Closed
Bug 936214
Opened 12 years ago
Closed 8 years ago
Blocklist Plus-HD add-ons... somehow
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
INVALID
People
(Reporter: kmag, Unassigned)
References
Details
Attachments
(1 file)
|
1.90 MB,
application/octet-stream
|
Details |
I haven't come across an XPI for these, but they use a new ID for each version, in the form "${guid1}@{guid2}.com". E.g.,
d23e182d-ad35-4aaa-95fb-034be094ab34@2799ccf6-49fc-43ce-9a4c-b3d39badc04e.com Plus-HD-1.1
509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com Plus-HD-1.3
e180d6e8-52cd-41d9-9002-9e43f22d4c91@7466a5f3-05bd-4c4d-a0e9-9442a8ea8a0e.com Plus-HD-1.5
6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com Plus-HD-1.6
dcf3d940-5475-4c1f-9347-73a47512ee99@8520e31e-fc61-48c8-ae31-09d4d65bc369.com Plus-HD-1.7
4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com Plus-HD-2.2
7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com Plus-HD-2.3
ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com Plus-HD-2.4
75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com Plus-HD-2.5
7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com Plus-HD-2.6
d8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com Plus-HD-3.5
de9372bd-c6d6-4690-9bf6-238a8622d6b1@09af4fd9-64cf-4b1b-9464-1de3f20e38f7.com Plus-HD-3.7
c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com Plus-HD-3.8
1c4760d9-6efb-48d1-b650-e82623c8612e@982da7d4-d829-4a76-8b83-32a7fa75255f.com Plus-HD-4.1
7d04e0dd-e717-4311-bcbc-b7636adb99a5@300322bc-0824-4364-854a-6105e7ba1d2f.com Plus-HD-4.4
a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com Plus-HD-4.5
|
||
Comment 1•12 years ago
|
||
This seems to be the official source: http://www.plus-hd.com/
Care to give it a try?
|
Reporter | |
Comment 2•12 years ago
|
||
Yeah, that installer silently installs it.
|
|
Reporter | |
Comment 3•12 years ago
|
||
Except that it installs 'Plus HD' 9.91.10 with ID 2b2750af-b61c-4f40-ac60-659fa3e3def0@199d3f78-54fd-45d9-ab43-235d38c159ee.com
|
|
||
Comment 4•11 years ago
|
||
Kris, do you want a xpi and installer with that file? Furthermore, it creates tasks to install (and reinstall?) itself and terminates running browsers.
Flags: needinfo?(kmaglione+bmo)
|
|
||
Comment 6•11 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #0)
> I haven't come across an XPI for these, but they use a new ID for each
> version, in the form "${guid1}@{guid2}.com". E.g.,
(In reply to Kris Maglione [:kmag] from comment #3)
> Except that it installs 'Plus HD' 9.91.10 with ID
> 2b2750af-b61c-4f40-ac60-659fa3e3def0@199d3f78-54fd-45d9-ab43-235d38c159ee.com
Do you need a software which silently installs Plus HD 7.6 (and the stuff like install log etc.)?
|
|
Reporter | |
Comment 7•11 years ago
|
||
If you have it, then yes, I'd like to see it. The installer from comment 1 installs something, but I don't know that it's related.
|
|
||
Comment 8•11 years ago
|
||
This is an installer of the ExtractNow application. The homepage http:// www . extractnow . com/ offers a download from cnet which seems to be a stub. The download from CHIP http://www . chip . de/downloads/ExtractNow_48251973.html offers to install third party stuff, but even after unchecking the checkbox and declining that TOS, Plus HD 7.6 gets installed.
More information on changes to the system can be found on http://www.drwebhk.com/en/virus_techinfo/Trojan.Crossrider.41.htmlr
TL;DR
- Tasks created at %WINDIR%\Tasks\
- %PROGRAM_FILES%\Plus-HD-6.0
- %TEMP%\nsq3.tmp
- In Temp:
binsis142.xml
binsischeck654.xml
bitool.dll
nsr701.tmp
plus-hd-7-6de.exe
Plus-HD-7.6Installer_1393425650.log
UpdateCheckerSetup.exe
Folders with *.tmp folder, one containing Setup50131.exe
|
|
Reporter | |
Comment 9•11 years ago
|
||
Hrm. That installer changes my homepage and search engine to snapdo.com. It doesn't seem to install any extensions, though.
|
|
Reporter | |
Comment 10•11 years ago
|
||
OK, it's pretty flaky, but eventually it does install a snap.do extension. Which we should block. But that's another bug. It also uses an external app to draw its toolbar over our browser window. Ugh.
|
|
Reporter | |
Comment 11•11 years ago
|
||
These are now also showing up as 'PlusSHD' and causing crashes:
a54e453c-130a-4769-9333-c5ec2aa914c5@9bd7cc89-9c7c-44e9-a03b-042b92d363f0.com PlusSHD-9.9
55d597b4-643f-421e-b007-26a68e26903b@a62d99f0-1402-44d5-8671-7a618c9c4868.com PlusSHD-9.9
|
Assignee | |
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
|
|
||
Comment 12•8 years ago
|
||
Closing old blocklist requests that shouldn't be valid after the move to WebExtensions-only in Firefox 57. Please comment if you think this bug is still valid and should be reopened.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•