Re: Free Download Second Coming .exe
Ania Cozzolino
I have noticed that something called 'ft.exe' is in my downloads folder with a Created and Modified date of today. The downloads icon in the dock bounced up and down a few times earlier, and though I thought it strange (as I was not downloading anything) I did not give it a second thought. But now I have looked in the folder and seen the FT.EXE file I am a bit suspsicious (especially agter googling the file and seeing it is referred to in the context if Malware.
I have alwasys been undet the impression that MACS were bulettproff and there was not need for virus / Malware checkers. Is this still the right view or have the hackers turned their attention to MACS?
You probably visited a web site that initiated an automatic download of some sort of malware. Good news that's it's an .exe file, which is a Windows program that cannot in any way run in OS X. Just delete it.
I did not mention that the Downloads folder icon bounced around midday on Monday but the 'ft.exe' was timestamped as 10:16 which I don't understand. How can I check if there is any other Malware or Viruses on my iMAC. ? i.e something 'arrived' midday as well as the earlier ft.exe, or did the ft.exe start downloading at 10:16, hence the timestamp ?
Also can I just check that you mean turn of the 'Enable Java' option in Safari->Preferences->Security, and leave 'Enable JavaScript' enabled ? I have made these changes (interestingly I can no longer log on to the Apple Communities from my MAC - I log on and it just return Welcome page. If I log on from my Windows Laptop I can get in. Would this be anything to do with the 'Enable Java' de selection on my MAC.
(interestingly I can no longer log on to the Apple Communities from my MAC - I log on and it just return Welcome page. If I log on from my Windows Laptop I can get in. Would this be anything to do with the 'Enable Java' de selection on my MAC.
What such sites do is attack by using Java to initiate a Java applet on your computer. That in turn downloads the payload they really want to get on your system; which would probably be the cause of two separate downloads.
The older and more common type are Trojans (though there isn't even many of these). The perps try to get you to install malware on your system by making it sound like something you would want, or need. Until you initiate the installation, they can't do a thing.
The newer ones are jumping on the Flashback bandwagon and trying the Java end-around. Since Java is already running (if you have it on), they don't need to talk you into running an app, the browser will just do it.
The last and actually most prevalent is torrent downloads. That "free" copy of Photoshop you installed? There's no telling what else ended up on your system. The crooks pack these torrents with extra packages of stuff you definitely don't want on your system. Keyloggers, backdoors, etc. When you give any installer your admin password to install the software, it doesn't need to ask you again for the pieces you weren't expecting. The simple solution there of course is to never, ever download software from file sharing sites.
Actually, Flashback and other exploits that take advantage of Java vulnerabilities don't need to download anything to the Downloads folder, and they typically don't. So that would not have been my top guess, though of course turning off Java is a very good thing to do regardless.
More likely, this was just something automatically downloaded by some malicious JavaScript embedded in a site. Perhaps it uses a Windows or Internet Explorer vulnerability to get installed, or perhaps it just hopes the user will find it in Downloads and run it. In any case, though, the OP's Mac is perfectly safe, as has been said already.
Thanks for the clarification, Thomas. I wasn't quite sure if such Java exploits download the applet to the computer using it (just as it does images and other web content), or if the applet runs from the remote server the page is on.
Generally, there are two ways this sort of thing works. One is that there is a Java vulnerability that allows the Java applet to write files wherever it likes, and it will put a file in the user's LaunchAgents folder that will keep some other executable (that it writes elsewhere) running. (Flashback's installer, for some variants, would also ask for an admin password and, if provided, write files into apps like Safari. This was not necessary, though, and if the password was not given, it would fall back on the LaunchAgents behavior.)
The other way it works is that the Java applet uses social engineering to trick you into approving its access to your computer. Once that access has been granted by the user, the same trick applies (writing files and adding a LaunchAgent).
Also, if we suppose the problem is due to the code failure, why does the default scripts of python (pip.exe, pip2.exe in the scripts folder of python) are shut down less than a few seconds after I open them?
For example here pay attention to the else: statement. It should probably follow a different statement than the for: block. Unfortunately (? ) else: after a loop block is a valid syntax but it is an advanced and not very often used construct:
The traceback you have shown (please paste it as text - also between triple backticks - next time) comes from a different code. Please always show the code and the traceback which belong together otherwise it is useless.
On Windows (and other systems) do not put your programs into system directories and do not run them as Administrator. This way you have a high chance of wrecking your system. pyinstaller probably uses the current working directory which could make you thinking that you have to use the system directory.
My problem is that when it runs, it starts the installer, then finishes the script because the installer's a different process and follows up by shutting down the install process because the computer's shutting down and shutting down the system (at least, that's what i think it's doing.)
If the exe you call then creates other process, such as calling another exe, and then exits the batch file will continue processing after the called exe has terminated, as it has no knowledge of other processes started by it.
In your case this is a real problem because installers normally extract files from some form of compressed container, which may be embedded in the exe itself, then fire off one of the extracted files and exit. Some installers provide command line parameters which tell the original exe not to exit until the entire installation is complete, so that's something you may want to investigate. Other than that, there's no real way around this with batch files alone and would take a programmatic solution to solve.
I had the problem @John Gardeniers Had or described, where my exe called another exe and terminated, therefor start /wait didn't work. I created a "while loop" to check if its running and then move on once its done. The times can be tweaked to suit your needs.
Similar to @FreeSoftwareServers file, I needed to wait for a program to start that wasn't started by the batch file. Then wait several seconds to start a program that hooks onto the program I'm checking for. If you want the file to timeout after checking a certain amount of times, you could use a counter within the loop to limit the amount of times it loops.
Or if you know how long it takes to execute, you can take a look at the sleep command, provided by the Windows Server 2003 Resource Kit Tools . Sleep.exe can be used to pause your batch for any number of seconds to allow the program to install fully before the batch file proceeds to install anything else. There are some programs which ignore the "start /wait" syntax, due to the program itself launching another process, then the sleep.exe is very useful.
I created a program in python through Anaconda (Spyder, more exactly) and made an .exe out of it with pyinstaller. Simply put, when I run it through the anaconda prompt it works, but when I double click it, it simply waits for a few seconds and then closes, without doing anything.
run(loc) is basically the entire program that needs to run when I press a certain button on the tkinter widget that appears at start. Even if I require an input for the program to close, it still closes automatically and no tkinter widget appears.
When you're running it from cmd it starts the command prompt and then starts the program thru the command prompt,but when running the program itself (by for example: double-clicking it), the window will close when it's done.
If you want to change this you can do that by putting this in you're script (on the last line):
input()
This will make sure the program doesn't get automatically closed as its waiting for input from a user.
It's in german, but a rough translation is: "Enscape got shut down unexpectedly. Please try re-opening the Enscape Standalone Host. "..." Please send us your Feedback including the log files of Enscape. "..." "
Please be aware, that Windows sometimes displays graphics card drivers as being up to date, even when this is not the case. Therefore we advise that you do not upgrade your drivers via the Windows Device Manager.
If you continue to experience this, then please send us the necessary log files as described here, along with the dump files to sup...@enscape3d.com, and add a link to this thread and my name as well for context.
Unfortunately our .exe standalones to not support Intel on-board graphics either, no matter the Rendering Quality set or such. There is also no way I'm afraid to adjust the rendering quality of our Web Standalones, mainly due to technical (WebGL) limitations around which we cannot easily workaround.
This is probably just noise and I'm stating the obvious... but it seems to me that the stand alone files were intended to share out with clients and/or team members who don't have access or understanding of work-station level machines? As such I would expect that the stand alones could be viewed on "whatever" (including Mac, ahem, which the vast majority of clients use while sitting on their couches at home looking at what their architect sent them) and shouldn't be dependent on expanded video cards and up-to-the-moment drivers. So far as the low quality rendering and lack of environment adjustments - take a look at a Hover.to model to see how nice it can be, even on a mobile device. Just some fodder for future consideration.
b1e95dc632