Go Back   Cockos Incorporated Forums > REAPER Forums > REAPER General Discussion Forum

Reply
 
Thread Tools Display Modes
Old 08-11-2012, 09:07 AM   #1
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default Panda Cloud Antivirus is blocking the download page

Panda Cloud Antivirus Safe Search Protection says -

============
The page has been blocked as it contains malware or exploits

The Web page you are trying to access contains malware and exploits that could infect your computer.
We advise you not to continue visiting this page.
=========

Just thought you might like to know.

It happens whenever I click on the win32 or win64 download buttons for REAPER. But not the Mac buttons for REAPER.


This is not the full version of Panda Antivirus, but the url toolbar filtering component.
Codey is offline   Reply With Quote
Old 08-11-2012, 09:23 AM   #2
richie43
Human being with feelings
 
Join Date: Dec 2009
Location: Minnesota
Posts: 9,090
Default

Quote:
Originally Posted by Codey View Post
Panda Cloud Antivirus Safe Search Protection says -

============
The page has been blocked as it contains malware or exploits

The Web page you are trying to access contains malware and exploits that could infect your computer.
We advise you not to continue visiting this page.
=========

Just thought you might like to know.

It happens whenever I click on the win32 or win64 download buttons for REAPER. But not the Mac buttons for REAPER.


This is not the full version of Panda Antivirus, but the url toolbar filtering component.
There was just another thread regarding Panda and the Cocos site. The issue is not with the Reaper site, I assure you. In fact, if I remember correctly, the people who had the same issue were also mildly infected with some other malware.... Try running a quick scan with the free Malwarebytes. I don't think Panda is so terrible, but I think you are infected with a redirect virus that is either associated with panda or just let in by Panda. But the Reaper downloads are all safe. Good luck.applications, they are known carriers of varios computer nasties.
My advice though is to avoid any tool-bar style
__________________
The Sounds of the Hear and Now.
richie43 is offline   Reply With Quote
Old 08-11-2012, 09:48 AM   #3
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default

Sorry, I did a quick search to see if it had come up before, but missed it.

I just scanned this computer with Hitman Pro which uses four or five respected AV engines on the cloud. I scanned with an up to date Malwarebytes. I scanned with SuperAntiSpyware also.
Plus a quick scan with an up to date MSE, which runs in real time anyway.

I did this about two hours ago.

I have an up to date MVPS hosts file. Also Norton DNS. On the browser I have adblock, wot, browser protect and ghostery as addons with java disabled.


Then again, you never know ;-). This is the first time Panda has come up with anything. It is pretty unobtrusive and very well respected in the security world as another line of defense, so I think it must just be a false positive. I'm going to take your advice though and spend the next few hours scanning with some rescue disks in Linux just to be sure.

Thanks for the heads up and sorry for the repeat post. ;-)
Codey is offline   Reply With Quote
Old 08-11-2012, 09:57 AM   #4
richie43
Human being with feelings
 
Join Date: Dec 2009
Location: Minnesota
Posts: 9,090
Default

Quote:
Originally Posted by Codey View Post
Sorry, I did a quick search to see if it had come up before, but missed it.

I just scanned this computer with Hitman Pro which uses four or five respected AV engines on the cloud. I scanned with an up to date Malwarebytes. I scanned with SuperAntiSpyware also.
Plus a quick scan with an up to date MSE, which runs in real time anyway.

I did this about two hours ago.

I have an up to date MVPS hosts file. Also Norton DNS. On the browser I have adblock, wot, browser protect and ghostery as addons with java disabled.


Then again, you never know ;-). This is the first time Panda has come up with anything. It is pretty unobtrusive and very well respected in the security world as another line of defense, so I think it must just be a false positive. I'm going to take your advice though and spend the next few hours scanning with some rescue disks in Linux just to be sure.

Thanks for the heads up and sorry for the repeat post. ;-)
Not a problem. On a side-note... You sure have alot of AV crap running! Too mnay can be a conflict, but that's my take on it.....
__________________
The Sounds of the Hear and Now.
richie43 is offline   Reply With Quote
Old 08-11-2012, 10:01 AM   #5
dea-man
Human being with feelings
 
dea-man's Avatar
 
Join Date: Oct 2009
Posts: 6,290
Default You have.....

Quote:
Originally Posted by Codey View Post
Panda Cloud Antivirus Safe Search Protection says -

============
The page has been blocked as it contains malware or exploits

The Web page you are trying to access contains malware and exploits that could infect your computer.
We advise you not to continue visiting this page.
=========

Just thought you might like to know.

It happens whenever I click on the win32 or win64 download buttons for REAPER. But not the Mac buttons for REAPER.


This is not the full version of Panda Antivirus, but the url toolbar filtering component.
...a virus. Sorry.
__________________
"F" off.
dea-man is offline   Reply With Quote
Old 08-11-2012, 10:49 AM   #6
Gerry P
Human being with feelings
 
Gerry P's Avatar
 
Join Date: Jan 2009
Location: Ontario, Canada
Posts: 1,459
Default

Here is how I was able solve my problem:

http://forum.cockos.com/showthread.php?t=107150 #13
__________________
The future ain't what it used to be. Yogi Berra
Gerry P is offline   Reply With Quote
Old 08-11-2012, 10:50 AM   #7
bluzkat
Human being with feelings
 
bluzkat's Avatar
 
Join Date: Jun 2007
Location: Northern Michigan
Posts: 6,919
Default

Quote:
Originally Posted by richie43 View Post
On a side-note... You sure have alot of AV crap running!
That's an understatement... may I recommend that you dump all that stuff and replace it with:

eSet Smart Security.

I have used this for several years and its very low on resources and very effective. This is not a 'free' product but there is a 30 day free trial.

Try out eSet's 'online' scanner while you're there.


__________________
Peace...
bluzkat
bluzkat is offline   Reply With Quote
Old 08-11-2012, 10:53 AM   #8
Gerry P
Human being with feelings
 
Gerry P's Avatar
 
Join Date: Jan 2009
Location: Ontario, Canada
Posts: 1,459
Default

Quote:
Originally Posted by bluzkat View Post
eSet Smart Security

I have used this for several years and its very low on resources and very effective. This is not a 'free' product but there is a 30 day free trial.
+1 for eset - I too have used this for several years and have never had issues...with either viruses or with recording...
__________________
The future ain't what it used to be. Yogi Berra
Gerry P is offline   Reply With Quote
Old 08-11-2012, 11:11 AM   #9
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default

Quote:
Originally Posted by richie43 View Post
Not a problem. On a side-note... You sure have alot of AV crap running! Too mnay can be a conflict, but that's my take on it.....


Er, that is mostly on demand stuff, with only one real time av running.
I work in the security world, fixing and cleaning computers.

You said I had a lot of AV crap running, but there is only one AV program there - MSE, so no, and besides all those programs are 100 percent compatible as certified not just by the people that develop the programs, but the hardest core security geeks on the planet - Wilderssecurity. Months and months of research went into the checking of this.

This isn't my machine anyway. On my machine I don't even need to run AV because I have my system hardened at such a low level that it is not necessary. You'll find that the most advanced users use a multi-tier approach to security and that is where updating your hosts file and using dns blocking (Norton), to give just two examples, is the way to go. Also many other security features such as HIPS and sandboxing, plus EMET. Plus a whole lot more. EMET, for example, just one of the programs used, uses low level system security features built into windows itself - Data Execution Prevention, Address Space Layout Randomisation and Structured Exception Handler Overwrite Protection, to name but three. It's the only way to protect against 0 day stuff. Who needs AV when you have that little lot when you have a Host Intrusion Protection System running too? And all at virtually no performance hit unlike an AV. Invisible and super powerful protection, mind you, you have to study and research it for years to be able to implement it. But some of us have taken the time...

Let me pause for air ;-).

Anyway, thanks for the advice, but there was only ONE Anti-Virus program there running in real time. Not a lot of crap as you said. ;-) Just ONE.
Don't confuse Anti-Virus with Anti-Malware, with domain blocking, anti-phishing etc etc.... In fact you can run more than one Anti-Virus at once in real time, with little performance hit. But you have to be very very sure which ones play nice together and then make exceptions in their execution just to make sure things don't get confused between them.


Hopefully my little rant will prove educational and not inflammatory - I am on your side chaps, a very happy and satisfied customer of Cockos, whose developers I hold in the highest regard. Even you grubby little lot I hold a little affection for ;-) and I just want to keep you all safe and warm at night....


It's nearly time for my meds. But before I go I just want to say what I think has happened here:

This is not anything to do with phishing. There is no redirect trojan.
Panda security is an extremely well respected company in the security field. In fact, I figured out what was happening, and so confident was I in fact of my conclusion, that I went ahead and clicked all the way through and downloaded the file. No phishing. No re-directs. No virus. No malware. Just a false positive from Panda. Maybe someone from Cockos should have a word with them to sort it out. We all make mistakes.

Not one person has said the name of this virus/trojan. If someone has identified it, then please say what it was and what program found it.
I am open to being proved wrong, because that is how I learn about security. The file I downloaded was good. I (on demand) checked it with about 10 scanners. The re-direct to the Panda page you talked about happens because that is HOW THE PROGRAM WORKS. It stops you from going to the dodgy page and re-directs you to their secure servers.

Has no one taken the time to sort this out or get to the bottom of it?

Btw, the direct link that Ollie gave in the other post about this worked perfectly. I did a quick clean of the machine and restarted and the problem disappeared. But then I clicked on the win32 and win64 buttons again and it then came back blocking it. As I said the Mac download buttons never get blocked. Nothing is being re-directed anywhere, the URI for the win32 and win64 download of REAPER have been flagged by Panda security as malicious. It is a false positive that's all.


So anyone still maintaining this is a virus, can you please tell me the name of it, or at least the generic family, and how you found it and with what program, and how you cleaned it up.


Thanks. I genuinely come in peace and would love to know if I am wrong.
Maybe I am. It wouldn't be the first time. ;-+

On another side note, how about somebody from Cockos emailing the guys at Panda - they have excellent customer service - and we clear this up once and for all.


Good day Gentlemen I thank you for your concern, as I hope you will thank me for mine.

:-}
Codey is offline   Reply With Quote
Old 08-11-2012, 11:24 AM   #10
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default

Thanks for the help.

I am familiar with ESET. It is a superb bit of kit and I put it onto quite a few machines where people are prepared to pay and where they are not intimidated by the interface (as simple as we may find it - an OAP would be headf****)


I have this system hardened at the lowest level so I know for a fact there are no viruses or trojans. In fact, the ONE Anti-Virus in real time I have running is not needed, but an extra layer of security.

This is not my machine we are talking about - it is someone who is not very well and needs everything automatic. I run no AV and no Anti-Malware on my main DAW - not even connected to net. It is system hardened at the lowest level with 10 times more protection than any AV could give.


But yes, Eset Nod is one of the best AV available and well worth the money. You have excellent taste Gentlemen ;-}


True security is tailored to the individual and their needs, with it ultimately being a balance between transparency (ease of use), cost and how paranoid one wants to be.
Codey is offline   Reply With Quote
Old 08-11-2012, 01:51 PM   #11
Codey
Human being with feelings
 
Join Date: Sep 2010
Posts: 87
Default

Just finished an online scan with the Eset tool.

Never used it before. Heard about it but never tried it.
Excellent stuff. No threats found.

I don't know what more I can do, really.


Oh, I forgot to mention I have Spybot Search and Destroy on this system as well as all the other stuff. It's slow as hell, not great detection rates and slows down startup, so I turn all those modules off. I use it occasionally to 'immunize' the system against known threats. Another layer of defence that has no performance or compatibility issues.

Doesn't cost anything and doesn't hurt. Once a month, I'll usually do a quick scan with TDSSKiller at this point too.


The machine boots in a minute or so and everything opens the instant you click on it - not bad for a machine that is nearly five years old.


If I get the time, I'll email the bods at Panda and get them to look into this little problem some people have had. I'm sure they would be interested. I really don't have a clue why this is happening either...

I have downloaded the so called 'infected' file, from the so called 'infected' web page. I'm going to install it now, non-sandboxed. If it comes back to bite me on the botty, you'll be the first to know.

:-}
Codey is offline   Reply With Quote
Old 08-11-2012, 03:43 PM   #12
richie43
Human being with feelings
 
Join Date: Dec 2009
Location: Minnesota
Posts: 9,090
Default

I still think that you have some low level virus. This sounds like what is known as a redirect. Did you run Malwarebytes in safe mode, by any chance?
__________________
The Sounds of the Hear and Now.
richie43 is offline   Reply With Quote
Old 08-11-2012, 05:47 PM   #13
hopi
Human being with feelings
 
hopi's Avatar
 
Join Date: Oct 2008
Location: Right Hear
Posts: 15,618
Default

Quote:
We all make mistakes.
speak for yerself, ..or as Tonto said to the Lone Ranger, "Whatchumean 'we' white man"?
__________________
...should be fixed for the next build... http://tinyurl.com/cr7o7yl
https://soundcloud.com/hopikiva
hopi is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 01:46 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.