Re: Re: setup.exe hijacked?

Re: Re: setup.exe hijacked?

[Michael PARKER]

Greg, Dave,

A repeat of my activities earlier (file download via IE8 *and* wget) shows the problem to have now gone away.

I've still got a copy of the "bad" file - same file size as the "good" setup.exe but with a earlier timestamp:

-rwx------+  1 585728 Aug  5  2008 setup.exe_bad*
-rwx------+  1 585728 Sep 10 11:56 setup.exe* 

A "file" (OK, not difficult to fool) shows both to be:

MS-DOS executable PE  for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

---

A browser hijack is possible (and something I'll look into), although the fact I'm now able to download without problem (via both IE8 and wget) suggests otherwise. I've not rebooted in the meantime and besides, a download via wget was giving the same problem earlier. This latter observation may be explained by local proxy caching, though.

The fact that the "bad" setup.exe crashed when executed suggests it might be corrupted in some way. Could some form of proxy issue result in transient data from two independent sources (the genuine setup.exe plus some transient "ebuddy" traffic) being merged into a single file?

Interestingly, I see multiple WinXP crash dialogs when attmpting to run the "bad" executable. Not something I've seen with other crashing applications before. 

If either of you guys are sufficiently interested, I can send over a gzip'ed copy of the bad file.

Thanks for the interest,

Mike





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple