|
JP1 Remotes
|
View previous topic :: View next topic |
Author |
Message |
ElizabethD Advanced Member
Joined: 09 Feb 2004 Posts: 2348
|
Posted: Thu Nov 21, 2019 11:31 pm Post subject: Odd file in 6131 1K extender - please jog your memory |
|
|
I have 6131_1KEx1\ft.exe which is in my extenders directory for 6131 for 1K remotes.
Looks like it was made in 2004.
In the 2K extender for 6131 there is no such file. Nor in any other extenders.
Any idea what ft.exe was about? _________________ Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride |
|
Back to top |
|
|
ElizabethD Advanced Member
Joined: 09 Feb 2004 Posts: 2348
|
Posted: Tue Nov 26, 2019 9:54 am Post subject: |
|
|
There is a suspicion that this file contains backdoor trojan.
I don't think so, but I'm not well versed in security.
It is a file date-time editor done in cmd window.
Not needed really. Perhaps removing this file inside this extender zip file would make sense so future users (if any) wouldn'tget security alerts. _________________ Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21237 Location: Chicago, IL |
Posted: Tue Nov 26, 2019 6:45 pm Post subject: |
|
|
I'm no extender expert, but I don't recall any of them coming with any sort of .exe file, so I would also be suspicious. Is this just in your copy, or are you saying that it's part of a file over here? _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
ElizabethD Advanced Member
Joined: 09 Feb 2004 Posts: 2348
|
Posted: Tue Nov 26, 2019 9:45 pm Post subject: |
|
|
I just downloaded the zip file which I'm sure is the same what's on my XP. Mike's last updates were Jan 6, 2006, with that ft file from 2004.
http://www.hifi-remote.com/forums/dload.php?action=file&file_id=1692
and it does include ft.exe.
It all started with a EEK (emsisoft) scan I did on a directory copied from XP.
Quote: | M:\JP1\Extenders\6131_1KEx1.zip -> ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd]
M:\JP1\Extenders\6131_1KEx1\ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd] |
I followed up on Virus Total where 33 engines claim backdoor. My file's MD5 and SHA1 hashes match what VT examined. They also reported that it loads rpcrt4.dll. Well, on XP it didn't load any such thing when I tried it. I never saw or used it before, hence this thread. _________________ Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21237 Location: Chicago, IL |
Posted: Tue Nov 26, 2019 10:09 pm Post subject: |
|
|
Yeah, I read Mike's notes, there's no mention of ft.exe, so I have removed it from the zip file. Normally I'd say to ask Mike about it, but he last visited here back in 2015.
Here's some discussion that I found on the web:
https://discussions.apple.com/thread/4303162 _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|