outtaspace Posted February 7, 2013 Posted February 7, 2013 Ive seen a couple of threads like this recently, tonight my virus checker (mcaffee) quaranteed a virus in the SL texture cache too.Virus name: VPP.728I was just out exploring SL, looking around a new place ive never been before then a virus alert pops up..ETA: i found the texture UUID in the quarantined folder..3f8de024-1166-fea6-8ace-43fee5c5db83.texturei also just ive got a couple more of these from end of last year Anyone else want to check it out, here is th SLURL http://maps.secondlife.com/secondlife/Zale/97/110/26go down to the water and there is a platform with a big fire on it, last things i saw was the fire and the 2 arcade games before i got the alert
Ted McGregor Posted February 7, 2013 Posted February 7, 2013 Most likely a false positive by your virusscanner. Could you tell us the exact filename containing the virus ? Delete the quarantined file. Delete your SL cache and rescan your system again. Revisit the place and see if your virusscanner gets triggered again. Hope you will let us know results from that. ETA : Concerned virus infection : http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=116084 ETA2 : Visited this place you suggested, went to the gambling machines and campfire and waited till everything in my sight was loaded. Quit the SL Viewer. Scanned cache folders immediately afterwards with Clam AV ( with current virusdefinitions ). In below image you can see said file residing in my texture cache folder. Scanned files : 2060 Found threats : 0
Janelle Darkstone Posted February 7, 2013 Posted February 7, 2013 I dropped by. MSE didn't seem to pick up anything. *shrug*
outtaspace Posted February 7, 2013 Author Posted February 7, 2013 must just be mcaffee then, you got a very nice pic from it though
161488303349 Posted February 7, 2013 Posted February 7, 2013 bc like you say this been coming up on here quite a bit now. I done some research. like I open up a normal jpg file and a linden texture file in a hex editor + here is the jpg. can see that it have a JFIF header and is encoded with the jpeg format algo + here is the linden texture file. can see that it encoded differently by a linden custom encoding format algo which effectively produce "random" data output files + therefore can conclude that if anything ever was embedded in a standard jpg (or any other image format) and uploaded to SL then is going to end up being re-encoded into the linden format and stored on your hard disk which means that the embed not going to be picked up by any virus scanning program bc of the randomize nature of the linden encoder if a linden texture file is signaled as a virus then is a false positive and is not an actual virus or anything really. bc the linden texture file is just a bunch of random bytes to anything other than the linden texture decoder algo
Janelle Darkstone Posted February 7, 2013 Posted February 7, 2013 Then again.... maybe it was the virus. Or maybe even The Virus, seeing as how empty Second Life seems to be sometimes. I honestly think the entire grid should be one big zombie shooting zone sometimes since you're more likely to encounter a bot zombie than a real, live person. Here's what Real Life looks like: Here's what Second Life looks like: (aaaagghhh!!)
Ansariel Hiller Posted February 7, 2013 Posted February 7, 2013 16 wrote: therefore can conclude that if anything ever was embedded in a standard jpg (or any other image format) and uploaded to SL then is going to end up being re-encoded into the linden format and stored on your hard disk which means that the embed not going to be picked up by any virus scanning program bc of the randomize nature of the linden encoder if a linden texture file is signaled as a virus then is a false positive and is not an actual virus or anything really. bc the linden texture file is just a bunch of random bytes to anything other than the linden texture decoder algo Of course the file format of textures downloaded by the viewer is different because they're in JPEG2000 format!
161488303349 Posted February 7, 2013 Posted February 7, 2013 Ansariel Hiller wrote: 16 wrote: therefore can conclude that if anything ever was embedded in a standard jpg (or any other image format) and uploaded to SL then is going to end up being re-encoded into the linden format and stored on your hard disk which means that the embed not going to be picked up by any virus scanning program bc of the randomize nature of the linden encoder if a linden texture file is signaled as a virus then is a false positive and is not an actual virus or anything really. bc the linden texture file is just a bunch of random bytes to anything other than the linden texture decoder algo Of course the file format of textures downloaded by the viewer is different because they're in JPEG2000 format! yes the OP question was how come the virus detection program signaled a linden texture file in the SL cache as being a virus. add: on his hard disk
Ansariel Hiller Posted February 7, 2013 Posted February 7, 2013 16 wrote: the OP question was how come the virus detection program signaled a linden texture file in the SL cache as being a virus. add: on his hard disk Easy: False positive by crappy virus scanner!
Perrie Juran Posted February 7, 2013 Posted February 7, 2013 Ansariel Hiller wrote: 16 wrote: the OP question was how come the virus detection program signaled a linden texture file in the SL cache as being a virus. add: on his hard disk Easy: False positive by crappy virus scanner! It had been a while since I had looked at AV ratings. While I do take the ratings with a grain of salt, the highest rating I could find for McAfee on a list was #7. It didn't make the top ten on several!
161488303349 Posted February 7, 2013 Posted February 7, 2013 Ansariel Hiller wrote: 16 wrote: the OP question was how come the virus detection program signaled a linden texture file in the SL cache as being a virus. add: on his hard disk Easy: False positive by crappy virus scanner! yes my entire research effort consist of open up the two dif types of files with a hex editor and post a pic of each then make a explanation of the process that linden uses to store cached image files. sometimes pics makes it easier to follow. for people who dunno about these kinda things hopefully if it happens again to someone else who read this thread they will go ok and not worry about it to much. if they get a false positive in the same way from their virus scanner + is actual quite rare for a virus scanner program to chuck up a warning on these bc most programs/files etc have a recognized format. if randomize tho then is possible to create collisions. while rare they do happen can see the collisions works the same way as Lotto. chances of winning the zillion dollar lotto prize is even more zillion times to 1. but play long enough then someone somewhere will eventually win it
GothGirl Demonia Posted February 10, 2013 Posted February 10, 2013 This could be a false postive due to the fact certain microsoft install programs like redist have similar codes when installing it tends to install to a random disk drive with a number like such so some virsus use long ID's and maybe the coding or the ID matches a defintion in the antivirus. You can freely clear your cache though although I am not sure texture virsus can spread through SL I would avoid using Media, or Browsing websites in Second Life just to be safe. A few peeps I know of say virus can spread through .JPG files and such however not sure its true but if it is its best to watch what you save on your pc from the internet for example.
Amie Kaestner Posted February 16, 2013 Posted February 16, 2013 Can you use a hex editor to view textures? Do those numbers and letters represent all the colours that make up the image?
Phil Deakins Posted February 16, 2013 Posted February 16, 2013 You can use a hex editor to viewer any type of file because all files are made up of "those numbers and letters". They are actually all numbers. Hex (hexadecimal) is a number system that is 16 based. The decimal number system is 10 based:- 0 1 2 3 4 5 6 7 8 9 - 10 of them before returning to 0 - ... 7 8 9 10 11 12 etc. Hexadecimal is 0 1 2 3 4 5 6 7 8 9 A B C D E F - 16 of them before retunring to 0 - ... 7 8 9 A B C D E F 10 11 12 etc. A to F are used as numbers.
161488303349 Posted February 17, 2013 Posted February 17, 2013 Amie Kaestner wrote: Can you use a hex editor to view textures? Do those numbers and letters represent all the colours that make up the image? a hex editor lets you look at any file. the numbers are the base16 representation of the encoding of the data and structure of the bytes in it you kinda have to know what the numbers/chars mean for each type of file. files say like jpeg or png or word docs etc all have a header at the start. so it can be read by a program designed to do this. like Office or Paintshop, etc the images I show before I screencap off this hex editor. the Neo free one http://www.hhdsoftware.com/ some professional hex editors are quite smart. they can recognize the types of files and show them in source form. like display in sections. with textual descriptions of each section depending on the file format
Dillon Levenque Posted February 18, 2013 Posted February 18, 2013 Despite years of fooling around dealing with number systems based on powers of 2, until I saw Phil's post just above yours I never realized that might have been significant in your current name choice. But given that, shouldn't you use Fiona or Felicity for a display name? Or do you have special powers that allow you to overlook certain inconsistencies, like the TPC/IP guys: TCP/IP: An IP address of 192.168.0.001 with a subnet mask of 255.255.255.0 indicates that there are 256 addresses beginning with 192.168.0. that can communicate with the device at 192.168.0.001. Student: Why do you say 256? You meant 255, right? TCP/IP: Are you asleep? Did you forget zero is a number? There are 256 numbers from zero to 255 inclusive. PAY ATTENTION! TCP/IP: Now then. Suppose that we change the subnet mask. We'll change it to 255.255.255.252. NOW how many addresses are available that can commincate with the device at 192.168.0.001? Student: 3 TCP/IP: Have you learned nothing? The correct answer is 4. 256 minus 252 equals 4. Student: It's not 256 minus 252. You wrote it yourself. It's 255 minus 252. TCP/IP: It's just written as 255. Anyone with half a brain would realize that really means 256. Unless you start subtracting numbers. Then it all changes. Student: Who do I have to sleep with to get a Drop from this class? Edited to change the starting address to make the rest at least halfway relevant
161488303349 Posted February 18, 2013 Posted February 18, 2013 Dillon Levenque wrote: do you have special powers that allow you to overlook certain inconsistencies, like the TPC/IP guys: Student: It's not 256 minus 252. You wrote it yourself. It's 255 minus 252. TCP/IP: It's just written as 255. Anyone with half a brain would realize that really means 256. Unless you start subtracting numbers. Then it all changes. yes i am special. q; (: but not like TCP Person. I am agree with Student Person. i want to drop out as well bc is 255+1 - 251+1 is clear as muddy creek this kinda arithmetic. but is how can easy make like a zillion dollars an hour. just invent some funny ways of doing stuff and pretend. then charge heaps for deconfuzzle service (:
Perrie Juran Posted February 18, 2013 Posted February 18, 2013 16 wrote: Dillon Levenque wrote: do you have special powers that allow you to overlook certain inconsistencies, like the TPC/IP guys: Student: It's not 256 minus 252. You wrote it yourself. It's 255 minus 252. TCP/IP: It's just written as 255. Anyone with half a brain would realize that really means 256. Unless you start subtracting numbers. Then it all changes. yes i am special. q; (: but not like TCP Person. I am agree with Student Person. i want to drop out as well bc is 255+1 - 251+1 is clear as muddy creek this kinda arithmetic. but is how can easy make like a zillion dollars an hour. just invent some funny ways of doing stuff and pretend. then charge heaps for deconfuzzle service (: next question?
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now