Warning from the Rainmeter Team

[karmat]

I will put some thoughts together in the next day or so. I think I might know that guy from Netherworld BBS. I was the sysop of the Interconnect BBS (and the president of the Capitol Area Sysops Association) at the time he was running Netherworld.

Hey Jeff, did you get anywhere with him? I'm just about to post a comment at dA that Fiona and Heidi will see and thought I'd check first to see you if you've made any progress.

[jsmorley]

Hey Jeff, did you get anywhere with him? I'm just about to post a comment at dA that Fiona and Heidi will see and thought I'd check first to see you if you've made any progress.

I did not. I have been away and haven't had a chance to ping him. Sorry.

[karmat]

I have been reporting and reporting and reporting but dA is just not removing them. I sent the following message to Fiona with a copy to OtisBee...

Fiona, there are still 17 skins in the Rainmeter Gallery that are infected with malware. The oldest one has been there since April 17, a month ago. Last time I counted, 16 of these skins had generated almost 4,000 downloads. I have reported all of them, some in the old way, all of them in the new way. Obviously, there is still a problem with malware reporting.

Could I get an update on when these will be removed and if dA is going to implement an antivirus check at upload? Would really be appreciated.

See below for a list of the infected skins...

Enigma - Reported
Rip - Enigma by devartuser99 http://devartuser99.deviantart.com/art/Enigma-208644225?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=7
Original - Enigma by Kaelri http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=Enigma#/d1ptasn
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=472a9ea6f9d805af7790bc28c499bfc0c7c0f362bc01714d2723c1c13349d014-1305308430

Alphabar - Reported
Rip - Alphabar 2.0 by alif4 http://alif4.deviantart.com/#/d3f7anr
Original - Alphabar 1.0 by redblackproduction http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=Alphabar#/d28rgp6
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=cd78804b6ddc92b51762e4bdf0c15cf976d180cd3c61844629de2b9b7ad461d3-1304129490

Rainmeter Panel - Reported
Rip - Rainmeter Panel Latest V by alifa4 http://alif4.deviantart.com/art/Rainmeter-Panel-Latest-V-206930428?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=1
Original - Rainmeter Panel by crish29 http://crish29.deviantart.com/art/Rainmeter-Panel-172248150?q=boost%3Apopular%20in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20Rainmeter%20Panel&qo=3
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=cc60ac45439e15d470aeb2306dbd77e8268b1830a7edb40dcb2f75898cf12b85-1304128990

Ironman - Reported
Rip - IronMan Desktop V2.0 by alif4 http://alif4.deviantart.com/art/IronMan-Desktop-V2-0-206928291?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=2
Original - IronMan-Jarvis Theme Desktop by Scrollsofaryavart http://scrollsofaryavart.deviantart.com/art/IronMan-Jarvis-Theme-Desktop-192148062?q=boost%3Apopular%20in%3Acustomization%2Fskins%20Ironman&qo=5
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=29116a7208c7016857fd1d7b49823429ea434b8be7a9ad670ad67f1ca7ba6e9b-1304128210

Ventuz - Reported
Rip - Ventuz 2 by alif4 http://alif4.deviantart.com/art/Ventuz-Skin-0-3-206926793?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=2
Original - Ventuz by ld-jing http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=Ventuz#/d2usi8s
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=a0d88f54df1ed214196b09e5d6ffcf9caf511aa763cc63417fad669525cee950-1304126823

Razor - Reported
Rip - Razor 2 by kool626106 http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/#/d3f4g1h
Original - Razor by minhtrimatrix http://minhtrimatrix.deviantart.com/art/Razor-158568197?q=boost%3Apopular%20in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20Razor&qo=0
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=d870066616d07fb06a8240557c5bc7088522b1463b9fbd47da09f3d8ed72a435-1304041234

MoonGlow - Reported
Rip - MoonGlow 2 by danielh2k11 http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/#/d3f3547
Original - MoonGlow by minhtrimatrix http://minhtrimatrix.deviantart.com/art/MoonGlow-173381438?q=boost%3Apopular%20in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20MoonGlow&qo=0
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=dd7e32fbdd0fa76021b1126c6eb80d745e10e73fb60e4a094fe8ecad16b3bc5b-1304011219

Speed - Reported
Rip - Speed 2 by kool626106 http://kool626106.deviantart.com/art/Speed-2-By-Kool626106-206653851?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=1
Original - Speed by minhtrimatrix http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=speed#/d2qbg7x
VirusTotal Report - http://www.virustotal.com/file-scan/report.html?id=ac7237c119d970d6701abefa8ce6396f6d5efbfb57f4f00dd2c29abc5223c61d-1303939048

Tabmeter - Reported
Rip - Tabmeter3 by alif4 http://alif4.deviantart.com/art/Tabmeter3-latest-Version-206561475?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=0
Original - Tabmeter2 by toastbrotpascal http://toastbrotpascal.deviantart.com/gallery/#/d2r151v
In the ZIP folder, there is a Tabmeter2.rmskin file but there is so a file called Pass Unzip.exe which is malware

Lady Gaga - Reported
Rip - Lady Gaga tribute V.0.3 by alif4 http://alif4.deviantart.com/art/Lady-Gaga-tribute-V-0-3-206549523?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=0
Original - Lady Gaga Tribute by AlekAldinger http://alekaldinger.deviantart.com/art/Lady-Gaga-Tribute-179201852?q=gallery%3AAlekAldinger&qo=2
VirusTotal report - http://www.virustotal.com/file-scan/report.html?id=505cfb6417ae6bab7392b2b93f4e877f3d3bc138380ff51d251141d1a3c8f1a4-1303865074
In the ZIP file, along with the .rmskin, there is a file called Pass Unrar.exe which is malware

Uixx - Reported
Rip - Uixx Pack Updated by alif4 http://alif4.deviantart.com/#/d3ez4m3
Original - Uixx pack by albinozz http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=uIXX#/d29xw1v
VirusTotal report - http://www.virustotal.com/file-scan/report.html?id=77535efd18b53d17d945a6ca11cac098d808c2c09cc2215c4044ed715d9e9ca8-1303866056
In the ZIP file, along with the .rmskin, there is a file called Pass.Unrar.exe which is malware

Digit - Reported
Rip - Digit V2 by ~ZGP93 http://zgp93.deviantart.com/art/DiGiT-v2-206531060
Original - Digit by ~helkin86 http://browse.deviantart.com/?qh=§ion=&global=1&q=Rainmeter+digit#/d377w81
VirusTotal report - http://www.virustotal.com/file-scan/report.html?id=b917d6ae160624d0a09bf2421302b8332d0564bc67fd7a23237f84387a3ed340-1303859554
Inside the false skin is an "Instructions" statement, this is a link to a site that will attempt to virus your system directly

Tabmeter - Reported
Rip - Tabmeter3 by ~kool626106 http://kool626106.deviantart.com/art/Tabmeter3-206528352
Original - Tabmeter2 by ~toastbrotpascal http://browse.deviantart.com/?qh=§ion=&global=1&q=Tabmeter2#/d2r151v
In the zip file is a .rmskin.exe fil which is malware, RM skins end with .rmskin, NOT .exe

Reloj - Reported
Rip - Reloj by cspanick http://cspanick.deviantart.com/#/d3ethmt
Original - Reloj by kiko11 http://kiko11.deviantart.com/art/Reloj-204516530?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=63
In the zip file is a .rmskin.exe fil which is malware, RM skins end with .rmskin, NOT .exe

Figures - Reported
Rip - $NEW$ Rainmeter Figures $HOT$ by ResylanA http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/#/d3eqkh2
Original - Figures for Rainmeter by BinaryCon http://binarycon.deviantart.com/#/d31mnu2
Malware is in the .EXE file

Cosmos Time - Reported
Rip - Cosmos Time v3.0 by arun9020 http://arun9020.deviantart.com/#/d3eaash
Original - Aero grid for Rainmeter by RigasPapas http://browse.deviantart.com/customization/skins/sysmonitor/rainmeter/?qh=§ion=&q=Aero+grid#/d3b9mti
VirusTotal report http://www.virustotal.com/file-scan/report.html?id=4aef5224b59a7a96932bf95bebc90cdd8d9209d0e0056ceae10a7174d4f9353b-1303164894

Blue Vision - Reported
Rip - Blue Vision HD Final by GrieveLogs http://grievelogs.deviantart.com/art/Blue-Vision-HD-FINAL-205288224?q=in%3Acustomization%2Fskins%20sort%3Atime&qo=8
Original - BlueVision VO.2 Alpha by g3xter http://g3xter.deviantart.com/art/BlueVision-V0-2-Alpha-162478234?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime%20Blue%20Vision&qo=4
VirusTotal report http://www.virustotal.com/file-scan/report.html?id=554665b94f290d7295c11d671082ace8702abe770e2ede0d7538bc1fe3465e79-1303088119

[jsmorley]

I was sorry to see that Enigma copy pop up there yesterday. I was hoping the guy had gotten bored and moved on....

It is my hope that this is one guy with some stick up his behind and the problem more or less goes away when he is done having fun. It's why I have been keeping kind of quiet, just hoping that not feeding his ego will help some. I don't think we are ever going to be happy with the response from DA. They are a huge site that has outgrown their ability to manage it properly with only paid staff, and unless they change their minds about some kind of area-specific moderation (and I doubt it) I think we are going to have to live in a world where most of the time things go along just fine, but once in a while we get one of these situations, and all we can do is try to beat it into people's heads that if comments are disabled, you don't download the skin.

[karmat]

Just saw this skin...
Avatar RM Theme by phong1970 http://phong1970.deviantart.com/art/Avatar-RM-Theme-208936758?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=0
VirusTotal doesn't pickup anything. The zip file just has one file - AvatarSkininstaller.exe - I scanned it with Avast and Malwarebytes and it comes up clean.

[poiru]

Just saw this skin...
Avatar RM Theme by phong1970 http://phong1970.deviantart.com/art/Avatar-RM-Theme-208936758?q=in%3Acustomization%2Fskins%2Fsysmonitor%2Frainmeter%20sort%3Atime&qo=0
VirusTotal doesn't pickup anything. The zip file just has one file - AvatarSkininstaller.exe - I scanned it with Avast and Malwarebytes and it comes up clean.

The AvatarSkininstaller.exe executable contains:
- AcrobatUpdater.exe
- A .zip (seems to be a valid .rmskin)

AcrobatUpdater.exe seems suspicious..

[karmat]

I just did Malware Report #4 http://rainmeter.deviantart.com/blog/40705562/

Fiona responded in the comments saying that they are currently testing anti-virus on submission and have been using this gallery in particular for testing.

I commented back, I hope I didn't overstep my boundaries here, what do you think?

[jsmorley]

I responded in that thread. I think your post is fine.

[karmat]

I responded again as well.

Also, I've received about 20 automated replies - all but 4 that I've reported have now been removed and most of the usernames have been banned - finally!

Three of the four that are left don't show any virii when checked by VirusTotal, but they all have an installer.exe file in the zip. The automated replies I received for these ones say that my report is invalid and that... A member of the staff has preformed an independent virus scan on the download associated with this deviation and has not detected any viral component.

How do I explain that to Fiona so that they can understand and delete them?

The ones in question are:
- Enigma - but it was just reported today
- http://phong1970.deviantart.com/#/d3ge8mu
- http://intellodu77.deviantart.com/art/Simplicity-v6-5-8-1-209090406
- http://intellodu77.deviantart.com/art/Simplicity-v6-5-8-2-209213193

[jsmorley]

I responded again as well.

Also, I've received about 20 automated replies - all but 4 that I've reported have now been removed and most of the usernames have been banned - finally!

Three of the four that are left don't show any virii when checked by VirusTotal, but they all have an installer.exe file in the zip. The automated replies I received for these ones say that my report is invalid and that... A member of the staff has preformed an independent virus scan on the download associated with this deviation and has not detected any viral component.

How do I explain that to Fiona so that they can understand and delete them?

The ones in question are:
- Enigma - but it was just reported today
- http://phong1970.deviantart.com/#/d3ge8mu
- http://intellodu77.deviantart.com/art/Simplicity-v6-5-8-1-209090406
- http://intellodu77.deviantart.com/art/Simplicity-v6-5-8-2-209213193

I responded to this issue about the replies I received as well that there were no viruses found in several of them. VirusTotal does find a virus in the Enigma 1.3 .exe, but only 3 or 4 of the engines do. It is either a new variant that the engines have not cataloged yet, or this guy is submitting these bogus skins with nothing but a .exe but no virus, just to cloud the waters.

We really need some kind of local moderation over there. Yes, a lot of them were deleted today, but it is only because Fiona jumped in personally again. She is right that we should not expect to be "fast tracked" like that, and as of tomorrow it will go right back to just how it was. She only gets mostly on top of this when we beat her up, and then goes back to the broken system that doesn't work at all. That isn't fair to anyone. Not us, not her, not her team, and not the rest of deviantART.