can anyone confirm that Firefox plugin np_gp.dll is ok
Canis
never noticed this before. I'm hoping this was installed as part of
the recent round of updates from Adobe (released and installed by me
last week) related to Flash, Acrobat, Reader and Air.
I've been slightly paranoid because on that same day my anti-virus
tool reported a generic heuristic match on what appears to be part of
Adobe's installer (getplus_helpersvc.exe) which went away after a
while. This could be the result of a newly-released file first
matching a generic pattern then showing up in the whitelist the next
time the AV database is updated. Or could be something worse. :)
Does anyone have knowledge of this? (Anyone from Adobe reading?)
Thanks.
Ron Hunter
file appears on my system.
Google for it, and you will probably want to delete it!
Alex K.
Based on this page,
http://spywaredlls.prevx.com/RRIAFB42666234/NP_GP.DLL.html
I looked for NOS Microsystems. Doesn't appear to be malware, the
company seems legit:
http://www.nosltd.com/index.php?option=com_content&task=view&id=21&Itemid=15
"NOS Microsystems offers cutting-edge products to fulfill all your needs
for electronic software distribution (compression, download, upload, and
installation management) for efficient and user-friendly distribution of
any digital good. Our solutions enable you to accelerate the file
transfer experiences with size-optimized product downloads, automate the
customer-friendly download processes and reduce costs while increasing
your revenue. All our solutions support all Operating Systems (WIndows,
Mac and Linux) and all browsers."
Seems like a fit for updater type software, such as Adobe might use.
--
Alex K.
jetjock
http://forums.spybot.info/archive/index.php/t-44161.html
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t216860.html
http://spywaredlls.prevx.com/RRIAFB42666234/NP_GP.DLL.html
For the record, I don't have that plugin in my Firefox and I have the full Adobe Acrobat Pro v.9 installed.
--
>>>>>>>>>>jetjock<<<<<<<<<<
Ron Hunter
etc. I don't have it on my system, and Googling it turned up some
rather negative things.
BJ
I'd move it to another folder for now . . . just in case you need it.
Then, after some use if you see that you haven't lost any functionality,
I'd delete it completely.
BTW, I don't have it on my system either. While I haven't examined this
thread closely, it doesn't appear any others have it. You seem to be
the only one, Canis.
BJ
--
Bob Jamieson
Anti-spam measures are included in my email address.
Delete all the NOSPAMs from the email address after clicking Reply.
Canis
> Then, after some use if you see that you haven't lost any functionality,
> I'd delete it completely.
I decided to dust off and nuke the whole site from orbit -- a.k.a. a
complete Vista reinstall from known good sources -- it's the only way
to be sure.
I tried every virus scanner I could get my hands on (including both on
my desktop and uploading to online scanners) and none reported a
hit.
I don't consider Google results to be conclusive, because you can pick
almost any DLL you care to, search for it, and find a few dozen posts
asking if it's spyware. Then you find another couple dozen results
for scareware sites trying to convince you to buy their so-called
scanner so they can tell you it really was a normal WIndows service
after all.
At the same time:
- my system event log did contain one complaint (from Windows
Defender, I think it was) - "real-time protection detected potential
spyware during start-up"
- I had two failed boot-to-desktop, where it halted with "logon
process failed to create security options dialog"
- I had the AV complaint about another part of Adobe's updater, the
getplus_helpersvc.exe, about which there are credible reports in
several security databases (not that there was a problem with getplus
itself, but that it could be used by a standard user to gain system
privilege)
- the plug-in itself self-identifies as getPlusPlus for Adobe 16236
1.6.2.36 using a presentation layout that looks unprofessional (which
may only mean that it was developed not by Adobe but by a third party,
for Adobe)
So, putting it all together, I decided to treat it as a real
intrusion. You have to be able to sleep at night ...
Thanks for all the help and advice, it's been great to hear what
everyone thinks.
Canis
Firefox.
Install Flash 10 in Firefox does not add np_gp.dll to Firefox.
Bob Jamieson
> I decided to dust off and nuke the whole site from orbit -- a.k.a. a
> complete Vista reinstall from known good sources -- it's the only way
> to be sure.
I think you did the prudent thing there. Some may think it was
overkill, but your comment about sleeping at night pretty much says it all.
> I don't consider Google results to be conclusive, because you can pick
> almost any DLL you care to, search for it, and find a few dozen posts
> asking if it's spyware. Then you find another couple dozen results
> for scareware sites trying to convince you to buy their so-called
> scanner so they can tell you it really was a normal WIndows service
> after all.
Very true about googling for malware in a .dll
And your comment about scareware is right on.
BJ
Ron Hunter
and is willing, it should do the job.
Bob Jamieson
One mans sledge hammer is another's fly swatter.
One of my favorite security quotes:
"Between the extremes of caution and blissful ignorance, there is some
comfort point, which will be different for everyone. I choose to run
some risks, if they entail compensatory advantages, while avoiding others."
(I think I may have gotten this from one of my newsgroups here)
BJ
--
Bob Jamieson
To reply to me via email, remove all the NOSPAM's
Ken Whiton
*-* In Article <39Odndu-ztSAzgnX...@mozilla.org>,
*-* Bob Jamieson wrote
*-* About Re: can anyone confirm that Firefox plugin np_gp.dll is ok
> Ron Hunter wrote:
>> Bob Jamieson wrote:
>>> Canis wrote:
>>>> I decided to dust off and nuke the whole site from orbit --
>>>> a.k.a. a complete Vista reinstall from known good sources --
>>>> it's the only way to be sure.
>
>>> I think you did the prudent thing there. Some may think it was
>>> overkill, but your comment about sleeping at night pretty much
>>> says it all.
>
>>>> I don't consider Google results to be conclusive, because you can
>>>> pick almost any DLL you care to, search for it, and find a few
>>>> dozen posts asking if it's spyware. Then you find another couple
>>>> dozen results for scareware sites trying to convince you to buy
>>>> their so-called scanner so they can tell you it really was a
>>>> normal WIndows service after all.
>
>>> Very true about googling for malware in a .dll
It's not just a .dll, either. Substitute .exe for.dll and it's
just as true.
>>> And your comment about scareware is right on.
>
>> I would say it was overkill, but it it is feasible, the user has
>> time, and is willing, it should do the job.
>
> One mans sledge hammer is another's fly swatter.
>
> One of my favorite security quotes:
>
> "Between the extremes of caution and blissful ignorance, there is
> some comfort point, which will be different for everyone. I choose
> to run some risks, if they entail compensatory advantages, while
> avoiding others."
>
> (I think I may have gotten this from one of my newsgroups here)
You just quoted it back to the poster you got it from, ... in
this group. ;-)
http://groups.google.com/group/mozilla.general/msg/ac8fa2dff0190d33
Ken Whiton
--
FIDO: 1:132/152
InterNet: kenw...@surfglobal.net.INVAL (remove the obvious to reply)
Bob Jamieson
Clearly you have an encyclopedic memory . . . or is there some other
explanation for how you retrieved a 10 month old post? (A search?)
Bob Jamieson
And you're the guy that remembered my Spock message face, weren't you?
You definitely must have some kind of photographic memory.
Ken Whiton
*-* In Article <f6-dna0gW8_QmAjX...@mozilla.org>,
*-* Bob Jamieson wrote
*-* About Re: can anyone confirm that Firefox plugin np_gp.dll is ok
> Bob Jamieson wrote:
>> Ken Whiton wrote:
>>> *-* Bob Jamieson wrote
>> Clearly you have an encyclopedic memory . . . or is there some
>> other explanation for how you retrieved a 10 month old post? (A
>> search?)
As the saying goes, "Google is your friend". I did a Google
Groups search on the phrase "entail compensatory advantages" and got
six results (It's seven now that this thread has made it into their
database.). The earliest of the six was Ron's post that I linked to
above, and the other five were all you, quoting it in various groups
and/or forums. ;-)
> And you're the guy that remembered my Spock message face, weren't
> you?
Yes.
> You definitely must have some kind of photographic memory.
My memory is probably above average, but it's not photographic.
I do, however, have the MessageFaces extension installed, so I have a
good idea of who uses Faces in their posts. I had actually noticed
yours missing as soon as you started posting under Linux, but I didn't
mention it until your missing sig comment in a recent thread made it
more-or-less relevant to an existing post.
On a related note, it's been over a year and a half since Reg has
included a Face in any of his posts.
I've also noticed that for the last few days you've been posting
under your full name rather than just your initials.
Bob Jamieson
Definitely above average.
>
> On a related note, it's been over a year and a half since Reg has
> included a Face in any of his posts.
I never noticed that Reg used a face. That may be because I didn't come
on the scene when he was using faces. So, what face did he use? Had to
be "amusing" considering Reg's posts.
>
> I've also noticed that for the last few days you've been posting
> under your full name rather than just your initials.
>
> Ken Whiton
Yes, my full name got in there because I've wiped out my Linux/Ubuntu
folders several times, and I've had to reinstall TB from scratch . . .
got so tedious that after a while I didn't really pay attention to
initials or full.
Wiping out Linux is pretty hard to do, so you may be wondering how I did
it. Well . . . it really wasn't a failure of Linux so much as it was
just my own voluntary re-partitioning. I had messed things up so much
that I just decided to do a complete reinstall . . . SEVERAL TIMES.
Am learning now how to make an image (is quite different from Windows)
so that the next time this happens (and it will, 'cause I'm still
'sperimenting . . . "Hmmmmm, let's see what this does" . . . sort of
like the eight scariest words in the English language: "Is your
seatbelt on? I'm gonna try something") I can just do a quick restore
from a backup and have it the way it was.
BTW, I've used that "eight scariest words" thing before (recently I
think), and now every time I repeat myself I'm thinking you'll catch it.
Gonna have to get some fresh material to keep you on your toes.
Bob Jamieson
Hey Ken,
Are you the civil war re-enactor fellow, or am I getting you confused
with somebody else?
Ken Whiton
*-* In Article <__idnTZWStwU9QvXn...@mozilla.org>,
*-* Bob Jamieson wrote
*-* About Re: can anyone confirm that Firefox plugin np_gp.dll is ok
> Ken Whiton wrote:
>> *-* Bob Jamieson wrote
>
>>> Bob Jamieson wrote:
>>>> Ken Whiton wrote:
>>>>> *-* Bob Jamieson wrote
[ ... ]
Thank you.
>> On a related note, it's been over a year and a half since Reg
>> has included a Face in any of his posts.
>
> I never noticed that Reg used a face. That may be because I didn't
> come on the scene when he was using faces. So, what face did he
> use?
His own. ;-)
> Had to be "amusing" considering Reg's posts.
It's baaaaack, so you've probably seen it.
>> I've also noticed that for the last few days you've been
>> posting under your full name rather than just your initials.
>
> Yes, my full name got in there because I've wiped out my
> Linux/Ubuntu folders several times, and I've had to reinstall TB
> from scratch . . . got so tedious that after a while I didn't really
> pay attention to initials or full.
>
> Wiping out Linux is pretty hard to do, so you may be wondering how I
> did it. Well . . . it really wasn't a failure of Linux so much as
> it was just my own voluntary re-partitioning. I had messed things
> up so much that I just decided to do a complete reinstall . . .
> SEVERAL TIMES.
>
> Am learning now how to make an image (is quite different from
> Windows) so that the next time this happens (and it will, 'cause I'm
> still 'sperimenting . . . "Hmmmmm, let's see what this does" . . .
> sort of like the eight scariest words in the English language: "Is
> your seatbelt on? I'm gonna try something")
That reminds me of a line from an e-mail I received some time ago:
A Redneck's last words: "Hey, Bubba, watch this!"
> I can just do a quick
> restore from a backup and have it the way it was.
>
> BTW, I've used that "eight scariest words" thing before (recently I
> think), and now every time I repeat myself I'm thinking you'll catch
> it. Gonna have to get some fresh material to keep you on your toes.
Not to worry. This is the first time I can remember seeing it.
And WRT your security quote, I didn't (and still don't) remember
seeing it before you posted it in this thread. It was your comment
about thinking you had gotten it from one of the Mozilla newsgroups
that caught my interest. If you hadn't made that comment, I wouldn't
have paid any extra attention to the security quote it referred to.
Ken Whiton
*-* In Article <6r6dnWWHI65D9wvX...@mozilla.org>,
*-* Bob Jamieson wrote
*-* About Re: can anyone confirm that Firefox plugin np_gp.dll is ok
[ ... ]
> Hey Ken,
>
> Are you the civil war re-enactor fellow,
No.
> or am I getting you confused
> with somebody else?
Yes. ;-) The only Civil War re-enactor I'm aware of on these
groups, as Reg has already mentioned, is Lee, more formally known as
Leonidas Jones.
Bob Jamieson
> *-* On Thu, 27 Aug 2009, at 04:15:41 -0700,
> *-* In Article <6r6dnWWHI65D9wvX...@mozilla.org>,
> *-* Bob Jamieson wrote
> *-* About Re: can anyone confirm that Firefox plugin np_gp.dll is ok
>
> [ ... ]
>
>> Hey Ken,
>>
>> Are you the civil war re-enactor fellow,
>
> No.
>
>> or am I getting you confused
>> with somebody else?
>
> Yes. ;-) The only Civil War re-enactor I'm aware of on these
> groups, as Reg has already mentioned, is Lee, more formally known as
> Leonidas Jones.
>
> Ken Whiton
OK . . . got it. See . . . my memory is certainly not as good as yours
BJ