Unofficial Offline Skilltree Calc (Delete the Data folder to update. Stop posting "update please" )
|
What about the 2 Trojans found in the download by virustotal?
Anyone got problems with that? https://www.virustotal.com/de/file/6a6d9343084040cba546d9ff11615a93823b89669f20bc66135febfadf1a57fa/analysis/ Última edição por Eisensaft#4781 em 25 de mai. de 2013 07:45:25
|
|
" Ya any newb who downloads on offline skill calculator should be totally suspicious. Only a newb would download this. Theres a free skill calculator right here on the forums no download required. IGN: lVlage (96 Witch) Última edição por lVlage#3413 em 25 de mai. de 2013 22:42:35
|
|
|
Reports of viruses in several links on this thread, I have notified support, locked for now.
I'd advise against using anything in this thread. "the premier Action RPG for hardcore gamers."
-GGG Happy hunting/fishing |
|
" That's a false positive. The file called d3d9caps.dat is used by Windows Presentation Foundation SDK to store D3D capabilities, but also by a half-dozen trojans (fake AV mostly). This is not the virus file, but the legitimate version. This patch fixes an issues people had with the legitimate file: http://support.microsoft.com/kb/955692. I've skimmed the source, and I've also run this in a VM to test it out, nothing fishy anywhere. Here are your false positives: https://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader9.7759.html http://about-threats.trendmicro.com/us/malware/troj_gen As you can see the generic trend micro trojan page doesn't say anything, but the Dr Web actually discloses the details of how the program seems suspicious to them.
Spoiler
Virus Name : Trojan.DownLoader9.7759
Named By : Dr.Web Modifies file system : Creates the following files: <Current directory>\debug.txt <SYSTEM32>\d3d9caps.tmp <SYSTEM32>\d3d9caps.dat Deletes the following files: <SYSTEM32>\d3d9caps.dat Moves the following files: from <SYSTEM32>\d3d9caps.tmp to <SYSTEM32>\d3d9caps.dat Network activity: Connects to: 'www.pa###fexile.com':80 'wp#d':80 TCP: HTTP GET requests: www.pa###fexile.com/passive-skill-tree/ wp#d/wpad.dat UDP: DNS ASK www.pa###fexile.com DNS ASK wp#d Miscellaneous: Searches for the following windows: ClassName: 'Shell_TrayWnd' WindowName: '' ClassName: 'SysListView32' WindowName: '' Edit: here's another good point about the trend micro being a false positive. They have paid software, but only their free online applet thing which they use to get people to buy their software reports it. " Última edição por ionface#0613 em 26 de mai. de 2013 04:48:58
|
|
|
thanks ionface!
"the premier Action RPG for hardcore gamers."
-GGG Happy hunting/fishing |
|
|
I think its fishy because in the source they are linking to some 3rd party poe site:
http://poezone.ru/ Also virus definitions aren't really reliable at all. ;/ They are only effective at detecting known threats. IGN: lVlage (96 Witch) Última edição por lVlage#3413 em 26 de mai. de 2013 02:31:32
|
|
|
Maybe that was before your time, but some time ago in the Beta, this Post had an Online Skilltree Calculator: http://www.pathofexile.com/forum/view-thread/17473
And in order to support our fellow exiles, we added an "import" button for poezone.ru-builds. The most suspicious stuff we're doing is downloading the skilltree and builds from the internet and saving builds to the disk. The source is free and open-source, everyone is welcome to read it, to add to it, to fix it. What else can we do to falsify the malware-charges? Unofficial Offline Skilltree Tool by Headhorr and me:
http://www.pathofexile.com/forum/view-thread/19723 kenzen naru tamashii wa, kenzen naru seishin to, kenzen naru nikutai ni yadoru. |
|
" We need video. Stream yourself writing out the source code and compiling this. It's the only way to be sure. |
|
" Sorry but I fail to understand. You cannot possibly mean the _whole_ code, right? And compiling is like hitting F6 and then copying the resulting .exe. Not much of a proof. Maybe a little explanation which part of the code does what may be better, because the only _real_ way to be sure should be reading the code and then compiling it yourself. Besides, it's not really that big: https://code.google.com/p/path-of-exile-skilltree-planer/source/browse/#git%2FWPFSKillTree The only two really suspicious things are the two .dll files that are committed, Newtonsoft.Json.dll and Raven.Json.dll. These are two libraries for parsing JSON which is the format in which the official skilltree is saved. Newtonsoft JSON http://james.newtonking.com/projects/json-net.aspx Raven JSON https://github.com/ravendb/Raven.Json Unofficial Offline Skilltree Tool by Headhorr and me: http://www.pathofexile.com/forum/view-thread/19723 kenzen naru tamashii wa, kenzen naru seishin to, kenzen naru nikutai ni yadoru. Última edição por ArtificialMind#7315 em 26 de mai. de 2013 05:16:07
|
|
|
Point is there is no real way to tell if the source is actually the compiled exe.
Use at your own risk I would say. IGN: lVlage (96 Witch) Última edição por lVlage#3413 em 26 de mai. de 2013 11:10:32
|
|
