Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
beside the lobbying for their AOT compiler a very decent overview. Thanks a lot! How does SkyJump change JRE parameters or such currently modified in the batch file? ... ede On 15.09.2009 23:28, Larry Becker wrote: Here is an article that thoroughly explains the choices: http://www.excelsior-usa.com/articles/java-to-exe.html I think the best option for OJ is to go back to installing a desktop shortcut that runs the .bat file. I can't see what advantages the .exe has in OJ. SkyJUMP's exe gives it drag and drop and double-click for shape files and project files. Larry On Tue, Sep 15, 2009 at 10:42 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: Javadoc for the Process class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Process.html Javadoc for the Runtime class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html SS On Tue, Sep 15, 2009 at 8:41 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: This has been a good discussion. I think there are only (at this point) two reasonable solutions: (1) Keep using the batch file. (2) Code a custom executable launcher for OpenJUMP in the C programming language. This launcher would read a configuration file and launch OJ in the JVM. We'd have to compile the C code for each operating system, but we've got to maintain separate launch scripts right now anyways. Here is another theoretical solution: Write a launcher in Java that parses the configuration file and then uses the Runtime object to execute OpenJUMP with the specified parameters. This approach would be easier for me to code than a launcher in C, but I don't know if it would work. (I think it would.) The downside is that it would require that two (2) JVM's be running for OpenJUMP (one for the launcher and one for the actual program) unless I find a way to shutdown the launcher. Maybe this isn't a problem, since OJ may continue running after the launcher's main method terminates. Here is what the Javadoc for the Process class says: The subprocess is not killed when there are no more references to the Process object, but rather the subprocess continues executing asynchronously. Has anyone fooled with this way of launching Java programs before? I can try coding a Java launcher. It would probably take me a couple days (after work or on lunch breaks). A launcher in C will take me a week or two. The Sunburned Surveyor On Mon, Sep 14, 2009 at 11:11 PM, Rahkonen Jukka jukka.rahko...@mmmtike.fi wrote: Hi, For a user like me who must always edit openjump.bat file manually at least for adding proxy settings OJ.exe does not give much extra. It would be nice if program launcher had some kind of configuration assistant for setting proxy and Java settings and perhaps logging level as well. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Stefan Steiniger [mailto:sst...@geo.uzh.ch] Lähetetty: 15. syyskuuta 2009 8:40 Vastaanottaja: OpenJump develop and use Aihe: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini system is something above my skills by now... unfortunately my 2 cents (although a bit biased, avoiding to make a new release ;) stefan Larry Becker schrieb: I believe the Manifest currently being generated includes all of the lib entries. You can run the jar directly, but there is still the issue of the -properties and -plug-in-directory command line parameters, not to mention the -Xms512M, etc. Java OPTS. I can build an executable batch file runner using AutoIt, but some virus programs will flag it too for the same reasons already mentioned. On the other hand, SkyJUMP uses a modified version of the Eclipse runner app, which is (theoretically) cross platform. However the ini file it uses gives far less control over options than some users would like. It would seem that there is no perfect, or even good solution for launching Java apps. regards, Larry On Mon, Sep 14, 2009 at 11:02 AM,edgar.sol...@web.de mailto:edgar.sol...@web.de wrote: well, it is a tradeoff, pro is the execution of the batch file which allows to change the runtime environment startup variables (even after the startup exe is already created) con is the probable false detection because a windows binary tries to start a batch file ... What is really needed is a configurable launcher. Recent java runtime environments setup windows and others to execute jars if a correct
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
That is an impressive bit of Windows API programming. It scares the crap out of this little hobby Java programmer. Nice job Larry. Don't know that I will be duplicating that anytime soon. :] I wish there was a book that explained how to better integrate Java applications into MS Windows and Linux desktop environments with C code. That is a book I would pay to have on my bookshelf. Landon On Wed, Sep 16, 2009 at 6:02 AM, Larry Becker becker.la...@gmail.com wrote: See: startJavaVM in: http://skyjump.cvs.sourceforge.net/viewvc/skyjump/skyjump/launcher/library/win32/eclipseWin.c?view=markup regards, Larry On Wed, Sep 16, 2009 at 4:35 AM, edgar.sol...@web.de wrote: beside the lobbying for their AOT compiler a very decent overview. Thanks a lot! How does SkyJump change JRE parameters or such currently modified in the batch file? ... ede On 15.09.2009 23:28, Larry Becker wrote: Here is an article that thoroughly explains the choices: http://www.excelsior-usa.com/articles/java-to-exe.html I think the best option for OJ is to go back to installing a desktop shortcut that runs the .bat file. I can't see what advantages the .exe has in OJ. SkyJUMP's exe gives it drag and drop and double-click for shape files and project files. Larry On Tue, Sep 15, 2009 at 10:42 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: Javadoc for the Process class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Process.html Javadoc for the Runtime class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html SS On Tue, Sep 15, 2009 at 8:41 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: This has been a good discussion. I think there are only (at this point) two reasonable solutions: (1) Keep using the batch file. (2) Code a custom executable launcher for OpenJUMP in the C programming language. This launcher would read a configuration file and launch OJ in the JVM. We'd have to compile the C code for each operating system, but we've got to maintain separate launch scripts right now anyways. Here is another theoretical solution: Write a launcher in Java that parses the configuration file and then uses the Runtime object to execute OpenJUMP with the specified parameters. This approach would be easier for me to code than a launcher in C, but I don't know if it would work. (I think it would.) The downside is that it would require that two (2) JVM's be running for OpenJUMP (one for the launcher and one for the actual program) unless I find a way to shutdown the launcher. Maybe this isn't a problem, since OJ may continue running after the launcher's main method terminates. Here is what the Javadoc for the Process class says: The subprocess is not killed when there are no more references to the Process object, but rather the subprocess continues executing asynchronously. Has anyone fooled with this way of launching Java programs before? I can try coding a Java launcher. It would probably take me a couple days (after work or on lunch breaks). A launcher in C will take me a week or two. The Sunburned Surveyor On Mon, Sep 14, 2009 at 11:11 PM, Rahkonen Jukka jukka.rahko...@mmmtike.fi wrote: Hi, For a user like me who must always edit openjump.bat file manually at least for adding proxy settings OJ.exe does not give much extra. It would be nice if program launcher had some kind of configuration assistant for setting proxy and Java settings and perhaps logging level as well. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Stefan Steiniger [mailto:sst...@geo.uzh.ch] Lähetetty: 15. syyskuuta 2009 8:40 Vastaanottaja: OpenJump develop and use Aihe: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini system is something above my skills by now... unfortunately my 2 cents (although a bit biased, avoiding to make a new release ;) stefan Larry Becker schrieb: I believe the Manifest currently being generated includes all of the lib entries. You can run the jar directly, but there is still the issue of the -properties and -plug-in-directory command line parameters, not to mention the -Xms512M, etc. Java OPTS. I can build an executable batch file runner using AutoIt, but some virus programs will flag it too for the same reasons already mentioned. On the other hand, SkyJUMP uses a modified version of the Eclipse runner app, which
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
On 16.09.2009 17:57, Larry Becker wrote: The launcher is the one from Eclipse. All I had to do was understand it enough to put my own hooks in. well done ... Of course, it could be modified to meet the needs of OJ, but IMHO it is overkill for that task. I agree .. and all differences must be modified and compiled for every platform. Maybe it is possible to replace the platform shell scripts by a java application that is compiled by gcj to platform specific loaders? But still, probably larry is right and the shell scripts do the trick already. Is starting really a issue with newcomers? I don't think so. regards ede regards, Larry On Wed, Sep 16, 2009 at 9:52 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: That is an impressive bit of Windows API programming. It scares the crap out of this little hobby Java programmer. Nice job Larry. Don't know that I will be duplicating that anytime soon. :] I wish there was a book that explained how to better integrate Java applications into MS Windows and Linux desktop environments with C code. That is a book I would pay to have on my bookshelf. Landon On Wed, Sep 16, 2009 at 6:02 AM, Larry Beckerbecker.la...@gmail.com wrote: See: startJavaVM in: http://skyjump.cvs.sourceforge.net/viewvc/skyjump/skyjump/launcher/library/win32/eclipseWin.c?view=markup regards, Larry On Wed, Sep 16, 2009 at 4:35 AM,edgar.sol...@web.de wrote: beside the lobbying for their AOT compiler a very decent overview. Thanks a lot! How does SkyJump change JRE parameters or such currently modified in the batch file? ... ede On 15.09.2009 23:28, Larry Becker wrote: Here is an article that thoroughly explains the choices: http://www.excelsior-usa.com/articles/java-to-exe.html I think the best option for OJ is to go back to installing a desktop shortcut that runs the .bat file. I can't see what advantages the .exe has in OJ. SkyJUMP's exe gives it drag and drop and double-click for shape files and project files. Larry On Tue, Sep 15, 2009 at 10:42 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: Javadoc for the Process class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Process.html Javadoc for the Runtime class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html SS On Tue, Sep 15, 2009 at 8:41 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: This has been a good discussion. I think there are only (at this point) two reasonable solutions: (1) Keep using the batch file. (2) Code a custom executable launcher for OpenJUMP in the C programming language. This launcher would read a configuration file and launch OJ in the JVM. We'd have to compile the C code for each operating system, but we've got to maintain separate launch scripts right now anyways. Here is another theoretical solution: Write a launcher in Java that parses the configuration file and then uses the Runtime object to execute OpenJUMP with the specified parameters. This approach would be easier for me to code than a launcher in C, but I don't know if it would work. (I think it would.) The downside is that it would require that two (2) JVM's be running for OpenJUMP (one for the launcher and one for the actual program) unless I find a way to shutdown the launcher. Maybe this isn't a problem, since OJ may continue running after the launcher's main method terminates. Here is what the Javadoc for the Process class says: The subprocess is not killed when there are no more references to the Process object, but rather the subprocess continues executing asynchronously. Has anyone fooled with this way of launching Java programs before? I can try coding a Java launcher. It would probably take me a couple days (after work or on lunch breaks). A launcher in C will take me a week or two. The Sunburned Surveyor On Mon, Sep 14, 2009 at 11:11 PM, Rahkonen Jukka jukka.rahko...@mmmtike.fi wrote: Hi, For a user like me who must always edit openjump.bat file manually at least for adding proxy settings OJ.exe does not give much extra. It would be nice if program launcher had some kind of configuration assistant for setting proxy and Java settings and perhaps logging level as well. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Stefan Steiniger [mailto:sst...@geo.uzh.ch] Lähetetty: 15. syyskuuta 2009 8:40 Vastaanottaja: OpenJump develop and use Aihe: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Hi, For a user like me who must always edit openjump.bat file manually at least for adding proxy settings OJ.exe does not give much extra. It would be nice if program launcher had some kind of configuration assistant for setting proxy and Java settings and perhaps logging level as well. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Stefan Steiniger [mailto:sst...@geo.uzh.ch] Lähetetty: 15. syyskuuta 2009 8:40 Vastaanottaja: OpenJump develop and use Aihe: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini system is something above my skills by now... unfortunately my 2 cents (although a bit biased, avoiding to make a new release ;) stefan Larry Becker schrieb: I believe the Manifest currently being generated includes all of the lib entries. You can run the jar directly, but there is still the issue of the -properties and -plug-in-directory command line parameters, not to mention the -Xms512M, etc. Java OPTS. I can build an executable batch file runner using AutoIt, but some virus programs will flag it too for the same reasons already mentioned. On the other hand, SkyJUMP uses a modified version of the Eclipse runner app, which is (theoretically) cross platform. However the ini file it uses gives far less control over options than some users would like. It would seem that there is no perfect, or even good solution for launching Java apps. regards, Larry On Mon, Sep 14, 2009 at 11:02 AM, edgar.sol...@web.de mailto:edgar.sol...@web.de wrote: well, it is a tradeoff, pro is the execution of the batch file which allows to change the runtime environment startup variables (even after the startup exe is already created) con is the probable false detection because a windows binary tries to start a batch file ... What is really needed is a configurable launcher. Recent java runtime environments setup windows and others to execute jars if a correct manifest file is included. Maybe we should stop using platform specific workarounds to build classpaths and add memory variables and implement this in a pure java launcher? ... ede On 14.09.2009 17:07, Sunburned Surveyor wrote: This really stinks. Has anyone tried a program like JSmooth? http://jsmooth.sourceforge.net/ Or Janel? http://www.redskaper.com/Janel.jsp I know just enough C programming to be really dangerous. In the worst case scenario I could try whipping up a native launcher for OJ. I'd probably try it first on Linux, and then on MS Windows. The Sunburned Surveyor On Sun, Sep 13, 2009 at 11:48 AM, Giuseppe Aruta giuseppe_ar...@yahoo.it mailto:giuseppe_ar...@yahoo.it wrote: For me it is OK to replace or to eliminate the OJ.exe file Peppe --- Dom 13/9/09, edgar.sol...@web.de mailto:edgar.sol...@web.deedgar.sol...@web.de mailto:edgar.sol...@web.de ha scritto: Da: edgar.sol...@web.de mailto:edgar.sol...@web.deedgar.sol...@web.de mailto:edgar.sol...@web.de Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and usejump-pilot-devel@lists.sourceforge.net mailto:jump-pilot-devel@lists.sourceforge.net Data: Domenica 13 settembre 2009, 13:31 Downloaded the recent version of the converter and redid peppe's steps... interestingly the result still has some hits, obviously the way of executing a batch file during run time is something some malware does similarly. Also the resulting exe file is UPX packed, which is often regarded as suspicious, because viruses often try to cloak themselves by that. http://is.gd/3dvL6 and a more frightening result from the online conversion also offered on the site http://is.gd/3dxKU As I don't know anything about the author of the tool, it is unfortunately not trustworthy and even if these are just false alarms (seems probable, because of the differing results, especially in case one above) I don't think the project should take the risk
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Javadoc for the Process class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Process.html Javadoc for the Runtime class: http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html SS On Tue, Sep 15, 2009 at 8:41 AM, Sunburned Surveyor sunburned.surve...@gmail.com wrote: This has been a good discussion. I think there are only (at this point) two reasonable solutions: (1) Keep using the batch file. (2) Code a custom executable launcher for OpenJUMP in the C programming language. This launcher would read a configuration file and launch OJ in the JVM. We'd have to compile the C code for each operating system, but we've got to maintain separate launch scripts right now anyways. Here is another theoretical solution: Write a launcher in Java that parses the configuration file and then uses the Runtime object to execute OpenJUMP with the specified parameters. This approach would be easier for me to code than a launcher in C, but I don't know if it would work. (I think it would.) The downside is that it would require that two (2) JVM's be running for OpenJUMP (one for the launcher and one for the actual program) unless I find a way to shutdown the launcher. Maybe this isn't a problem, since OJ may continue running after the launcher's main method terminates. Here is what the Javadoc for the Process class says: The subprocess is not killed when there are no more references to the Process object, but rather the subprocess continues executing asynchronously. Has anyone fooled with this way of launching Java programs before? I can try coding a Java launcher. It would probably take me a couple days (after work or on lunch breaks). A launcher in C will take me a week or two. The Sunburned Surveyor On Mon, Sep 14, 2009 at 11:11 PM, Rahkonen Jukka jukka.rahko...@mmmtike.fi wrote: Hi, For a user like me who must always edit openjump.bat file manually at least for adding proxy settings OJ.exe does not give much extra. It would be nice if program launcher had some kind of configuration assistant for setting proxy and Java settings and perhaps logging level as well. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Stefan Steiniger [mailto:sst...@geo.uzh.ch] Lähetetty: 15. syyskuuta 2009 8:40 Vastaanottaja: OpenJump develop and use Aihe: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini system is something above my skills by now... unfortunately my 2 cents (although a bit biased, avoiding to make a new release ;) stefan Larry Becker schrieb: I believe the Manifest currently being generated includes all of the lib entries. You can run the jar directly, but there is still the issue of the -properties and -plug-in-directory command line parameters, not to mention the -Xms512M, etc. Java OPTS. I can build an executable batch file runner using AutoIt, but some virus programs will flag it too for the same reasons already mentioned. On the other hand, SkyJUMP uses a modified version of the Eclipse runner app, which is (theoretically) cross platform. However the ini file it uses gives far less control over options than some users would like. It would seem that there is no perfect, or even good solution for launching Java apps. regards, Larry On Mon, Sep 14, 2009 at 11:02 AM, edgar.sol...@web.de mailto:edgar.sol...@web.de wrote: well, it is a tradeoff, pro is the execution of the batch file which allows to change the runtime environment startup variables (even after the startup exe is already created) con is the probable false detection because a windows binary tries to start a batch file ... What is really needed is a configurable launcher. Recent java runtime environments setup windows and others to execute jars if a correct manifest file is included. Maybe we should stop using platform specific workarounds to build classpaths and add memory variables and implement this in a pure java launcher? ... ede On 14.09.2009 17:07, Sunburned Surveyor wrote: This really stinks. Has anyone tried a program like JSmooth? http://jsmooth.sourceforge.net/ Or Janel? http://www.redskaper.com/Janel.jsp I know just enough C programming to be really dangerous. In the worst case scenario I could try whipping up a native launcher for OJ. I'd probably try it first
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
This really stinks. Has anyone tried a program like JSmooth? http://jsmooth.sourceforge.net/ Or Janel? http://www.redskaper.com/Janel.jsp I know just enough C programming to be really dangerous. In the worst case scenario I could try whipping up a native launcher for OJ. I'd probably try it first on Linux, and then on MS Windows. The Sunburned Surveyor On Sun, Sep 13, 2009 at 11:48 AM, Giuseppe Aruta giuseppe_ar...@yahoo.it wrote: For me it is OK to replace or to eliminate the OJ.exe file Peppe --- Dom 13/9/09, edgar.sol...@web.de edgar.sol...@web.de ha scritto: Da: edgar.sol...@web.de edgar.sol...@web.de Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and use jump-pilot-devel@lists.sourceforge.net Data: Domenica 13 settembre 2009, 13:31 Downloaded the recent version of the converter and redid peppe's steps... interestingly the result still has some hits, obviously the way of executing a batch file during run time is something some malware does similarly. Also the resulting exe file is UPX packed, which is often regarded as suspicious, because viruses often try to cloak themselves by that. http://is.gd/3dvL6 and a more frightening result from the online conversion also offered on the site http://is.gd/3dxKU As I don't know anything about the author of the tool, it is unfortunately not trustworthy and even if these are just false alarms (seems probable, because of the differing results, especially in case one above) I don't think the project should take the risk of delivering viruses. This leaves to suggest - the binary should be removed from the distribution. I additionally searched for a replacement and found http://www.abyssmedia.com/quickbfc/ which seems to come without UPX compression and only 3 hits on virustotal, from which 2 are heuristical. This could be candidate for a replacement. http://is.gd/3dzL6 .. regards ede On 13.09.2009 07:28, Giuseppe Aruta wrote: Hi all, I am still out for work so I cannot take time for Oenjump. oj.exe: I create a script with only one line openjump.bat, save as oj.bat, and transform nto oj.ee using bat to exe converter by f2ko http://www.f2ko.de/English/index.php;. Peppe --- Mar 8/9/09, Michaël Michaudmichael.mich...@free.fr ha scritto: Da: Michaël Michaudmichael.mich...@free.fr Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and usejump-pilot-devel@lists.sourceforge.net Data: Martedì 8 settembre 2009, 23:33 Hi Stefan, Peppe, I also get a message from my antivirus because of OJ.exe: My antivirus (antivir) says it is : TR/Crypt.ULPM.Gen - Trojan I don't worry much about it, but let's see with Peppe how the OJ.exe has been made and if the alert can be removed by creating a new exe. Michaël Stefan Steiniger a écrit : mhm.. http://www.virustotal.com/analisis/ef8f87e0ebaa203a51f98e1d1e6b68af68ca2ac1b2513181ede852268cceebd0-1252436424 not sure what this means. Actually somebody uploaded it before I did already stefan edgar.sol...@web.de wrote: What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
thanks for the analysis Ede and the comments (Larry et al). Not sure what we are going to do - as I think the risk of a virus is probably small. The question is how to check that properly (with minimal effort ;) A network sniffer? btw. for the earlier versions of OJ.exe we used jsmooth already. But, as others pointed out: Then we can not use the *.bat file for configuration, which is really nice right now. Setting up a proper ini system is something above my skills by now... unfortunately my 2 cents (although a bit biased, avoiding to make a new release ;) stefan Larry Becker schrieb: I believe the Manifest currently being generated includes all of the lib entries. You can run the jar directly, but there is still the issue of the -properties and -plug-in-directory command line parameters, not to mention the -Xms512M, etc. Java OPTS. I can build an executable batch file runner using AutoIt, but some virus programs will flag it too for the same reasons already mentioned. On the other hand, SkyJUMP uses a modified version of the Eclipse runner app, which is (theoretically) cross platform. However the ini file it uses gives far less control over options than some users would like. It would seem that there is no perfect, or even good solution for launching Java apps. regards, Larry On Mon, Sep 14, 2009 at 11:02 AM, edgar.sol...@web.de mailto:edgar.sol...@web.de wrote: well, it is a tradeoff, pro is the execution of the batch file which allows to change the runtime environment startup variables (even after the startup exe is already created) con is the probable false detection because a windows binary tries to start a batch file ... What is really needed is a configurable launcher. Recent java runtime environments setup windows and others to execute jars if a correct manifest file is included. Maybe we should stop using platform specific workarounds to build classpaths and add memory variables and implement this in a pure java launcher? ... ede On 14.09.2009 17:07, Sunburned Surveyor wrote: This really stinks. Has anyone tried a program like JSmooth? http://jsmooth.sourceforge.net/ Or Janel? http://www.redskaper.com/Janel.jsp I know just enough C programming to be really dangerous. In the worst case scenario I could try whipping up a native launcher for OJ. I'd probably try it first on Linux, and then on MS Windows. The Sunburned Surveyor On Sun, Sep 13, 2009 at 11:48 AM, Giuseppe Aruta giuseppe_ar...@yahoo.it mailto:giuseppe_ar...@yahoo.it wrote: For me it is OK to replace or to eliminate the OJ.exe file Peppe --- Dom 13/9/09, edgar.sol...@web.de mailto:edgar.sol...@web.deedgar.sol...@web.de mailto:edgar.sol...@web.de ha scritto: Da: edgar.sol...@web.de mailto:edgar.sol...@web.deedgar.sol...@web.de mailto:edgar.sol...@web.de Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and usejump-pilot-devel@lists.sourceforge.net mailto:jump-pilot-devel@lists.sourceforge.net Data: Domenica 13 settembre 2009, 13:31 Downloaded the recent version of the converter and redid peppe's steps... interestingly the result still has some hits, obviously the way of executing a batch file during run time is something some malware does similarly. Also the resulting exe file is UPX packed, which is often regarded as suspicious, because viruses often try to cloak themselves by that. http://is.gd/3dvL6 and a more frightening result from the online conversion also offered on the site http://is.gd/3dxKU As I don't know anything about the author of the tool, it is unfortunately not trustworthy and even if these are just false alarms (seems probable, because of the differing results, especially in case one above) I don't think the project should take the risk of delivering viruses. This leaves to suggest - the binary should be removed from the distribution. I additionally searched for a replacement and found http://www.abyssmedia.com/quickbfc/ which seems to come without UPX compression and only 3 hits on virustotal, from which 2 are heuristical. This could be candidate for a replacement. http://is.gd/3dzL6 .. regards ede On 13.09.2009 07:28, Giuseppe Aruta wrote: Hi all, I am still out for work so I cannot take time for Oenjump. oj.exe: I create a script with only one line openjump.bat, save as oj.bat
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Downloaded the recent version of the converter and redid peppe's steps... interestingly the result still has some hits, obviously the way of executing a batch file during run time is something some malware does similarly. Also the resulting exe file is UPX packed, which is often regarded as suspicious, because viruses often try to cloak themselves by that. http://is.gd/3dvL6 and a more frightening result from the online conversion also offered on the site http://is.gd/3dxKU As I don't know anything about the author of the tool, it is unfortunately not trustworthy and even if these are just false alarms (seems probable, because of the differing results, especially in case one above) I don't think the project should take the risk of delivering viruses. This leaves to suggest - the binary should be removed from the distribution. I additionally searched for a replacement and found http://www.abyssmedia.com/quickbfc/ which seems to come without UPX compression and only 3 hits on virustotal, from which 2 are heuristical. This could be candidate for a replacement. http://is.gd/3dzL6 .. regards ede On 13.09.2009 07:28, Giuseppe Aruta wrote: Hi all, I am still out for work so I cannot take time for Oenjump. oj.exe: I create a script with only one line openjump.bat, save as oj.bat, and transform nto oj.ee using bat to exe converter by f2ko http://www.f2ko.de/English/index.php;. Peppe --- Mar 8/9/09, Michaël Michaudmichael.mich...@free.fr ha scritto: Da: Michaël Michaudmichael.mich...@free.fr Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and usejump-pilot-devel@lists.sourceforge.net Data: Martedì 8 settembre 2009, 23:33 Hi Stefan, Peppe, I also get a message from my antivirus because of OJ.exe: My antivirus (antivir) says it is : TR/Crypt.ULPM.Gen - Trojan I don't worry much about it, but let's see with Peppe how the OJ.exe has been made and if the alert can be removed by creating a new exe. Michaël Stefan Steiniger a écrit : mhm.. http://www.virustotal.com/analisis/ef8f87e0ebaa203a51f98e1d1e6b68af68ca2ac1b2513181ede852268cceebd0-1252436424 not sure what this means. Actually somebody uploaded it before I did already stefan edgar.sol...@web.de wrote: What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Hi all, I am still out for work so I cannot take time for Oenjump. oj.exe: I create a script with only one line openjump.bat, save as oj.bat, and transform nto oj.ee using bat to exe converter by f2ko http://www.f2ko.de/English/index.php;. Peppe --- Mar 8/9/09, Michaël Michaud michael.mich...@free.fr ha scritto: Da: Michaël Michaud michael.mich...@free.fr Oggetto: Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file A: OpenJump develop and use jump-pilot-devel@lists.sourceforge.net Data: Martedì 8 settembre 2009, 23:33 Hi Stefan, Peppe, I also get a message from my antivirus because of OJ.exe: My antivirus (antivir) says it is : TR/Crypt.ULPM.Gen - Trojan I don't worry much about it, but let's see with Peppe how the OJ.exe has been made and if the alert can be removed by creating a new exe. Michaël Stefan Steiniger a écrit : mhm.. http://www.virustotal.com/analisis/ef8f87e0ebaa203a51f98e1d1e6b68af68ca2ac1b2513181ede852268cceebd0-1252436424 not sure what this means. Actually somebody uploaded it before I did already stefan edgar.sol...@web.de wrote: What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
mhm.. http://www.virustotal.com/analisis/ef8f87e0ebaa203a51f98e1d1e6b68af68ca2ac1b2513181ede852268cceebd0-1252436424 not sure what this means. Actually somebody uploaded it before I did already stefan edgar.sol...@web.de wrote: What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Hi Stefan, Peppe, I also get a message from my antivirus because of OJ.exe: My antivirus (antivir) says it is : TR/Crypt.ULPM.Gen - Trojan I don't worry much about it, but let's see with Peppe how the OJ.exe has been made and if the alert can be removed by creating a new exe. Michaël Stefan Steiniger a écrit : mhm.. http://www.virustotal.com/analisis/ef8f87e0ebaa203a51f98e1d1e6b68af68ca2ac1b2513181ede852268cceebd0-1252436424 not sure what this means. Actually somebody uploaded it before I did already stefan edgar.sol...@web.de wrote: What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
Re: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file
What does virustotal.com has to say about it? .. Probably a mismatch because of the executing external code routine. .. ede On 07.09.2009 16:12, Rahkonen Jukka wrote: Hi, My OJ.exe has been on my disk for several months but just a few weeks ago eTrust Antivirus gave the first virus alarm. F-Secure Client Security is not worried at all. I do not know if it is a false alarm or not. -Jukka Rahkonen- -Alkuperäinen viesti- Lähettäjä: Malte Weller [mailto:wel...@umwelt.uni-hannover.de] Lähetetty: 7. syyskuuta 2009 15:18 Vastaanottaja: OpenJump develop and use Aihe: [JPP-Devel] Virus/Spyware 'Troj/Agent-KRQ' in OpenJump 1.3 zip file Hi, I just downloaded version 1.3 (zip and source files) from SourceForge and my Sophos antivirus software informed me about a trojan (Troj/Agent-KRQ) in the OJ.exe (openjump-1.3\bin\OJ.exe). Can someone else confirm this? Greetings from Hanover. Malte -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ Jump-pilot-devel mailing list Jump-pilot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
