Qeditor

[shankle]

This is primarily to Hutch.
Having trouble with a pop-up so I ran Malwarebytes and it flagged a program
that I did not expect.
QEDITOR - I suppose it is a false positive - I hope.
Trojan.dropper.pgen was it's name.

[Twister]

Re-download the Masm32 Package from http://masm32.com/masmdl.htm, then try install it again. If your anti-virus system stills nags you about it, it's just a false positive. I am just telling you this because you might of downloaded the wrong installation file.

[dedndave]

well - i find this odd
i use Malwarebyte's Anti-Malware all the time - it is a good program, written by a good programmer
it has never flagged any of the masm32 EXE's

1) your QE.exe may well be infected
2) there are more up-to-date versions of QE than the one that comes with the version 10 package

4.0f is the latest, i believe
Hutch has made that thread a sticky in the masm32 subforum
http://www.masm32.com/board/index.php?topic=14402.0

[shankle]

Thanks guys for responding.
I tried Daves suggestion first as it seemed to be the easiest approach.
I am having serious doubts about MalWareBytes.
I downloaded qe40f and this is what malwarebytes displayed.
     old qeditor  - trojan.dropper.pgen
    new qeditor - trojan downloader

Horton's suggestion will be a hassle but who knows what things might have gotten
corrupted in Masm32. Will hold off on doing it for a bit. Do more thinking.
I know that is dangerous. :bg

[hutch--]

Jack,

The two results show that it is the heuristic scanning that is causing the problem, QE reads its own INI file from disk which triggers some AV scanners. Ignore it but get the later version of QE, it works a bit better than the older one.

[shankle]

Thanks fellows for responding.
Running the latest version of Qeditor.
Made a new partition for data with masm32 in it.
Will slowly phase out the old masm32 partition.
Not quite sure what to do about MalWareBytes.
Using the free version so I can't complain to much.
Reason for using MalWareBytes at all was the annoying popup
FreebiesJeebies. It might be comingin  through In K-Meleon.
If I X out Java and Javascript that might stop it but then
my home page stops working correctly.
K-Meleon swears it's not there problem......

[dedndave]

be sure you have updated the Malwarebyte's database
also, they have a forum
you can openly discuss problems with the guys the write the code   :U

http://forums.malwarebytes.org/

[hutch--]

Jack,

The trick if you are using XP or later is to set up a user profile for development that is free of most of the irritations of AV scanners and consumer based protection. You can be sure of this much, the MASM32 distribution is garranteed squeeky clean and developed in a fully isolated environment that is immune to security issues. It is multiply backed up across different computers that in some cases do not get turned on unless there is something to back up. I have never yet had to use any of the backups as I keep the development box in good condition and squeeky clean.

I use MalwarBytes but I only use it to scan the boot partition as I do not keep any development software on the boot partition at all. This means I can back up my entire development partition onto another drive on another machine without it being dependent on any partitular operating system settings. This is among the reasons why the MASM32 SDK is fully portable which meands it does not require installation into the OS to work.

[shankle]

I did not mean to imply that Masm32 has viruses in it Hutch.
But something is letting this Freebies Jeebies in. Got another today.
I suspect the Java junk. I have Java Xed out in K-meleon.
But if I X out Javascript my Home page doesn't work correctly. :boohoo:

[shankle]

In my continued efforts to get rid of the annoying HeebieJeebies pop-up, a gentleman
on K-meleon said that solving the problem involves the Windows Host file.
There is a Program called HostMan that mightl handle this for me. So when I get the popup
again I need to do the following: Choose Page Properties>cache information, then copy
the UR Lfrom the very top. Paste this into your hosts file and reboot KM. I think
HostMan will do the pasting for me.

Thought I would run it by the experts before continuing. 

[dedndave]

you don't need a special program to edit the hosts file
you can use NotePad to WordPad

it is located in the "WINDOWS\system32\drivers\etc" folder
it has no ".txt" extension, but it is just a text file

if you want to block a certain URL, add a line like this...

Code Select Expand

127.0.0.1  www.accuserveadsystem.com

[shankle]

This FreebieJeebies is just not going away.
I have posted in the Hosts file. But they change the name by one letter or capitalize
one letter.
Anyway today my ESET SS two way firewall popped up this security warning:
      Application:                windows media player network sharing service
      Publisher:                  unknown
      Remote Computer:     FreeStaffWorld.com (127.0.0.1)
      Remote Port:            tcp 2869 (icslap)
Thanks for any insight.
I find it hard to believe nobody else is having this problem.

[dedndave]

i would run malwarebytes on it, Jack...

http://www.malwarebytes.org/

[shankle]

Hi Dave,
Thanks for answering.
Malwarebytes didn't find anything.
Just about ready to start from scratch with all the assortment of pains that go with it.
I put advertisers in the same category as lawyers, politicians, used car salesmen etc, etc.

i would run malwarebytes on it, Jack...

http://www.malwarebytes.org/

[dedndave]

Jack,
do you have any software installed from FreebiesJeebies or FreeStaffWorld ?
a quick check of the Program Files folder should tell you
if you don't see anything there, you can look in the Control Panel, Add-Remove list

it sounds to me as though the pop-ups may be coming from what is recognized as "a valid application"
it could be that you have software that provides coupons or something similar - these always come with pop-ups