Unofficial Offline Skilltree Calc (Delete the Data folder to update. Stop posting "update please" )
|
What about the 2 Trojans found in the download by virustotal?
Anyone got problems with that? https://www.virustotal.com/de/file/6a6d9343084040cba546d9ff11615a93823b89669f20bc66135febfadf1a57fa/analysis/ Last edited by Eisensaft on May 25, 2013, 7:45:25 AM
| |
" Ya any newb who downloads on offline skill calculator should be totally suspicious. Only a newb would download this. Theres a free skill calculator right here on the forums no download required. IGN: lVlage (96 Witch) Last edited by lVlage on May 25, 2013, 10:42:35 PM
| |
|
Reports of viruses in several links on this thread, I have notified support, locked for now.
I'd advise against using anything in this thread. "the premier Action RPG for hardcore gamers."
-GGG Happy hunting/fishing |
|
" That's a false positive. The file called d3d9caps.dat is used by Windows Presentation Foundation SDK to store D3D capabilities, but also by a half-dozen trojans (fake AV mostly). This is not the virus file, but the legitimate version. This patch fixes an issues people had with the legitimate file: http://support.microsoft.com/kb/955692. I've skimmed the source, and I've also run this in a VM to test it out, nothing fishy anywhere. Here are your false positives: https://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader9.7759.html http://about-threats.trendmicro.com/us/malware/troj_gen As you can see the generic trend micro trojan page doesn't say anything, but the Dr Web actually discloses the details of how the program seems suspicious to them.
Spoiler
Virus Name : Trojan.DownLoader9.7759
Named By : Dr.Web Modifies file system : Creates the following files: <Current directory>\debug.txt <SYSTEM32>\d3d9caps.tmp <SYSTEM32>\d3d9caps.dat Deletes the following files: <SYSTEM32>\d3d9caps.dat Moves the following files: from <SYSTEM32>\d3d9caps.tmp to <SYSTEM32>\d3d9caps.dat Network activity: Connects to: 'www.pa###fexile.com':80 'wp#d':80 TCP: HTTP GET requests: www.pa###fexile.com/passive-skill-tree/ wp#d/wpad.dat UDP: DNS ASK www.pa###fexile.com DNS ASK wp#d Miscellaneous: Searches for the following windows: ClassName: 'Shell_TrayWnd' WindowName: '' ClassName: 'SysListView32' WindowName: '' Edit: here's another good point about the trend micro being a false positive. They have paid software, but only their free online applet thing which they use to get people to buy their software reports it. " Last edited by ionface on May 26, 2013, 4:48:58 AM
| |
|
thanks ionface!
"the premier Action RPG for hardcore gamers."
-GGG Happy hunting/fishing |
|
|
I think its fishy because in the source they are linking to some 3rd party poe site:
http://poezone.ru/ Also virus definitions aren't really reliable at all. ;/ They are only effective at detecting known threats. IGN: lVlage (96 Witch) Last edited by lVlage on May 26, 2013, 2:31:32 AM
| |
|
Maybe that was before your time, but some time ago in the Beta, this Post had an Online Skilltree Calculator: http://www.pathofexile.com/forum/view-thread/17473
And in order to support our fellow exiles, we added an "import" button for poezone.ru-builds. The most suspicious stuff we're doing is downloading the skilltree and builds from the internet and saving builds to the disk. The source is free and open-source, everyone is welcome to read it, to add to it, to fix it. What else can we do to falsify the malware-charges? Unofficial Offline Skilltree Tool by Headhorr and me:
http://www.pathofexile.com/forum/view-thread/19723 kenzen naru tamashii wa, kenzen naru seishin to, kenzen naru nikutai ni yadoru. |
|
" We need video. Stream yourself writing out the source code and compiling this. It's the only way to be sure. | |
" Sorry but I fail to understand. You cannot possibly mean the _whole_ code, right? And compiling is like hitting F6 and then copying the resulting .exe. Not much of a proof. Maybe a little explanation which part of the code does what may be better, because the only _real_ way to be sure should be reading the code and then compiling it yourself. Besides, it's not really that big: https://code.google.com/p/path-of-exile-skilltree-planer/source/browse/#git%2FWPFSKillTree The only two really suspicious things are the two .dll files that are committed, Newtonsoft.Json.dll and Raven.Json.dll. These are two libraries for parsing JSON which is the format in which the official skilltree is saved. Newtonsoft JSON http://james.newtonking.com/projects/json-net.aspx Raven JSON https://github.com/ravendb/Raven.Json Unofficial Offline Skilltree Tool by Headhorr and me: http://www.pathofexile.com/forum/view-thread/19723 kenzen naru tamashii wa, kenzen naru seishin to, kenzen naru nikutai ni yadoru. Last edited by ArtificialMind on May 26, 2013, 5:16:07 AM
|
|
|
Point is there is no real way to tell if the source is actually the compiled exe.
Use at your own risk I would say. IGN: lVlage (96 Witch) Last edited by lVlage on May 26, 2013, 11:10:32 AM
|
