JP1 Remotes Forum Index JP1 Remotes


FAQFAQ SearchSearch 7 days of topics7 Days MemberlistMemberlist UsergroupsUsergroups RegisterRegister
ProfileProfile Log in to check your private messagesLog in to check your private messages Log inLog in

Odd file in 6131 1K extender - please jog your memory

 
Post new topic   Reply to topic    JP1 Remotes Forum Index -> JP1 - General Forum
View previous topic :: View next topic  
Author Message
ElizabethD
Advanced Member


Joined: 09 Feb 2004
Posts: 2348

                    
PostPosted: Thu Nov 21, 2019 11:31 pm    Post subject: Odd file in 6131 1K extender - please jog your memory Reply with quote

I have 6131_1KEx1\ft.exe which is in my extenders directory for 6131 for 1K remotes.
Looks like it was made in 2004.
In the 2K extender for 6131 there is no such file. Nor in any other extenders.
Any idea what ft.exe was about?
_________________
Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride Smile
Back to top
View user's profile Send private message
ElizabethD
Advanced Member


Joined: 09 Feb 2004
Posts: 2348

                    
PostPosted: Tue Nov 26, 2019 9:54 am    Post subject: Reply with quote

There is a suspicion that this file contains backdoor trojan.
I don't think so, but I'm not well versed in security.
It is a file date-time editor done in cmd window.
Not needed really. Perhaps removing this file inside this extender zip file would make sense so future users (if any) wouldn'tget security alerts.
_________________
Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride Smile
Back to top
View user's profile Send private message
The Robman
Site Owner


Joined: 01 Aug 2003
Posts: 21210
Location: Chicago, IL

                    
PostPosted: Tue Nov 26, 2019 6:45 pm    Post subject: Reply with quote

I'm no extender expert, but I don't recall any of them coming with any sort of .exe file, so I would also be suspicious. Is this just in your copy, or are you saying that it's part of a file over here?
_________________
Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help!
Back to top
View user's profile Send private message Visit poster's website
ElizabethD
Advanced Member


Joined: 09 Feb 2004
Posts: 2348

                    
PostPosted: Tue Nov 26, 2019 9:45 pm    Post subject: Reply with quote

I just downloaded the zip file which I'm sure is the same what's on my XP. Mike's last updates were Jan 6, 2006, with that ft file from 2004.
http://www.hifi-remote.com/forums/dload.php?action=file&file_id=1692
and it does include ft.exe.

It all started with a EEK (emsisoft) scan I did on a directory copied from XP.
Quote:
M:\JP1\Extenders\6131_1KEx1.zip -> ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd]
M:\JP1\Extenders\6131_1KEx1\ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd]

I followed up on Virus Total where 33 engines claim backdoor. My file's MD5 and SHA1 hashes match what VT examined. They also reported that it loads rpcrt4.dll. Well, on XP it didn't load any such thing when I tried it. I never saw or used it before, hence this thread.
_________________
Liz
Tweeking 8910, HTPro/9811, C7-7800, 6131o, 6131n, AtlasOCAP-1056B01, RCA-RCRP05B and enjoying the ride Smile
Back to top
View user's profile Send private message
The Robman
Site Owner


Joined: 01 Aug 2003
Posts: 21210
Location: Chicago, IL

                    
PostPosted: Tue Nov 26, 2019 10:09 pm    Post subject: Reply with quote

Yeah, I read Mike's notes, there's no mention of ft.exe, so I have removed it from the zip file. Normally I'd say to ask Mike about it, but he last visited here back in 2015.

Here's some discussion that I found on the web:
https://discussions.apple.com/thread/4303162
_________________
Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help!
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic       JP1 Remotes Forum Index -> JP1 - General Forum All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

Powered by phpBB © 2001, 2005 phpBB Group
Top 7 Advantages of Playing Online Slots The Evolution of Remote Control