
dial up "badwarebusters.org" and "stopbadware.org" as well as some UK
sites. These two sites are sponsored by Fortune 500 companies
including Google, to prevent illegal file sharing. It may be that
this copy of VS was in fact a fake that was sponsored by Microsoft. I
know that sounds strange, but the music folks have been known to
deliberately allow malware to be distributed in the form of
unauthorized .mp3 files that then screw up your system, which
discourages distribution of such files.

In any case, once I restored my system to an earlier version, prior to
installation of this program, my internet access is back to 100%

A half day lost, nothing more.

Win some, lose some.

At least I'm not a 100% Linux loser.

RL
 
I got one for 2/12 million and I only had to send them $250.00 US.
I can hardly wait for their check. NO, it won't be for 2  1/2 million silly,
it will only be for $347,000 US.  :)
Wow, I can hardly wait. I just purchase a new Lexus (I know, but I wantedto
put some in the stock market also).
Keep up the good work!~!!
Buffalo
Click to expand...

You show your ignorance of Nigeria. I know of real Nigerian bankers--
they are honest. Do you know why Nigerian emails always target
finance? Because next to South Africa, Nigeria has the best bankers
in Africa. Carrying coals to Newcastle kind of thing.

You seem like a smart fellow rather than a fart smellow: do you use
Windows? I hope you're not using that crippleware called Linux.

RL
 
RayLopez99 said:
Well I may be an idiot in your eyes but I did install Vista on my
other machine with no problems, as well as other programs, from a shop
in Thailand, at $5 a copy. This one, and all the ones I bought from
Russia, were much worse--none work correctly. Apparently the Thai
'pirates' are honest; honor amongst thieves? None of the programs the
Russians sold me work just right (and I'm not talking about detecting
viruses on the DVDs--even the Thais had such viruses, which are easy
to deal with and remove--rather, the programs just don't work
correctly, and may have malware in them). Now this copy of Visual
Studio 2010 Ultimate seemed to work OK, but during installation it
asked I allow it to connect to the internet. That was blocked by me,
and then problems began: after reboot, 90% of my internet access was
restricted because some process kept trying to dial out repeatedly.
Interestingly, my firewall shows it was trying, among other sites, to
dial up "badwarebusters.org" and "stopbadware.org" as well as some UK
sites. These two sites are sponsored by Fortune 500 companies
including Google, to prevent illegal file sharing. It may be that
this copy of VS was in fact a fake that was sponsored by Microsoft. I
know that sounds strange, but the music folks have been known to
deliberately allow malware to be distributed in the form of
unauthorized .mp3 files that then screw up your system, which
discourages distribution of such files.

In any case, once I restored my system to an earlier version, prior to
installation of this program, my internet access is back to 100%

A half day lost, nothing more.

Win some, lose some.

At least I'm not a 100% Linux loser.

RL
Click to expand...

ROFL!
Thank you for that - you made my day!

May I just ask...... were you being extremely witty with your satire, and
pretending to be a Windows user while pointing out all the errors of some
Windows Enthusiasts - or (is it remotely possible?) are you so absolutely
stupid that you were serious in what you wrote????
 
RayLopez99 said:
You show your ignorance of Nigeria.
Click to expand...


I guess you missed the point and the joke! :(

"I'll bet you open those emails from Nigeria claiming you just won
a million dollars."


I know of real Nigerian bankers--
they are honest. Do you know why Nigerian emails always target
finance? Because next to South Africa, Nigeria has the best bankers
in Africa. Carrying coals to Newcastle kind of thing.

You seem like a smart fellow rather than a fart smellow: do you use
Windows? I hope you're not using that crippleware called Linux.

RL
Click to expand...

Buffalo
 
I installed what may have been a pirated copy of Visual Studio 2010
Ultimate (is it possible to buy a legal copy of a USD $3000 program
for $5 in Russia? I guess so, Mr. Customs Officer), and all of a
sudden by system is really sluggish connecting to the internet. On
the other hand, my antivirus program so far has not detected anything
(Webroot), and in Athens, Greece where I'm posting they have huge
problems with the internet being slow, though now at 3:30 AM it
usually runs fast.
Click to expand...

1. There is M$ Visual Studio Express which is free
2. Did you disable your anti-virus scanner when installing that stuff?
3. What anti-virus scanner are you using?
4. A hard disk problem could also cause the system to become sluggish

--
@~@ Might, Courage, Vision, SINCERITY.
/ v \ Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10) Linux 2.6.35.7
^ ^ 22:31:01 up 18 days 23:48 1 user load average: 0.00 0.00 0.00
ä¸å€Ÿè²¸! ä¸è©é¨™! ä¸æ´äº¤! ä¸æ‰“交! ä¸æ‰“劫! ä¸è‡ªæ®º! è«‹è€ƒæ…®ç¶œæ´ (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa
 
RayLopez99 said:
I installed what may have been a pirated copy of Visual Studio 2010
Ultimate (is it possible to buy a legal copy of a USD $3000 program
for $5 in Russia?
Click to expand...

Sure, it depends on worth, not cost. I could pay full price for each of
some program, distribute (sell) modified copies each at a loss, and
recoup my losses in stolen processing power.

[...]
Do you think I have a virus?
Click to expand...

No, but then I have no information from you either way.
Probably not.
Click to expand...

Yes, probably not.
But I'll check later today. If it's a virus it's one that cannot
be detected by Webroot, which I would imagine is unusual,
Click to expand...

Not at all unusual, for *any* antivirus.
but maybe they only check for 'typical' viruses.
Click to expand...

I've never seen any statistics on the detection rate and false positive
rate of AV against "typical" viruses (whatever they are).

Usually, something either is, or is not, a virus - typical or otherwise.
It would depend on the definition being used to determine what is or is
not a virus (specifically, is a worm a virus).
Luckily I backed up everything before install and
can do a clean reinstall of the HD image file.
Click to expand...

Always good to have a recovery scheme.
One thing a bit suspicious: I got a request for Verclsid.exe to
connect to the internet after installing VS2010--on the other hand,
the file is 28673 bytes large, which the net says is a 'typical' value
for 93% of all Windows users. I wonder however if a virus author can
make the file match the 'file size signature' of a clean .exe Windows
System file, and thus fool people.
Click to expand...

Sure, it is the nature of some viruses to only infect those program
files that can be infected without changing the file size (cavity
infectors). Some viruses don't even have to make *any* changes to the
host program's file.

[...]

Why the Linux and hardware groups?
 
Well, I wouldn't get a pirated copy of anything. I think it's dumb of
you to even do it. That's just by take on it. If you can't afford to
purchase VS 2010 Ultimate, then you should be doing the next best thing,
which is to download and install the VS 2010 Express editions. From what
I understand, you are a hobbyist, and you really would have no need for
the professional version of VS 2010. Now, if you can afford to get the
professional version, that is one thing. But if you can't afford it,
then use the free editions and not some pirated copy.
Click to expand...

It was only $5 bucks though. And I did order the Pro version today.
The Express versions are always crippled and I try and avoid them.

RL
 
1. There is M$ Visual Studio Express which is free
Click to expand...

I know but the functionality of Express versions are always lacking
IMO.
2. Did you disable your anti-virus scanner when installing that stuff?
Click to expand...

No--it scanned fine--it actually (using Webroot) took 2 hours for
every file on the DVD to be scanned. But during installation the
program asked to connect to the internet--pretty standard stuff, but I
did not trust it and blocked it. It still installed fine, and I
compiled a Hello World program and it worked fine. But later the
program kept trying to dial out--even when not running--to various
sites. Some sort of clever new virus maybe? One not recorded yet by
Webroot AV (which is what I use--I think they use a Sophos engine)?
3. What anti-virus scanner are you using?
Click to expand...

See above.
4. A hard disk problem could also cause the system to become sluggish
Click to expand...

No, the problem went away when I restored my old HD image file today.
It was definitely either a new virus or "malware" (crippled version of
Visual Studio 2010 Ultimate, maybe crippled by Microsoft itself).

RL
 
Sure, it is the nature of some viruses to only infect those program
files that can be infected without changing the file size (cavity
infectors). Some viruses don't even have to make *any* changes to the
host program's file.
Click to expand...

You are either very knowledgeable about viruses, or you're making this
shiite up.

Do you have any references to this? Or is it based on your experience
as some sort of white hat uber-hacker?

RL
 
Sure, it is the nature of some viruses to only infect those program
files that can be infected without changing the file size (cavity
infectors). Some viruses don't even have to make *any* changes to the
host program's file.
Click to expand...

You are either very knowledgeable about viruses, or you're making this
shiite up.

Do you have any references to this?

***
CIH, notable for its payload, was what is known as a fragmented cavity
infector. If it found that there was enough non-contiguous space in a
program file to accommodate it, it would insert fragments of itself into
those spaces plus the data needed to stitch them back together when it
got executed by its host.

Dir II modified the filesystem so as to have an infected image in
memory, none of the hosts program's files needed to be altered, but the
filesystem itself would attach the code when they were called. There are
other examples of other infection techniques that don't make changes to
host files.
***

[...]
 
You are either very knowledgeable about viruses, or you're making this
shiite up.

Do you have any references to this?

***
CIH, notable for its payload, was what is known as a fragmented cavity
infector. If it found that there was enough non-contiguous space in a
program file to accommodate it, it would insert fragments of itself into
those spaces plus the data needed to stitch them back together when it
got executed by its host.
Click to expand...


Well I stand corrected--you are knowledgeable about viruses. But I
would imagine that a cavity infector would still fail a FastSum
checksum analysis, which looks at more than just the number of bytes.

RL
 
From: "RayLopez99" <[email protected]>



| Well I stand corrected--you are knowledgeable about viruses. But I
| would imagine that a cavity infector would still fail a FastSum
| checksum analysis, which looks at more than just the number of bytes.

Anytime you mod any file it will change its related MD5 or other checksum value.

That goes for all file infecting viruses and malware that trojanizes legitimate files.
 
You are either very knowledgeable about viruses, or you're making this
shiite up.

Do you have any references to this?

***
CIH, notable for its payload, was what is known as a fragmented cavity
infector. If it found that there was enough non-contiguous space in a
program file to accommodate it, it would insert fragments of itself
into
those spaces plus the data needed to stitch them back together when it
got executed by its host.
Click to expand...


Well I stand corrected--you are knowledgeable about viruses. But I
would imagine that a cavity infector would still fail a FastSum
checksum analysis, which looks at more than just the number of bytes.

***
True, but historically, with very simple checksum algorithms, some
viruses were able to use padding to match them.
http://csrc.nist.gov/publications/nistir/threats/subsubsection3_3_1_2.html
***
 
Back
Top