Loading ...
Sorry, an error occurred while loading the content.

Easypal & Trojan loader detection & alternate program

Expand Messages
  • Larry KA5T
    Hi all: I am just learning Digital SSTV, and have learned how to receive pix, and have received some, on 40 and 20 meters. Have also learned how to load up
    Message 1 of 24 , Feb 5, 2010
    • 0 Attachment
      Hi all:

      I am just learning Digital SSTV, and have learned how to receive pix,
      and have received some, on 40 and 20 meters. Have also learned how to
      load up and send pix...

      However, when I try to send, either with tune or transmit, my Kaspersky
      Antivirus program reports that Easypal is trying to execute a trojan
      loader in some temp directory, and zaps it. My Malwarebytes progrom
      also thinks that Easypal.exe contains a trojan loader...

      I have read some of the reflector and forum stuff about this problem,
      whether it is real or not.

      As far as I can tell, I have not been infected with the trojan, since
      Kaspersky zaps what it thinks is the loader....

      Be all that as it may, I just want to bypass the problem and get on with
      learning to do more with digital SSTV.

      While I am setting up another computer, not on the internet, to run
      Easypal, I would like to run some other program to receive and send
      digital SSTV, on my main machine. Is there such a program?

      Any recommendations on other programs???

      thanks,

      Larry
      KA5T
      Georgetown, Texas
    • paul ap dafydd
      I have had the same problem running easy pal..My anti virus picks up two trojens and they are always there. Even if you delete them after scanning easy pal
      Message 2 of 24 , Feb 6, 2010
      • 0 Attachment
        I have had the same problem running easy pal...My anti virus picks up two trojens and they are always there. Even if you delete them after scanning easy pal wont run at all. I have asked some of my friends who are big into dsstv and they dont know what it is.. Ive downloaded easypal from a number of sites and they all end up with trojens.. Your not alone old man.....

        Best wishes and good health,
              
                  Paul  gw0jty


        --- On Fri, 5/2/10, Larry KA5T <ka5t@...> wrote:

        From: Larry KA5T <ka5t@...>
        Subject: [digsstv] Easypal & Trojan loader detection & alternate program
        To: digsstv@yahoogroups.com
        Date: Friday, 5 February, 2010, 21:17

         

        Hi all:

        I am just learning Digital SSTV, and have learned how to receive pix,
        and have received some, on 40 and 20 meters. Have also learned how to
        load up and send pix...

        However, when I try to send, either with tune or transmit, my Kaspersky
        Antivirus program reports that Easypal is trying to execute a trojan
        loader in some temp directory, and zaps it. My Malwarebytes progrom
        also thinks that Easypal.exe contains a trojan loader...

        I have read some of the reflector and forum stuff about this problem,
        whether it is real or not.

        As far as I can tell, I have not been infected with the trojan, since
        Kaspersky zaps what it thinks is the loader....

        Be all that as it may, I just want to bypass the problem and get on with
        learning to do more with digital SSTV.

        While I am setting up another computer, not on the internet, to run
        Easypal, I would like to run some other program to receive and send
        digital SSTV, on my main machine. Is there such a program?

        Any recommendations on other programs???

        thanks,

        Larry
        KA5T
        Georgetown, Texas


      • Andy Eskelson
        Anti-Viri programs are not perfect. The do NOT scan for a particular item of malware as such, rather they use various forms of digital signatures (among lots
        Message 3 of 24 , Feb 7, 2010
        • 0 Attachment
          Anti-Viri programs are not perfect. The do NOT scan for a particular item
          of malware as such, rather they use various forms of digital
          "signatures" (among lots of other things) to detect suspect files.
          Sometimes this can result in a false positive, i.e. an infection free
          program is flagged as having a problem.

          Some months ago a poorly defined signature file on one of the major AV
          products caused a system file to be flagged as infected. That caused a
          lot of trouble until it was fixed. (withing a few hours as I recall)

          You need to convince yourself that such a false positive is actually
          true, and there are several ways to do this. Obviously the first thing
          to ensure is that your own setup is actually clean, then perhaps obtain
          downloads where there is something like an MD5 checksum generated for
          the file, that you can compare against after download.


          If you are happy that the file is clean and you do have a false positive,
          then you enter the file and it's location in your AV software exclude
          list.


          Andy


          On Sat, 6 Feb 2010 11:57:31 +0000 (GMT)
          paul ap dafydd <papdafydd@...> wrote:

          > I have had the same problem running easy pal..My anti virus picks up two trojens and they are always there. Even if you delete them after scanning easy pal wont run at all. I have asked some of my friends who are big into dsstv and they dont know what it is.. Ive downloaded easypal from a number of sites and they all end up with trojens.. Your not alone old man.....
          >
          > Best wishes and good health,                 Paul  gw0jty
          >
          > --- On Fri, 5/2/10, Larry KA5T <ka5t@...> wrote:
          >
          > From: Larry KA5T <ka5t@...>
          > Subject: [digsstv] Easypal & Trojan loader detection & alternate program
          > To: digsstv@yahoogroups.com
          > Date: Friday, 5 February, 2010, 21:17
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >  
          >
          >
          >
          >
          >
          >
          >
          >
          >
          > Hi all:
          >
          >
          >
          > I am just learning Digital SSTV, and have learned how to receive pix,
          >
          > and have received some, on 40 and 20 meters. Have also learned how to
          >
          > load up and send pix...
          >
          >
          >
          > However, when I try to send, either with tune or transmit, my Kaspersky
          >
          > Antivirus program reports that Easypal is trying to execute a trojan
          >
          > loader in some temp directory, and zaps it. My Malwarebytes progrom
          >
          > also thinks that Easypal.exe contains a trojan loader...
          >
          >
          >
          > I have read some of the reflector and forum stuff about this problem,
          >
          > whether it is real or not.
          >
          >
          >
          > As far as I can tell, I have not been infected with the trojan, since
          >
          > Kaspersky zaps what it thinks is the loader....
          >
          >
          >
          > Be all that as it may, I just want to bypass the problem and get on with
          >
          > learning to do more with digital SSTV.
          >
          >
          >
          > While I am setting up another computer, not on the internet, to run
          >
          > Easypal, I would like to run some other program to receive and send
          >
          > digital SSTV, on my main machine. Is there such a program?
          >
          >
          >
          > Any recommendations on other programs???
          >
          >
          >
          > thanks,
          >
          >
          >
          > Larry
          >
          > KA5T
          >
          > Georgetown, Texas
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
        • Larry KA5T
          Gang: I found a newer version of Easypal, dated 5 Feb 2010. When I load it up and execute it, my Kaspersky Antivirus program no longer detects a virus loader
          Message 4 of 24 , Feb 7, 2010
          • 0 Attachment
            Gang:

            I found a newer version of Easypal, dated 5 Feb 2010. When I load it up
            and execute it, my Kaspersky Antivirus program no longer detects a virus
            loader trying to load a virus, and clobbers it. It lets the program run.

            However, my Malwarebytes program does still detect a trojan loader in
            the installed Easypal.exe file. It does not effect the operation of the
            program apparently...

            So.. no longer looking for an alternate program to Easypal...

            Larry
            KA5T
            Georgetown, Texas
          • Larry KA5T
            Thanks, Paul... Seems like lots of people are plagued by this problem... Larry KA5T
            Message 5 of 24 , Feb 7, 2010
            • 0 Attachment
              Thanks, Paul...

              Seems like lots of people are plagued by this problem...


              Larry
              KA5T
            • Larry KA5T
              Good info Andy... thanks, Larry KA5T
              Message 6 of 24 , Feb 7, 2010
              • 0 Attachment
                Good info Andy...

                thanks,

                Larry
                KA5T
              • Howard Z
                Yes, Easypal is a wonderful program, and Yes, Easypal has been infected with a virus/spyware/whatever for a very long time. Every single time I receive a
                Message 7 of 24 , Feb 7, 2010
                • 0 Attachment
                  Yes, Easypal is a wonderful program,

                  and Yes, Easypal has been infected with a virus/spyware/whatever for a very long time.

                  Every single time I receive a picture, for many many months, I get Spybot warnings that it stopped a program in the application data temp directory. It gets deleted, but keeps coming back. It rotates among several names. I recall niceview.exe and iview.exe

                  The Easypal directory scans as uninfected - it's these temporary files that come and go that are the problem - and Easypal causes them to appear.


                  You can read more information here:
                  http://forums.qrz.com/showthread.php?t=234529

                  I followed KC2PCR's advise in the above thread and downloaded Easypal from VK4AES.COM (instead of the usual KC1CS website) and then there is no virus/spyware.

                  Howard
                • Howard Z
                  Oh Darn, On digisites, I just did a Paste to EasyPal TX and Spybot popped up a warning about iview.exe It is still infected. I m eliminating EasyPal - until
                  Message 8 of 24 , Feb 14, 2010
                  • 0 Attachment
                    Oh Darn,

                    On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a warning about iview.exe

                    It is still infected.

                    I'm eliminating EasyPal - until such time that the authors and distributing web sites investigate, explain, and eliminate the problem.

                    Howard

                    --- In digsstv@yahoogroups.com, "Howard Z" <Howard_Z@...> wrote:
                    >
                    > Yes, Easypal is a wonderful program,
                    >
                    > and Yes, Easypal has been infected with a virus/spyware/whatever for a very long time.
                    >
                    > Every single time I receive a picture, for many many months, I get Spybot warnings that it stopped a program in the application data temp directory. It gets deleted, but keeps coming back. It rotates among several names. I recall niceview.exe and iview.exe
                    >
                    > The Easypal directory scans as uninfected - it's these temporary files that come and go that are the problem - and Easypal causes them to appear.
                    >
                    >
                    > You can read more information here:
                    > http://forums.qrz.com/showthread.php?t=234529
                    >
                    > I followed KC2PCR's advise in the above thread and downloaded Easypal from VK4AES.COM (instead of the usual KC1CS website) and then there is no virus/spyware.
                    >
                    > Howard
                    >
                  • Peter Johnson
                    Hi Howard. It just happens this sort of behavior as been mentioned on many other sites it is not just happening with Easypal They tend to be false negatives. I
                    Message 9 of 24 , Feb 14, 2010
                    • 0 Attachment
                      Hi Howard.

                      It just happens this sort of behavior as been mentioned on many other sites
                      it is not just happening with Easypal
                      They tend to be false negatives.

                      I remember back in the mists of time some virus checking system where
                      flagging some windows system files as being trojans.

                      The only thing to do is contact company whose software is flagging the
                      problem and offer to send them a copy of the file that
                      is causing the problem.

                      Regards Peter


                      ----- Original Message -----
                      From: "Howard Z" <Howard_Z@...>
                      To: <digsstv@yahoogroups.com>
                      Sent: Sunday, February 14, 2010 2:51 PM
                      Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate
                      program - GOOD NEWS!


                      >
                      > Oh Darn,
                      >
                      > On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a
                      > warning about iview.exe
                      >
                      > It is still infected.
                      >
                      > I'm eliminating EasyPal - until such time that the authors and
                      > distributing web sites investigate, explain, and eliminate the problem.
                      >
                      > Howard
                      >
                      > --- In digsstv@yahoogroups.com, "Howard Z" <Howard_Z@...> wrote:
                      >>
                      >> Yes, Easypal is a wonderful program,
                      >>
                      >> and Yes, Easypal has been infected with a virus/spyware/whatever for a
                      >> very long time.
                      >>
                      >> Every single time I receive a picture, for many many months, I get Spybot
                      >> warnings that it stopped a program in the application data temp
                      >> directory. It gets deleted, but keeps coming back. It rotates among
                      >> several names. I recall niceview.exe and iview.exe
                      >>
                      >> The Easypal directory scans as uninfected - it's these temporary files
                      >> that come and go that are the problem - and Easypal causes them to
                      >> appear.
                      >>
                      >>
                      >> You can read more information here:
                      >> http://forums.qrz.com/showthread.php?t=234529
                      >>
                      >> I followed KC2PCR's advise in the above thread and downloaded Easypal
                      >> from VK4AES.COM (instead of the usual KC1CS website) and then there is no
                      >> virus/spyware.
                      >>
                      >> Howard
                      >>
                      >
                      >
                      >
                      >
                      > ------------------------------------
                      >
                      > Yahoo! Groups Links
                      >
                      >
                      >
                      >
                    • Howard Z
                      I found a response from Eric dated 12Feb2010 at http://forums.qrz.com/showthread.php?t=234529&page=5 So, I have installed and I am going to try his latest
                      Message 10 of 24 , Feb 14, 2010
                      • 0 Attachment
                        I found a response from Eric dated 12Feb2010 at
                        http://forums.qrz.com/showthread.php?t=234529&page=5

                        So, I have installed and I am going to try his latest version dated 12Feb2010.
                        In the install directory I do not see any huge list of 94 exe files as Eric mentions.
                        I only see a total of six(6)  exe files, and if this version keeps those 6 exe files out of the application temporary directory, spybot should be happy.

                        Below is Eric's response:


                        There are absolutely no virus or malware in EasyPal.
                        A former message queried why EasyPal put files into hidden folders.

                        There is a very good reason for this,
                        It allows vital files required by EasyPal to be loaded and run from a hidden directory. The install file is thus one only exe file and contains every file needed by EasyPal.
                        This protects the user who likes to fiddle, change or experiment with these vital files. Of course they may have weird names to a casual observer. This was a marvelous system that served well for many years.
                        As anti-malware programs became more aggressive, they would get suspicious of this action, which is a favorite of true malware.
                        Some anti-malware programs were flagging this behavior but never then analyzed the particular file concerned. This was an easy out for those programs and resulted in many false positives. Some high-profile anti-malware programs are guilty of this.
                        As a result, I have rewritten EasyPal to not use embedded files. This results in 94 vital files being exposed in the various EasyPal directories. These files are exactly the same as the embedded files were in previous releases.
                        Now there are no False positives, even though the files are the same.
                        It would be a losing battle to insist these anti-virus programs pulled their socks up.
                        It is a pity that many inovative programming techniques are now suspect to these programs.

                        EasyPal is now back to the bad old days where users will play with some of these vital files and complain when things do not work as expected.

                        Oh well that is life.

                        On the other hand, I will shout a few beers to anyone that can identify any malware in the latest release of EasyPal. Think I might have one or two myself now.

                        This site only came to my notice several days ago, no one bothered to report any of this to me. So EasyPal has been rewritten as a result.
                        I am sorry that this has caused concern.


                        73's de Erik VK4AES
                        Reply With Quote
                      • AA0OI
                        Howard : This is not a Trojan, a trojan loader, or any other problem with EasyPal.. This is a probem with your antivirus..ITS NOT INFECTED.  I have tested it
                        Message 11 of 24 , Feb 14, 2010
                        • 0 Attachment
                          Howard :
                          This is not a Trojan, a trojan loader, or any other problem with EasyPal.. This is a probem with your antivirus..ITS NOT INFECTED.  I have tested it with VIRUS TOTAL, which runs it in 25 different antivirus programs,, its clean,, CAN your crappy antivirus and get a good one (avg, CA etc)also
                          make sure you have the most current program 12Feb10 and get it from .  www.VK3aes.com and not from kc1cs...  If you have a problem or need help 7.173 where there is help everyday 7am till  5 or 6 at night...  Thousands of us are running with no problem...
                           
                          Garrett / AA0OI



                          From: Howard Z <Howard_Z@...>
                          To: digsstv@yahoogroups.com
                          Sent: Sun, February 14, 2010 7:51:17 AM
                          Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!

                           

                          Oh Darn,

                          On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a warning about iview.exe

                          It is still infected.

                          I'm eliminating EasyPal - until such time that the authors and distributing web sites investigate, explain, and eliminate the problem.

                          Howard

                          --- In digsstv@yahoogroups .com, "Howard Z" <Howard_Z@.. .> wrote:
                          >
                          > Yes, Easypal is a wonderful program,
                          >
                          > and Yes, Easypal has been infected with a virus/spyware/ whatever for a very long time.
                          >
                          > Every single time I receive a picture, for many many months, I get Spybot warnings that it stopped a program in the application data temp directory. It gets deleted, but keeps coming back. It rotates among several names. I recall niceview.exe and iview.exe
                          >
                          > The Easypal directory scans as uninfected - it's these temporary files that come and go that are the problem - and Easypal causes them to appear.
                          >
                          >
                          > You can read more information here:
                          > http://forums. qrz.com/showthre ad.php?t= 234529
                          >
                          > I followed KC2PCR's advise in the above thread and downloaded Easypal from VK4AES.COM (instead of the usual KC1CS website) and then there is no virus/spyware.
                          >
                          > Howard
                          >


                        • Dave Ackrill
                          ... Once again, it seems that the Malware tail is wagging the software dog. All because some people don t have a clue about what Malware detectors do. I
                          Message 12 of 24 , Feb 14, 2010
                          • 0 Attachment
                            Rob Taylor wrote:

                            > Hopefully Eriks continued work with EasyPal will now see few "false
                            > positives" that have upset so many users over the past few months.

                            Once again, it seems that the Malware tail is wagging the software dog.
                            All because some people don't have a clue about what Malware detectors do.

                            I thought it was only 'ordinary' users of Windows that suffered from
                            these delusions that Malware detectors were 100% perfect...

                            Dave (G0DJA)
                          • Howard Z
                            Garrett, It LOOKS, FEELS, BARKS, and WAGGS IT TAIL like a virus. Anyone who uses anti-malware s/w that constantly runs and monitors a system - would know it
                            Message 13 of 24 , Feb 14, 2010
                            • 0 Attachment
                              Garrett,

                              It LOOKS, FEELS, BARKS, and WAGGS IT TAIL like a virus.

                              Anyone who uses anti-malware s/w that constantly runs and monitors a system - would know it looks like a virus.

                              To then use it, well - you'd have to be a raving loon!

                              If the s/w wasn't changed, then it would DIE, as more and more anti-virus and anti-malware programs would flag it - as they should flag it.

                              The only s/w that acts this way is Easypal and the loads of viruses out there. I've never seen any other s/w act this way.

                              The Easypal author had a choice - have most of the ham world abandon his s/w - or change it so it stops acting like a virus.

                              Nobody (except a few like you) would trust the author - oh yes - your software acts just like a virus, but I trust you - I trust you won't use your software to steal my online banking passwords, credit card accounts, etc, etc.. I know you so well because we've been neighbors and best friends since childhood - you babysat my kids - I trust you with my life. I can trust your software that acts like a virus - I believe you - it is not really a virus.

                              He made the right choice.

                              Howard


                              --- In digsstv@yahoogroups.com, AA0OI <aa0oi@...> wrote:
                              >
                              > Howard :
                              > This is not a Trojan, a trojan loader, or any other problem with EasyPal.. This is a probem with your antivirus..ITS NOT INFECTED.  I have tested it with VIRUS TOTAL, which runs it in 25 different antivirus programs,, its clean,, CAN your crappy antivirus and get a good one (avg, CA etc)also
                              > make sure you have the most current program 12Feb10 and get it from .  www.VK3aes.com and not from kc1cs...  If you have a problem or need help 7.173 where there is help everyday 7am till  5 or 6 at night...  Thousands of us are running with no problem...
                              >  
                              > Garrett / AA0OI
                              >
                              >
                              >
                              >
                              > ________________________________
                              > From: Howard Z <Howard_Z@...>
                              > To: digsstv@yahoogroups.com
                              > Sent: Sun, February 14, 2010 7:51:17 AM
                              > Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!
                              >
                              >  
                              > Oh Darn,
                              >
                              > On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a warning about iview.exe
                              >
                              > It is still infected.
                              >
                              > I'm eliminating EasyPal - until such time that the authors and distributing web sites investigate, explain, and eliminate the problem.
                              >
                              > Howard
                              >
                              > --- In digsstv@yahoogroups .com, "Howard Z" <Howard_Z@ .> wrote:
                              > >
                              > > Yes, Easypal is a wonderful program,
                              > >
                              > > and Yes, Easypal has been infected with a virus/spyware/ whatever for a very long time.
                              > >
                              > > Every single time I receive a picture, for many many months, I get Spybot warnings that it stopped a program in the application data temp directory. It gets deleted, but keeps coming back. It rotates among several names. I recall niceview.exe and iview.exe
                              > >
                              > > The Easypal directory scans as uninfected - it's these temporary files that come and go that are the problem - and Easypal causes them to appear.
                              > >
                              > >
                              > > You can read more information here:
                              > > http://forums. qrz.com/showthre ad.php?t= 234529
                              > >
                              > > I followed KC2PCR's advise in the above thread and downloaded Easypal from VK4AES.COM (instead of the usual KC1CS website) and then there is no virus/spyware.
                              > >
                              > > Howard
                              > >
                              >
                            • jdow
                              Howard, there is another end to that stick as well. The Windows defaults are VERY bad for your computer health. Open a folder. Select Tools- Folder Options .
                              Message 14 of 24 , Feb 14, 2010
                              • 0 Attachment
                                Howard, there is another end to that stick as well. The Windows defaults
                                are VERY bad for your computer health.

                                Open a folder.
                                Select "Tools->Folder Options".
                                Select the View tab. Turn on each of the items down through "Do not cache
                                thumbnails". Under "Hidden files and folders" change the selection to
                                "Show hidden files and folders." Turn OFF "Hide extensions for known file
                                types". Turn OFF "Hide protected operating system files." Turn ON "Show
                                encrypted or compressed NTFS files in color." Then at the top of that
                                window press the "Apply to All Folders" button.

                                Seriously, hiding extensions on files, hiding files, and the like is a
                                VERY serious invitation to problems.

                                And anybody who messes with the files in a program's directory under
                                Program Files is asking for problems unless they know VERY well what
                                they are doing. Even a text file with a line ending changed from a
                                single line feed to a carriage-return and line feed pair can kill some
                                programs when they parse the files for data in a format they know they
                                wrote themselves. (It is good programming practice to recover from such
                                errors. But some programs are not as well written as others.)

                                Get used to seeing foddle.exe on files. That way when you see something
                                like puddle.jpg.exe you KNOW it was meant to fool you into running a
                                file that will do really bad things to your system. (If common extensions
                                are hiden that displays as "puddle.jpg" and you figure, "Oh, that's just
                                a jpeg file." The next words are often, "Oh <expletive deleted.>"

                                {^_^} Joanne, W6MKU
                                ----- Original Message -----
                                From: "Howard Z" <Howard_Z@...>
                                Sent: Sunday, 2010/February/14 20:25


                                Garrett,

                                It LOOKS, FEELS, BARKS, and WAGGS IT TAIL like a virus.

                                Anyone who uses anti-malware s/w that constantly runs and monitors a
                                system - would know it looks like a virus.

                                To then use it, well - you'd have to be a raving loon!

                                If the s/w wasn't changed, then it would DIE, as more and more anti-virus
                                and anti-malware programs would flag it - as they should flag it.

                                The only s/w that acts this way is Easypal and the loads of viruses out
                                there. I've never seen any other s/w act this way.

                                The Easypal author had a choice - have most of the ham world abandon his
                                s/w - or change it so it stops acting like a virus.

                                Nobody (except a few like you) would trust the author - oh yes - your
                                software acts just like a virus, but I trust you - I trust you won't use
                                your software to steal my online banking passwords, credit card accounts,
                                etc, etc.. I know you so well because we've been neighbors and best friends
                                since childhood - you babysat my kids - I trust you with my life. I can
                                trust your software that acts like a virus - I believe you - it is not
                                really a virus.

                                He made the right choice.

                                Howard


                                --- In digsstv@yahoogroups.com, AA0OI <aa0oi@...> wrote:
                                >
                                > Howard :
                                > This is not a Trojan, a trojan loader, or any other problem with EasyPal..
                                > This is a probem with your antivirus..ITS NOT INFECTED. I have tested it
                                > with VIRUS TOTAL, which runs it in 25 different antivirus programs,, its
                                > clean,, CAN your crappy antivirus and get a good one (avg, CA etc)also
                                > make sure you have the most current program 12Feb10 and get it from . Â
                                > www.VK3aes.com and not from kc1cs... If you have a problem or need help
                                > 7.173 where there is help everyday 7am till  5 or 6 at night...Â
                                > Thousands of us are running with no problem...
                                > Â
                                > Garrett / AA0OI
                                >
                                >
                                >
                                >
                                > ________________________________
                                > From: Howard Z <Howard_Z@...>
                                > To: digsstv@yahoogroups.com
                                > Sent: Sun, February 14, 2010 7:51:17 AM
                                > Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate
                                > program - GOOD NEWS!
                                >
                                > Â
                                > Oh Darn,
                                >
                                > On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a
                                > warning about iview.exe
                                >
                                > It is still infected.
                                >
                                > I'm eliminating EasyPal - until such time that the authors and
                                > distributing web sites investigate, explain, and eliminate the problem.
                                >
                                > Howard
                                >
                                > --- In digsstv@yahoogroups .com, "Howard Z" <Howard_Z@ .> wrote:
                                > >
                                > > Yes, Easypal is a wonderful program,
                                > >
                                > > and Yes, Easypal has been infected with a virus/spyware/ whatever for a
                                > > very long time.
                                > >
                                > > Every single time I receive a picture, for many many months, I get
                                > > Spybot warnings that it stopped a program in the application data temp
                                > > directory. It gets deleted, but keeps coming back. It rotates among
                                > > several names. I recall niceview.exe and iview.exe
                                > >
                                > > The Easypal directory scans as uninfected - it's these temporary files
                                > > that come and go that are the problem - and Easypal causes them to
                                > > appear.
                                > >
                                > >
                                > > You can read more information here:
                                > > http://forums. qrz.com/showthre ad.php?t= 234529
                                > >
                                > > I followed KC2PCR's advise in the above thread and downloaded Easypal
                                > > from VK4AES.COM (instead of the usual KC1CS website) and then there is
                                > > no virus/spyware.
                                > >
                                > > Howard
                                > >
                                >




                                ------------------------------------

                                Yahoo! Groups Links
                              • AA0OI
                                Take EasyPal and do not unpack it and go to the internet and put it in virus total   http://www.virustotal.com/  it will run a virus check  with 30 some
                                Message 15 of 24 , Feb 15, 2010
                                • 0 Attachment

                                  Take EasyPal and do not unpack it and go to the internet and put it in virus total   http://www.virustotal.com/  it will run a virus check  with 30 some different virus checkers.. Have been running EasyPal from the begining and check ALL and every program I down load with Virus Total.. Also run AVG Pro and CA..  JUst what AV are you running,, Norton is a Kown problem.. No one on 7.173 ( about 30 people ) have had any problem and are all running a mis mash of AV program ( except for the Norton people))  Maybe you should just give up on EasyPal.. 
                                  Garrett / AA0OI



                                  From: Howard Z <Howard_Z@...>
                                  To: digsstv@yahoogroups.com
                                  Sent: Sun, February 14, 2010 10:25:30 PM
                                  Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!

                                   

                                  Garrett,

                                  It LOOKS, FEELS, BARKS, and WAGGS IT TAIL like a virus.

                                  Anyone who uses anti-malware s/w that constantly runs and monitors a system - would know it looks like a virus.

                                  To then use it, well - you'd have to be a raving loon!

                                  If the s/w wasn't changed, then it would DIE, as more and more anti-virus and anti-malware programs would flag it - as they should flag it.

                                  The only s/w that acts this way is Easypal and the loads of viruses out there. I've never seen any other s/w act this way.

                                  The Easypal author had a choice - have most of the ham world abandon his s/w - or change it so it stops acting like a virus.

                                  Nobody (except a few like you) would trust the author - oh yes - your software acts just like a virus, but I trust you - I trust you won't use your software to steal my online banking passwords, credit card accounts, etc, etc.. I know you so well because we've been neighbors and best friends since childhood - you babysat my kids - I trust you with my life. I can trust your software that acts like a virus - I believe you - it is not really a virus.

                                  He made the right choice.

                                  Howard

                                  --- In digsstv@yahoogroups .com, AA0OI <aa0oi@...> wrote:
                                  >
                                  > Howard :
                                  > This is not a Trojan, a trojan loader, or any other problem with EasyPal.. This is a probem with your antivirus..ITS NOT INFECTED.  I have tested it with VIRUS TOTAL, which runs it in 25 different antivirus programs,, its clean,, CAN your crappy antivirus and get a good one (avg, CA etc)also
                                  > make sure you have the most current program 12Feb10 and get it from .  www.VK3aes.com  and not from kc1cs...  If you have a problem or need help 7.173 where there is help everyday 7am till  5 or 6 at night...  Thousands of us are running with no problem...
                                  >  
                                  > Garrett / AA0OI
                                  >
                                  >
                                  >
                                  >
                                  > ____________ _________ _________ __
                                  > From: Howard Z <Howard_Z@.. .>
                                  > To: digsstv@yahoogroups .com
                                  > Sent: Sun, February 14, 2010 7:51:17 AM
                                  > Subject: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!
                                  >
                                  >  
                                  > Oh Darn,
                                  >
                                  > On digisites, I just did a "Paste to EasyPal TX" and Spybot popped up a warning about iview.exe
                                  >
                                  > It is still infected.
                                  >
                                  > I'm eliminating EasyPal - until such time that the authors and distributing web sites investigate, explain, and eliminate the problem.
                                  >
                                  > Howard
                                  >
                                  > --- In digsstv@yahoogroups .com, "Howard Z" <Howard_Z@ .> wrote:
                                  > >
                                  > > Yes, Easypal is a wonderful program,
                                  > >
                                  > > and Yes, Easypal has been infected with a virus/spyware/ whatever for a very long time.
                                  > >
                                  > > Every single time I receive a picture, for many many months, I get Spybot warnings that it stopped a program in the application data temp directory. It gets deleted, but keeps coming back. It rotates among several names. I recall niceview.exe and iview.exe
                                  > >
                                  > > The Easypal directory scans as uninfected - it's these temporary files that come and go that are the problem - and Easypal causes them to appear.
                                  > >
                                  > >
                                  > > You can read more information here:
                                  > > http://forums. qrz.com/showthre ad.php?t= 234529
                                  > >
                                  > > I followed KC2PCR's advise in the above thread and downloaded Easypal from VK4AES.COM (instead of the usual KC1CS website) and then there is no virus/spyware.
                                  > >
                                  > > Howard
                                  > >
                                  >


                                • Alan
                                  ... From: AA0OI Subject: Re: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS! ... And Google Anitvirus false positives 73
                                  Message 16 of 24 , Feb 15, 2010
                                  • 0 Attachment
                                    ----- Original Message -----
                                    From: "AA0OI
                                    Subject: Re: [digsstv] Re: Easypal & Trojan loader detection & alternate
                                    program - GOOD NEWS!



                                    >Take EasyPal and do not unpack it and go to the internet and put it in
                                    >virus total http://www.virustotal.com/ it will run a virus check

                                    And Google "Anitvirus false positives"

                                    73 Alan G4ZFQ
                                  • utility_world
                                    I can confirm that there is something weird happening with EasyPal. The download detects clean, and the program was fine until about a week ago, after I d been
                                    Message 17 of 24 , Mar 15 1:34 PM
                                    • 0 Attachment
                                      I can confirm that there is something weird happening with EasyPal.

                                      The download detects clean, and the program was fine until about a week ago, after I'd been using it a lot. Now every time EasyPal runs it creates a compressed file in its home folder called loop.zip. Norton tags this as a Trojan loader and "quarantines" it.

                                      The loop.zip can be deleted and it doesn't come back until EasyPal is run, then it's there again.

                                      I have a weird theory. If digi SSTV can transfer any files, is someone using it to pass malware?

                                      I don't want to go public with this until I have more information, but neither do I want EasyPal on my computer until I can resolve this issue.

                                      -hugh


                                      --- In digsstv@yahoogroups.com, "Howard Z" <Howard_Z@...> wrote:
                                      >
                                      > Yes, Easypal is a wonderful program,
                                      >
                                      > and Yes, Easypal has been infected with a virus/spyware/whatever for a very long time.
                                      >
                                    • Dave Jones
                                      Hi Hugh, I m running EasyPal 12/MAR/2010 on three computers running XP home, Vista HP, and Windows 7 HP. You did not mention your version or OS here or on
                                      Message 18 of 24 , Mar 16 3:03 AM
                                      • 0 Attachment
                                        Hi Hugh,

                                        I'm running EasyPal 12/MAR/2010 on three computers running XP home, Vista HP, and Windows 7 HP.  You did not mention your version or OS here or on your blog at: http://mt-utility.blogspot.com/

                                        On each of my computers I have deleted the file "LOOP.ZIP", sent and received pictures, closed and restarted Easypal, re-booted the system and the file "LOOP.ZIP" does not come back.  Since this file keeps coming back on your system, I agree that there is something weird happening but it would seem that it is only with your system and may have nothing to do with EasyPal.  Could it be that the EasyPal install is being run each time?  Perhaps there is some sort of restore running on your computer.  If not, then there may be a virus on your system replicating files.

                                        The file "LOOP.ZIP" has been around for nearly three years and during that time Norton AV has not had a problem with this file.  Recent AV definitions from Norton are coming up with many false positives even on old files that Norton once scanned as OK.

                                        The file "LOOP.ZIP" only contains the file "LOOP.DLL".  It is only needed on some installations where a SDR requires a VAC.

                                        Any program that transfers files could pass malware.  The files sent with EasyPal are generally very small, perhaps 20 to 40 KB.  I should think that files that contain  malware are likely to be much larger than that.  However, it could easily provide a link to a web site or file on the web that is infected.  I have used EasyPal to send files that contain a test virus.  Some systems will catch it while others do not.  In cases of incomplete file transfer, corrupt image files may be stored.  An AV program may detect some of these files as Trojans, all false positives.

                                        Erik, VK4AES has worked very hard making changes with EasyPal to accommodate the AV and malware detection programs.  If you are not running the latest version, it may have issues with the current AV and malware detection programs.

                                        73 Dave KB4YZ

                                        utility_world wrote:
                                         

                                        I can confirm that there is something weird happening with EasyPal.

                                        The download detects clean, and the program was fine until about a week ago, after I'd been using it a lot. Now every time EasyPal runs it creates a compressed file in its home folder called loop.zip. Norton tags this as a Trojan loader and "quarantines" it.

                                        The loop.zip can be deleted and it doesn't come back until EasyPal is run, then it's there again.

                                        I have a weird theory. If digi SSTV can transfer any files, is someone using it to pass malware?

                                        I don't want to go public with this until I have more information, but neither do I want EasyPal on my computer until I can resolve this issue.

                                        -hugh




                                      • Utility World (Hugh Stegman)
                                        Thanks, Dave. Loop.zip has not come back since EasyPal was uninstalled. OS is Windows XP, Media Center Edtion, Version 2002, Service Pack 3. System Restore is
                                        Message 19 of 24 , Mar 16 9:26 AM
                                        • 0 Attachment
                                          Thanks, Dave.

                                          Loop.zip has not come back since EasyPal was uninstalled.

                                          OS is Windows XP, Media Center Edtion, Version 2002, Service Pack 3.
                                          System Restore is turned off, since Norton blocks it anyway. The
                                          version of EasyPal is unavailable, since I deleted everything. I think
                                          it's the one before this recent one came out.

                                          I do know that Norton is giving the alarm on loop.dll, which it may be
                                          confusing with loop.exe, a file associated with Trojans. Someone on QRZ
                                          was talking about loop.dll being used with SDRs, as you say.

                                          My guess is that Norton is giving a false positive. This would
                                          certainly not be the first time, or even the first time this month.


                                          -hugh
                                        • AA0OI
                                          You should read the right up on Norton in the trade mags.. It is one of the biggest memory hogs and worst anti virus there is ( see Maxium PC)  many many
                                          Message 20 of 24 , Mar 16 12:22 PM
                                          • 0 Attachment
                                            You should read the right up on Norton in the trade mags.. It is one of the biggest memory hogs and worst anti virus there is ( see Maxium PC)  many many false Postives not to mention they are being sued by many other companies for trade infringments..Try AVG or even MicroSofts new free anitvirus.. Norton (has not always been) but is the bottom of the barrel.. There is nothing wrong with EasyPal,, I've been running it (beta tester) from the day it came out..It runs fine on all 9 of my computers from windows 98 to windows 7 64 bit...
                                             
                                            Garrett / AA0OI



                                            From: Utility World (Hugh Stegman) <utilityworld@...>
                                            To: digsstv@yahoogroups.com
                                            Sent: Tue, March 16, 2010 11:26:50 AM
                                            Subject: Re: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!

                                             

                                            Thanks, Dave.

                                            Loop.zip has not come back since EasyPal was uninstalled.

                                            OS is Windows XP, Media Center Edtion, Version 2002, Service Pack 3.
                                            System Restore is turned off, since Norton blocks it anyway. The
                                            version of EasyPal is unavailable, since I deleted everything. I think
                                            it's the one before this recent one came out.

                                            I do know that Norton is giving the alarm on loop.dll, which it may be
                                            confusing with loop.exe, a file associated with Trojans. Someone on QRZ
                                            was talking about loop.dll being used with SDRs, as you say.

                                            My guess is that Norton is giving a false positive. This would
                                            certainly not be the first time, or even the first time this month.

                                            -hugh


                                          • David Myers
                                            This thread keeps surfacing thru the years. There is no problem with EasyPal, either in the Install or running of the program. Norton s is the problem and has
                                            Message 21 of 24 , Mar 16 6:24 PM
                                            • 0 Attachment
                                              
                                              This thread keeps surfacing thru the years.
                                               
                                              There is no problem with EasyPal, either in the Install or running of the program.  Norton's is the problem and has been for many years, not only with EasyPal, but other applications as well.
                                               
                                              I service and repair computers, and over 90% of problems come from the Nortons installation. You can uninstall it, and then spend half an hour manualy deleting the rest of it's files spread throughout the computer and Registry. That's how badly produced it is....
                                              Google Norton Uninstall and have a look at the amount of programs that are produced to try to get rid of it!
                                               
                                              Get rid of Nortons and you get rid of your problems.
                                               
                                              Dave  VK2RD / VE3DFK
                                            • Utility World (Hugh Stegman)
                                              Everything said here about Norton is true, and I remember when it was so bad that it wouldn t even run right after a few updates. It s still a major resource
                                              Message 22 of 24 , Mar 17 9:28 AM
                                              • 0 Attachment
                                                Everything said here about Norton is true, and I remember when it was so
                                                bad that it wouldn't even run right after a few updates. It's still a
                                                major resource hog and produces false detections every day. It triggers
                                                when Google Updater operates normally.

                                                Unfortunately, it came pre-loaded on my last two computers. As you say,
                                                it can be a major undertaking getting rid of all its left over crap
                                                after an uninstall. Then there's the convenience thing of it just being
                                                there, not that it's any good excuse to settle for a lousy product.

                                                I probably need to be more careful about this when I go looking for
                                                machines.

                                                -hugh


                                                David Myers wrote:

                                                > I service and repair computers, and over 90% of problems come from the
                                                > Nortons installation. You can uninstall it, and then spend half an hour
                                                > manualy deleting the rest of it's files spread throughout the computer
                                                > and Registry. That's how badly produced it is....
                                              • David Little
                                                FWIW, Norton is probably one of the most persistent Viral infections in existence. The easiest way to remove it is not to install it. The second best method is
                                                Message 23 of 24 , Mar 17 10:30 AM
                                                • 0 Attachment
                                                  Message
                                                  FWIW, Norton is probably one of the most persistent Viral infections in existence.
                                                   
                                                  The easiest way to remove it is not to install it.
                                                   
                                                  The second best method is to reformat and reinstall the Operating System.
                                                   
                                                  It wasn't this way when Peter Norton wrote and distributed it...
                                                   
                                                  David
                                                  KD4NUE
                                                   
                                                   
                                                   
                                                  -----Original Message-----
                                                  From: digsstv@yahoogroups.com [mailto:digsstv@yahoogroups.com] On Behalf Of Utility World (Hugh Stegman)
                                                  Sent: Wednesday, March 17, 2010 12:28 PM
                                                  To: digsstv@yahoogroups.com
                                                  Subject: Re: [digsstv] Re: Easypal & Trojan loader detection & alternate program - GOOD NEWS!

                                                   

                                                  Everything said here about Norton is true, and I remember when it was so
                                                  bad that it wouldn't even run right after a few updates. It's still a
                                                  major resource hog and produces false detections every day. It triggers
                                                  when Google Updater operates normally.

                                                  Unfortunately, it came pre-loaded on my last two computers. As you say,
                                                  it can be a major undertaking getting rid of all its left over crap
                                                  after an uninstall. Then there's the convenience thing of it just being
                                                  there, not that it's any good excuse to settle for a lousy product.

                                                  I probably need to be more careful about this when I go looking for
                                                  machines.

                                                  -hugh

                                                  David Myers wrote:

                                                  > I service and repair computers, and over 90% of problems come from the
                                                  > Nortons installation. You can uninstall it, and then spend half an hour
                                                  > manualy deleting the rest of it's files spread throughout the computer
                                                  > and Registry. That's how badly produced it is....

                                                • Utility World (Hugh Stegman)
                                                  Darn right it wasn t. Peter Norton is now a rich guy with a huge art collection, and as you are probably only too aware, Symantec bought the Norton brand and
                                                  Message 24 of 24 , Mar 17 4:54 PM
                                                  • 0 Attachment
                                                    Darn right it wasn't. Peter Norton is now a rich guy with a huge art
                                                    collection, and as you are probably only too aware, Symantec bought the
                                                    Norton brand and turned it into badly conceived bloatware. Then they
                                                    bought a perfectly good little software firewall from a company I don't
                                                    recall, bloated that up, and added it to the sodden mess.

                                                    Too bad. Like everyone else, I have the Pink Shirt Book still around
                                                    somewhere. Some of us also remember hacking physical disk sectors with
                                                    his editor and saving stupidly deleted files manually one at a time with
                                                    his undelete. Ah, the bygone days of computing.

                                                    -hugh


                                                    David Little wrote:

                                                    > It wasn't this way when Peter Norton wrote and distributed it...
                                                  Your message has been successfully submitted and would be delivered to recipients shortly.