1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning against Massplaner !

Discussion in 'BlackHat Lounge' started by yasso90, May 21, 2017.

  1. yasso90

    yasso90 Newbie

    Joined:
    Dec 7, 2015
    Messages:
    22
    Likes Received:
    7
    Hello guys,
    Just wanted to let you know that this morning all of a sudden my antivir started to "blink", and when I oppened it up, I could see it has detected a trojan comming from massplaner.
    - Just to clarify, I've been using massplaner for 2 years, and NEVER had there been any problem and I've been very satisfied (until they got shut down).

    This seems like somekind a "last" attempt to get what they can by inserting a trojan into the system.....
    So now I've tried to uninstall the sh*t but suddenly that's not possible..

    So keep an eye out.

    Cheers.

    - Screenshot attached.
     

    Attached Files:

    • Thanks Thanks x 2
  2. gramschi

    gramschi Registered Member

    Joined:
    Nov 18, 2012
    Messages:
    77
    Likes Received:
    7
    surpriseingly... is this true?
     
  3. yasso90

    yasso90 Newbie

    Joined:
    Dec 7, 2015
    Messages:
    22
    Likes Received:
    7
    Yep. This just happened less than 30 minuttes ago. Now I can't uninstall this... it gives me an error when trying to uninstal ;)
     
  4. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,833
    Likes Received:
    7,438
    Home Page:
    Maybe a false positive. Is it the real copy from massplanner site or was it cracked copy or something?
     
    • Thanks Thanks x 1
  5. yasso90

    yasso90 Newbie

    Joined:
    Dec 7, 2015
    Messages:
    22
    Likes Received:
    7
    It's a real copy, I've been a paid and happy client with them for 2 years (paid)...

    - It don't seem like a false positive, as I can't uninstall the program now..Also it has never given me any kind of positive the last 2 years..
     
    • Thanks Thanks x 2
  6. mnunes532

    mnunes532 Supreme Member

    Joined:
    Jan 21, 2014
    Messages:
    1,352
    Likes Received:
    418
    Gender:
    Male
    Location:
    Portugal
    Did mp or the antivirus program update in the last 24h?
     
  7. gramschi

    gramschi Registered Member

    Joined:
    Nov 18, 2012
    Messages:
    77
    Likes Received:
    7
    Did you change the password of related account? Maybe you need it..

    If
     
  8. Sephrata

    Sephrata Senior Member

    Joined:
    Mar 25, 2017
    Messages:
    841
    Likes Received:
    454
    Gender:
    Male
    Occupation:
    Digital Entrepreneur
    Location:
    Prague
    • Thanks Thanks x 1
  9. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    6,954
    Likes Received:
    7,982
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    You can't uninstall the program, because your Kaspersky quarantined an installed file, which i guess is needed to be able to completely remove the software.

    Try to remove it with Revo Uninstaller. Normally a reinstall (with disabled AV) should do the trick, but maybe it's not the best idea in this case.

    You may want to run another full system scan in safe mode with Malwarebytes to be on the safe side.

    Interesting. OP scanned it with Kaspersky and that picked up as an infection, whereas no positive on the VT scan on your version of the cefclient.exe. It can be that OP's copy of the .exe got infected from something else on his OS. More than likely this is the case, because there would be a lot more reports about this, not just one. Frankly i don't think that the MP dev had gone rogue and would pull a stunt like this.

    Have you opened any suspicious emails/attachments recently, OP? Lately those kind of infections became quite common.
     
    • Thanks Thanks x 2
    Last edited: May 21, 2017
  10. BassTrackerBoats

    BassTrackerBoats Super Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    15,922
    Likes Received:
    29,249
    Occupation:
    Selling CPA Sites
    Location:
    Not England
    Home Page:
    I just ran Malwarebytes on the VPS where I have MP running and got the all clear.

    [​IMG]
     
    • Thanks Thanks x 4
    Last edited: May 21, 2017
  11. yasso90

    yasso90 Newbie

    Joined:
    Dec 7, 2015
    Messages:
    22
    Likes Received:
    7
    Thank you all for your feedback & the tips !

    - massplaner did an Update on my pc about 16 hours ago as I remember.
    - but Interesting that my kaspersky did detect a virus. I haven't opened any received files from suspisous emails. However if its a third party trying to deploy a trojan on my pc through massplaner, I bet I'm not the only one beeing targetet.

    This post was only to spread awareness about this "issue", as I said earlier I've been very grateful for the work done by massplaner :)

    Watch out - peace and love !
     
  12. Alex7711

    Alex7711 Registered Member

    Joined:
    Apr 17, 2017
    Messages:
    80
    Likes Received:
    16
    Gender:
    Male
    Kaspersky is the worst antivirus i've ever used.
     
  13. viivii

    viivii Jr. VIP Jr. VIP UnGagged Attendee

    Joined:
    May 5, 2016
    Messages:
    137
    Likes Received:
    42
    heh, you know you can crypt any virus/trojan and it will show 100% safe for week or two on Virustotal or on any antiviruses malware scanners etc...
    Not saying MP has some ''gift'' just some info about crypt.
     
    • Thanks Thanks x 1
  14. yasso90

    yasso90 Newbie

    Joined:
    Dec 7, 2015
    Messages:
    22
    Likes Received:
    7
    It hasn't been that bad, I've been using it the last 5 years..
    In the end they are all almost the same :)
     
  15. bWorkers

    bWorkers Jr. VIP Jr. VIP

    Joined:
    May 17, 2015
    Messages:
    189
    Likes Received:
    30
    Gender:
    Male
    Occupation:
    Amazon Online Marketer
    Location:
    Jamaica Ave, Queens, NY
    Home Page:
    It may be a false positive from the Antivirus. Or somehow it was infected by other viruses that is hidden and undetected in your computer.
     
    • Thanks Thanks x 1
  16. W9go

    W9go Jr. VIP Jr. VIP Premium Member

    Joined:
    May 16, 2011
    Messages:
    4,622
    Likes Received:
    930
    Gender:
    Male
    Occupation:
    chasing girls
    Location:
    chasing girls
    FL is not much better ;)
     
    • Thanks Thanks x 1
  17. THUNDERELVI

    THUNDERELVI Elite Member

    Joined:
    Sep 12, 2009
    Messages:
    2,386
    Likes Received:
    2,061
    Gender:
    Male
    Location:
    W3
    I just ran a scan as well on all my MP copies and nothing detected - I use Eset as my AV. I really doubt the developers would pull something like this as they have been so friendly and awesome the last few years, but you never know anyway.
     
    • Thanks Thanks x 1
  18. whats_up_doc

    whats_up_doc Regular Member

    Joined:
    Jun 19, 2013
    Messages:
    244
    Likes Received:
    136
    I'm also using Kasperky and all my MP copies are clean.

     
    • Thanks Thanks x 1
  19. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,039
    Likes Received:
    10,827
    Occupation:
    WHEREZ MA
    Location:
    BITCOINS AT?
    Home Page:
    CEF is the embedded web browser within Massplanner. cefclient.exe is the embedded headless browser client code (the part the does web requests).

    It is open source: https://github.com/bkeiren/cef

    You can even build your own clean cefclient.exe if in doubt and replace it there.
     
    • Thanks Thanks x 2