33 réponses à ce sujet

[Dwayne]

The strangest thing happened yesterday. A file labeled as nwnpatch 170 just appeared on my desktop. Norton says there is nothing wrong with it. I did NOT download this. Could nwn complete have done this? Maybe as a fix for their mistake of not having version 1.69 but saying it does have it? I guess I should have just kept my original copies installed but I wanted the extra content.

[ehye_khandee]

1.70 is not an official BIoware release, it was done by a community member. I can't imagine why or how it could get placed on your desktop. My advice is check your firewall and do a virus scan, after that IF you want version 1.70 download it from a reputable source.

Be well. Game on.
GM_ODA

[Dwayne]

It just appeared at 10:54pm last night. I was not even using the internet. My firewall is fine and the file is harmless. Virus scan turned up nothing. I used Norton insight to check out details on the file. All it could tell me was it is 39.2 mb in size and it was created on 11-16-2012. Norton said that it did not know where it was downloaded from. I do not want the 1.70 community patch. I believe some problems were reported. I guess I will just delete the file and file it under the X-Files.

Modifié par Dwayne, 18 novembre 2012 - 02:12 .

[henesua]

actually you should read up on the patch. The claim that the patch is bugged are false. In fact 1.70 includes many bug fixes that are handy to have.

[Dwayne]

I just went and downloaded the 1.70 patch. It appears to be the same as the other but it is different when you examine it. The mysterious file is slightly larger. Norton can also tell me where the nwn vault copy came from.
Henesua I will read more about the 1.70 patch and see about trying it. Thanks.

[Lazarus Magni]

That is the strangest thing...

[Shadooow]

Dwayne wrote...

The strangest thing happened yesterday. A file labeled as nwnpatch 170 just appeared on my desktop. Norton says there is nothing wrong with it. I did NOT download this. Could nwn complete have done this? Maybe as a fix for their mistake of not having version 1.69 but saying it does have it? I guess I should have just kept my original copies installed but I wanted the extra content.

AFAIK community patch is not distributed with any nwn version or other projects like CEP, at least I wasn't informed about this and Im the CP founder.

As far as usefullness, try it and make your own decision. There are some haters out there spreading rumors to harm the project's reputation, but what you can lose with trying this out?

If certain PW claims that CP can mess with their server, they are simply wrong.

[ehye_khandee]

Dwayne wrote...

It just appeared at 10:54pm last night. I was not even using the internet. My firewall is fine and the file is harmless. Virus scan turned up nothing. I used Norton insight to check out details on the file. All it could tell me was it is 39.2 mb in size and it was created on 11-16-2012. Norton said that it did not know where it was downloaded from. I do not want the 1.70 community patch. I believe some problems were reported. I guess I will just delete the file and file it under the X-Files.

IF YOU HAVE NORTON ON YOUR SYSTEM  you are likely vulernable to several exploits it is susceptable to...

When files just appear - and no human is using the system it appears on, you have something running amok.


A scan is only as good as the scanning software (and sometimes the user). NEVER TRUST JUST ONE SCAN.

The only effective Anti-Virus software I've ever found (30+ yrs) is AVG by grisoft.com  --- I strongly recommend you try their free downloadable bootable DVD to scan from a clean boot.

Be well. Game on.
GM_ODA

Modifié par ehye_khandee, 18 novembre 2012 - 01:30 .

[ehye_khandee]

NOTE, this might not be ordinary malware as it sounds quite well targeted to YOU. Likely someone is seeing all your keystrokes.

Think 'rootkit'.

Modifié par ehye_khandee, 18 novembre 2012 - 04:30 .

[Dwayne]

I have done several scans and still nothing. I was ready to just delete it but I may copy it for my older computer. It has NWN on it and is never used. Then I would know what it does. I will of course disconnect the internet before running it.

[Shadooow]

I think that ehye_khandee needlessly frightening you

rootkit? seriously this crap is gone lot of years lol, do you have antivirus software? such crap wouldn't ever get around this, I don't even have AV software anymore, firewall is all what is needed for safety if you follow some basic internet/download rules.

And why would anyone that have access to your computer try to send you "community patch 1.70" ? I guess it was simply packaged with some´thing you ve downloaded - try to redownload these packages and check this - I as a CP founder never heard that its included in anything, namely doubt it would be in NWN complete (too bad rep for that), but that doesn't mean that it isn't there. Some peoples just don't give a sh*t about those who spared months of improving this game and redistributes content in there on their own.

So, if you already made more than one scan don't bother reinstalling anything, you should be safe.

[Baaleos]

While I agree its probably innocent - this particular instance, I do however think that a community as dependant on custom content as Neverwinter Nights is - custom content creators should protect their works and prove the authenticity via crc/md5 hashing.

Im surprised the vault doesnt provide this functionality for all of its downloads.

This doesnt prevent someone from tampering with a file, or putting viruses in it, but it does stop them from passing the files off as originals, and will indicate that the file was altered since its original release.

Eg - If you bundle the package up into a zip, and calculate its md5 as
f343425ababaddd3434555099094

You would then provide that for public record.
If a player then receives a version of the bundle, that has a differernt md5 - we could then discern that some how, they got an illegitamit version of the bundle from another source.

Original Authors reputation = untarnished.

[Baaleos]

FYI -
I use a content Downloader application I developed - to automate the process of downloading content to players of my PW Server.
I process each music, 2da, and mp3 file, getting the md5 info.
Store it in an XML, and then this constitutes the file list to download.
If the local file exists, and its md5 matches the one in the XML = No need to download.
Else - Download (unless its marked for deletion)

<?xml version="1.0" ?>
- <Files>
- <File>
<FileName>219.bmu</FileName>
<Size>2561160</Size>
<Date>1277584559</Date>
<MD5>ee61da9193b63333ca03df4ac6259bf3</MD5>
<DELETE>FALSE</DELETE>
</File>
- <File>
<FileName>ffxiii_dust2d.bmu</FileName>
<Size>3662064</Size>
<Date>1277089435</Date>
<MD5>0d1c1af6665dce0d41e2f2e4f01fa30e</MD5>
<DELETE>FALSE</DELETE>
</File>
- <File>
<FileName>229.bmu</FileName>
<Size>3305545</Size>
<Date>1277584693</Date>
<MD5>7003eda8ea94bf0af41a501e2bb8b85c</MD5>
<DELETE>FALSE</DELETE>
</File>
- <File>
<FileName>202.bmu</FileName>
<Size>2720820</Size>
<Date>1277584375</Date>
<MD5>1ae1cd90576c39d132a4a62daa842c96</MD5>
<DELETE>FALSE</DELETE>
</File>

And then I download the file from my webSite
or
If there are any players online using my resource downloader, it will request the file from that online player instead, but only if their MD5 also matches the one being requested.

This prevents one player trying to infect others, because if the MD5 is changed or altered, it wont be allowed to stay/transfer across the resource distribution network.

[ehye_khandee]

ShaDoOoW wrote...

I think that ehye_khandee needlessly frightening you

rootkit? seriously this crap is gone lot of years lol, do you have antivirus software? such crap wouldn't ever get around this, I don't even have AV software anymore, firewall is all what is needed for safety if you follow some basic internet/download rules.

And why would anyone that have access to your computer try to send you "community patch 1.70" ? I guess it was simply packaged with some´thing you ve downloaded - try to redownload these packages and check this - I as a CP founder never heard that its included in anything, namely doubt it would be in NWN complete (too bad rep for that), but that doesn't mean that it isn't there. Some peoples just don't give a sh*t about those who spared months of improving this game and redistributes content in there on their own.

So, if you already made more than one scan don't bother reinstalling anything, you should be safe.

You utterly miss the point Shadoooooow. And more, you are as wrong as wrong gets.

What miscreants do they do, it is not a reflection on you or your software. There is nothing in this world to prevent miscreants from doing just as outlined on the users system. To NOT council them that it is a possibility would be foolish.

Antivirus softwares are NOT all the same, some are utter garbage some even little more than a scam. Why you rush in to defend AV software without making distinction between the good and the garbage is utterly beyond logic and my comprehension.

Why do hackers do bad things? Go ask them. But take it as read that they do these things. If you are unaware of such things, go educate yourself on the matter.

Frankly "such crap" WOULD get around this and often does. That you don't use AV software at all demonstrates your lack of understanding in these matters. By all means do risk your system, but note, I'll never look at one of your downloads as I feel in light of your comment that such would be my own folly.

Go re-read the OP. It states clearly the software appeared at a time when NO ONE WAS ON HIS COMPUTER. Once you've digested that fact, you'll see that the rest of your assumptions are - completely out there. Note that the OP examined your uploaded file and that on his desktop and NOTED DIFFERENCES. Now, what part of that tells you 'it is all ok?'

One final note, stop taking any comment about patch1.70 as a personal insult. We are talking here about security NOT any aspect of your own software. For all intents and purposes, this file we are specifically talking about seems to have walked in under its own accord. This is utterly NOT RIGHT and needs to be dealt with carefully, with the right tools and the right POV.

Be well. Game ON.
GM_ODA
http://playnwn.com



O.P. If you need some professional level advice, contact us via our web page or forum and we'll help you sort this out properly. Unlike Shadoooooow we have solid lore in this area on which to draw.


[edited spelling oopsies]

Modifié par ehye_khandee, 20 novembre 2012 - 03:39 .

[SHOVA]

I put forth that the OP clicked on shadows patch by accident, did not realize that it started the download process, and did not notice until the next day that it completed and placed it on his desk top. That alone is more plausible than someone root-kiting it onto his computer.

[Baaleos]

Of course - there is no definitive way to prove either scenario.

If he downloads the current release of 1.70 - and compares file size, all this proves is that the one he has now, may be an earlier or later release of the 1.70 - OR it may indeed be a tempered version.

Now - acting as Devils Advocate here.
I can see where both ShaAaDow and Khandee are coming from.

I - Like Shadow - believe the best defense against hackers is common sense.
Hackers dont have an online directory that they consult where they can find specific individuals to target. All of their targets make names for themselves, or do specific things that make them targets. Eg - Visit dodgy websites, install bad software, or hangs around with the wrong online community etc. Its peoples behaviours online that often leads to mistakes, which leads to faults, which leads to 'Whoops... I guess I shouldnt have installed that Cracked Software....'
(Took that from ISTQB -> Developers make Mistakes -> Faults -> Defects )

But also - Like Khandee,
I do think its somewhat 'asking' for trouble to just rely on a firewall to protect you, and not have an extra layer of security. This is Shadooows personal preference, but I dont quite agree with it.
Anti-Virus software is specifically designed to be updated regularly with new virus definitions, where as more firewalls are not.
Anti-Virus software is designed to stop software the exhibit specific behaviors - where as firewalls target applications that make connections on ports.
An example of the distinction would be this:

An Anti Virus would be able to prevent a program I write, from closing your Anti-Virus, from accessing your Documents Folder, and Uploading them to a remote location.

A Firewall, would not prevent my program from closing your firewall, or from accessing your documents folder, although it may stop it from uploading the files to an external location: But wait.... didnt we close the firewall on step 1?

Firewalls provide very connection/network specific type of security, but still leaves you wide open to a number of different types of software type viruses.

A firewall wont stop me from writing a program that copies itself 10 times every 10 minutes, slowing draining your HDD Space over the course of a week, but an Anti-Virus may.

Anyway - play nice you two... you both have valid points, just different preferences.

[Aelis Eine]

Maybe you have file sends on some IM protocol set to auto accept and a friend sent it to you?

[Baaleos]

I suggest checking the date it was created/modified to find out when it appeared, then check windows event viewer to see what happened around that time.
that will tell you if anyone was logged on etc

[ehye_khandee]

SHOVA wrote...

I put forth that the OP clicked on shadows patch by accident, did not realize that it started the download process, and did not notice until the next day that it completed and placed it on his desk top. That alone is more plausible than someone root-kiting it onto his computer.

The OP stated NOBODY was on his computer at the time the strange file appeared on his desktop.


I posit the system may have been previously compromised, the miscreants could read what you have on your rig, and then doctor up software they think you might be tempted to use, and place it on your desktop hoping you might click it accidentally or out of curiosity. This is not a rare scenario either. Competant sorts can do things with your rig that would amaze most folks.

Modifié par ehye_khandee, 20 novembre 2012 - 04:53 .

[SHOVA]

if nobody was on his computer, then how did he notice it appear?
I get it eye, Perhaps something miscreant took place. But more likely, he miss clicked, went to bed, and saw the result of the miss click. It happens. It happens more than everyone likes to admit. I think that a miss click is by far more likely, than someone haking his computer, and placing some dangerous file renamed after shadows patch.

[Baaleos]

ehye_khandee wrote...

SHOVA wrote...

I put forth that the OP clicked on shadows patch by accident, did not realize that it started the download process, and did not notice until the next day that it completed and placed it on his desk top. That alone is more plausible than someone root-kiting it onto his computer.

The OP stated NOBODY was on his computer at the time the strange file appeared on his desktop.


I posit the system may have been previously compromised, the miscreants could read what you have on your rig, and then doctor up software they think you might be tempted to use, and place it on your desktop hoping you might click it accidentally or out of curiosity. This is not a rare scenario either. Competant sorts can do things with your rig that would amaze most folks.

Its certainly 'possible' that this happened.
But whether it is plausible is another question.

Just because a file appears, that the user cannot remember downloading, does not necessarilly proclude the possibility that he may have just downloaded it and forgot.

I've done that lots of times.
I've got hundreds of thousands of files on my machine, that I have gathered and downloaded over the years,
and there are even times when I download something on a saturday, then on the sunday, I have to double click on it to remind myself what it was.

Assuming a file is nefarious in nature, because its origins cannot be recalled, seems a little overkill.

I'd recommend he downloads a reasonably good Anti-virus (avast, or avg are good free ones)
scan the file, and trust the virus scanners determination - as it is not influeced by bias.

[ehye_khandee]

This is from m-w.com

1
: superficially fair, reasonable, or valuable but often specious <a plausible pretext>
2
: [omitted for relevancy]
3
: appearing worthy of belief <the argument was both powerful and plausible>


A healthy sense of paranoia will save you LOTS of computer headaches. It IS plausible that some miscreant could have done exactly what I've outlined and it is the fool who pretends it not so. It is better to be paranoid, test things well and be safe than to relegate your system to the whims of those who know more computer lore or have better scriptkiddie tools than you do.


The facts as stated by the OP are that the file appeared at a time when no-one was using the system, and that this file differs from the vault version in some unspecified way. Please make comments that at least stay within the known facts as stated by the OP.

Modifié par ehye_khandee, 20 novembre 2012 - 05:15 .

[Baaleos]

I think you mis-understood my use of the word plausible.

Yes - Plausible can be likend to

Possible that someone could have done it.
Plausible that someone could have done it.

My use was more along the lines of
Is it plausible that someone has done it.

Paranoia may save you computer head aches, but experience tells me it causes alot more stress headaches.

[SHOVA]

I will agree to disagree, until the OP runs anti-virus, and looks at the logs. If there is no actual threat found by the anti-virus, then Eye, your opinion is way out there. If there is something nefarious in it, I will of course tell everyone how right you are.

[ehye_khandee]

No, my opinion is simple; test do not guess. I advocate GOOD COMPUTER USER HABITS, you are pressing 'just trust it' and that is an EPIC FAIL in the making.

Testing as I advocate is the right thing to do REGARDLESS of the outcome of the test.

ALWAYS use a long spoon when supping with the Devil.

The internet is the devil's own banquet, bring suitable flatware or play the stooge, these are the choices.

Modifié par ehye_khandee, 20 novembre 2012 - 05:25 .