Results 1 to 10 of 40

Thread: New Get Lazarus Initiative

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 07-02-2015, 11:54 PM #23
    SilverWarior
    SilverWarior is offline
    PGD Staff
    Join Date
    Jun 2011
    Location
    Slovenia
    Posts
    1,327
    I just finished my initial analysis and I'm wondering why is your setup changing settings of my internet explorer?

    Code:
    isolation_full HKEY_CURRENT_USER\Software\Microsoft\IEAK
isolation_full HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard
  Value=ShellNext
  REG_SZ~http://www.getlazarus.org/installed/?platform=windows#2300
  Value=Completed
  REG_BINARY=#01#00#00#00

isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  Value=FullScreen
  REG_SZ~no#2300
  Value=Window_Placement
  REG_BINARY=#2c#00#00#00#02#00#00#00#03#00#00#00#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#58#00#00#00#74#00#00#00#b0#02#00#00#08#02#00#00

isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  Value=MigrateProxy
  REG_DWORD=#01#00#00#00
    Changing any registry setings regarding Internet Connection Wizard or Proxy settings is a big NO NO as this is most commonly used by various programs in atempt to hijack your computer.

    Now I haven't figured out which part of the instalation makes these changes in the registry but they are enough for me to consider your setup dangerous.

    Why are you forcingly opening your webpage after the instalation has been finished? I realy hate that.
    And finally don't use third party software like "Fart" for changing path destinations. You can achieve all that directly from Inno setup. If it can't be achieved from the UI directly you can write a special Pascal Script code to do that. If my memory serves me corectly the use of pascal script alows you to edit both registry and ini files in the same whay as if you would do it in your Delphi or FreePascal program.

    EDIT: The registry changes have been tracked with WMWare ThinApp aplication.

    And now off I go instaling this in another Virtual machine with a working anti virus software to see if it would give any warnings.

    EDIT2: Running setup on my other virtual machine with anti virus software hasn't caused the same registry change as I shown above. I belive that this registry change was actually made by internet explorer itself when it failed to show the web page during the first test becouse that Virtual machine didn't have access to internet while this one has.

    EDIT3: Just finished instaling and later deep scaning of entire virtual machine and my Anti Virus (Eset Nod 32) hasn't raised any warnings.

    @paul_nicholls
    Can you please export your log from Avast so that we can see which files did it detect as potentionally harmfull. This would be verry helpfull in determining if those are false positives or not.
    Last edited by SilverWarior; 08-02-2015 at 01:26 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules