Rainmeter Forums

I had my fingers crossed, but it looks like the malware at dA is coming back again. I've updated our post on the groups page there http://rainmeter.deviantart.com/blog/40705562/ , but so far, we have 7 bad skins (1 from before that dA refuses to see as malware).

Yeah, I thought that he or they had gotten bored and moved on. I think given the levels of incompetence and bureaucracy at deviantART, it is just a brave new world we are going to have to live in. We need to train our users that there are obvious signs (disabled or hidden comments being the first and foremost) of a problem submission, and that they need to be smart and take a second to look at a skin before they download it and just run whatever .exe is in it without thinking.

well, they've all banned me from their pages and I've had a visit on my profile page from one of them 'terminalbeautyy' who has now taken down two bad skins/one still there though. No replies from dA yet.

Jeff, can you take a look at this one? Could be false positives, but there seems to be too much stuff in the zip, especially in the Common folder.

Skin http://i2amfrankish.deviantart.com/#/d3jmvsi
Virus report - http://www.virustotal.com/file-scan/report.html?id=7801b6c41b8d985e86a7e927c4c3e0d6e543492f1315fe323db351cf21eea4db-1308740200

Unless this guy is really starting to go to a lot of trouble to hide what he is doing, and that is not consistent with his behavior so far (he has been pretty brute force and depending on the crappy system at deviantART to get a lot of downloads by incautious people up to now) I think that one is probably ok. The .exe files are logical and seem to be integrated in the right way. If it is bogus, he went to a lot of trouble for one skin, when the return on his investment, assuming causing the maximum chaos is his goal, is greatest with a lot of bogus submissions and hoping to overwhelm our ability to get them removed, not to do one single really complicated submission. Just my gut reaction though.