Silk Road forums
Discussion => Newbie discussion => Topic started by: Scandinavia on February 23, 2013, 12:10 pm
-
Hello everyone!
When updating TOR, my F-Secure program said when installing the latest TOR that it had detected Variant.Kazy.31094 (a virus) in it!!!!!
Is this just a fake alert?
Please answer quickly.
Regards,
Scandinavia
-
very strange you say that.
i had issues once updated, the firefox browser would not load.
-
I really hope someone with extensive knowledge of TOR replies. Thanks for your own reply, though!
Regards!
-
I really hope someone with extensive knowledge of TOR replies. Thanks for your own reply, though!
Regards!
ok, so with that new update, you CANNOT overwrite your last version. you must install it into its own new dir.
check the tor blog, they explain it. read that last paragraph
-----------------
New Tor Browser Bundles with Firefox 17.0.3esr
Posted February 22nd, 2013 by erinn
in
firefox
tbb
tor
tor browser
tor browser bundle
torbutton
We've updated all of the bundles with Firefox 17.0.3esr. This includes significant changes to Torbutton and its interaction with Firefox, in addition to many new patches being added to Firefox, which are outlined below.
Very important: if you've been using the Tor Browser Bundles with Firefox 10.0.x, you must not attempt to overwrite it with the new bundle. Open these into their own directory and do not copy any profile material from older TBB versions.
--------------
-
So I'm going to venture a guess and say it's a false positive. Notice how it says "Variant" there? Presumably that means it's using some heuristic estimation thingie and thinks it's close enough to the 31094 Kazy signature. Or something.
That's just a guess, I have no experience with F-Secure.
-
Thank you guys for the quick replies to my question!
Well, it does NOT seem to have anything to do with overwriting the existing location of the preceding TOR-folder/directory.
I tried to install the new TOR onto my desktop, completely clean of any previous TOR-files, and it STILL detected viral activity.
Details:
File infected: tbb-firefox.exe
Place: C:\XXX\XXX\Desktop\Tor Browser\FirefoxPortable\App\Firefox
Type: VIRUS
Name: Gen:Variant.Kazy.31094
Damn it, I'm not even that good at computers.
Should I just IGNORE the warning given to me by F-Secure?
Looking forward to more answers to this topic.
Regards,
A confused Scandinavian Silk Roader
: - /
-
The only time I get asked to update is when I access the towbrowser through my c drive. I found that installing liberte on a flash drive then booting too that flash works a lot nicer. straight up linux it is all set up for stealth.
I then encrypted my bitcoin software mentioned in brownies post on how to get the coins..kind of off point. but the point is. I was trying to wrap my brain around using the torbrowser safely. now all I have to do is take my flashdrive with me wherever I go. It's encrytped. No one can access that flash drive on boot up but me. When I wanna do my normal thing on my main hdd. I just simply log off and reboot as normal. that's where I have my windows. I wanted to avoid using my main drive at all costs. Torbrowser seems cool and safe and all. But, yeah. liberte+flashdrive=saftey for me.
-
So, the fact that there's basically no mention of this anywhere online that I can find (well, not easily anyway) concerns me. I suggest you do NOT ignore the warning, and instead delete that download and d/l it again fresh -- but don't do it through Tor. Just do it from your usual web browser.
Yes, the Tor project d/l server will have your IP, along with a ton of other people. Should be fine, and in this instance, it almost seems like a malicious exit node altered the download and inserted a virus. Yes, that's possible. No, I've never heard of it happening before.
You could also verify the signature, but that's... not as easy. Yeah, nevermind. Just d/l it again.
-
I am impressed with the quickness and thouroughness of the replies I get when posting this thread. Thank you a lot, guys!
Well, I did NOT download the updated version of TOR via the TOR-browser; this was done with Google Chrome!
URL for the file: https://www.torproject.org/dist/torbrowser/tor-browser-2.3.25-4_en-US.exe
Any help regarding this issue would be very much appreciated. Please observe that the virus detected was in the executable file downloaded via the URL https://www.torproject.org/dist/torbrowser/tor-browser-2.3.25-4_en-US.exe.
/Scandinavia
-
I've sent an electronic mail to help@rt.torproject.org asking if they could explain the mystery here.
I urge you all Silk Roaders to be cautious until the case has been resolved.
Enjoy your weekend.
/Scandinavia
-
Kazy is a bad, bad boy. It is a very common false positive.
In fact, The Tor Browser itself has had previous run-ins. (clearnets -- https://trac.torproject.org/projects/tor/ticket/5689 , https://blog.torproject.org/blog/new-tor-browser-bundles-16)
As always, don't use it if you're not comfortable with it yourself. But as someone mentioned previously, it's a heuristic detection.
Stay safe.
-
As I stated. I do not even get an update using linux off my usb. I only see the update if I access the torbrowser. YOu know how you get that message when you first open the borwser?
The method I use. I do not get that, even when I check through tor check on the link provide to make sure I am protected. I do not have to on my home page. There is no mention of an update. That being said, that's a virus. app at all. when I open the internet, I am automatically torified. I do not need to download anything. Certianly not an update. I suggest you view
Mar 14: All new, much simpler guide that now includes a lot more than just a how-to on setting up a liveUSB. Updated with the new Liberte snapshot.
Please continue to leave your valuable feedback and discuss this setup so that we can help further protect the community's security from the bilderbergs
and their local law enforcement agency puppets.
@-}-,-`- -
Directory
Part 1: Creating your liveUSB
1. Format the USB
2. Install Liberte to USB
3. Boot from USB
4. Using Liberte
Part 2: Bitcoins, GPG, Mail
1. Getting Bitcoins
2. Moving Bitcoins
3. Buying on SR
4. Using GPG
5. Receiving Packages
Part 3: Мiscellaneous Tips & Tricks
1. Coming soon
@-}-,-`- -
=========================================================================================
You'll need a USB flashdrive that has at least a 500MB capacity. I bought a 4GB USB flashdrive at a Best Buy for $7.
Download Liberte Linux from here: http://sourceforge.net/projects/liberte/files/snapshots/liberte-snapshot-20120229.zip/download
Part 1: Creating your liveUSB
1. Format the USB
Find the icon for your USB in Windows Explorer. Right-click on it and select the "Format" option. Make sure the "File System" option is set to "FAT32".
Hit "Start" and wait a few seconds for it to finish (time depends on capacity of flashdrive).
2. Install Liberte to USB
Extract the ".zip" you just downloaded to the root of your USB flashdrive. Open the "liberte" folder, right-click over "setup.bat" and select "Run as
administrator". The batch file will do its thing and will prompt you with a "Press any key to continue..." message once it's done.
3. Boot from USB
Now shut down your computer. To be able to boot from a USB flashdrive, you will have to change some settings in the BIOS. To access the BIOS, power-on
your computer and press whichever key is specified on your screen (usually something like "Press F12 to access Boot menu..."). Using the arrow keys,
scroll over to the "Boot" tab. Scroll down to the option "USB HDD: YOUR USB's NAME HERE" and move it to the top of the list. Save changes and exit.
4. Using Liberte
The first time you boot Liberte will be really slow because it has to create an encrypted key for you. The loading bar will stop at about 3/4ths of the way,
pause for around 10 minutes, then you'll be prompted to enter a password for your system, at which point a hash will be generated for the password
which could also take around 10 minutes. Just sit tight, you'll be able to use your new configuration very soon.
Once you get in, establish an internet connection by clicking on the first icon to the left of the time (lower-left corner). To access the onion network click
on the computer monitor icon (lower-right corner), hover over to "Internet" and select "Midori". In this same menu you have the ability to switch your Tor
identity, as well as a non-Torified browser for connecting to Wi-Fi hotspots.
Whenever you're done using Liberte, close out of all your applications and shut down by going back over to the computer icon and hitting "Logout".
@-}-,-`- -
Part 2: Bitcoins, GPG, Mail
1. Getting Bitcoins
People all have their own methods on how to get bitcoins, but here's how I do it which works great and is completely anonymous. Also this is only for the
United States as far as I know.
First create a Mt Gox account. Mt Gox is a great bitcoin exchange but they now unfortunately flag anyone accessing their site through Tor. So I went to
my local library and made my Mt Gox there. Use a disposable e-mail to sign up for Mt Gox and make sure to only access it at a computer not associated
with you (such as the library). Write down your Mt Gox account number, as you'll need it in the next step.
Now go to "bitinstant.com". This is a middle-man service that lets you deposit cash at a local bank and get bitcoins in your Mt Gox account within
MINUTES. Select "Cash Bank Deposit" as the payment method, "Mt. Gox" as the destination, type in your account number as the destination account,
and lastly put an e-mail that IS NOT the e-mail you used to create your Mt Gox account (I would suggest getting a Tormail). The bottom of the page will
give you a quote with the amount you will receive after their fees have been subtracted.
Hit "Send Funds". Then press the big green "Click to Pay Now" button. You'll be redirected to the TrustCash website. Go through the steps and make sure
to print a copy of your invoice at the last page. You have 3 days to deposit the cash before the invoice will expire. Take the invoice to the bank you
chose in the steps, tell the teller you'd like to deposit the money into the account detailed on the invoice, and hand him/her the exact amount specified.
If he/she starts asking questions, just say you're trying to get started in the forex trading market.
2. Moving Bitcoins
By the time you get home (or back to the library), you'll get an e-mail with a Mt Gox redeemable code for your bitcoins. Again make sure you access Mt
Gox from a computer not in any way connected to you. At this point you should send the funds through a couple of instawallets. ABSOLUTELY MAKE
SURE YOU BOOKMARK THE INSTAWALLET ADDRESSES!!! EVEN WRITE THEM DOWN!!! You can also put the coins through a tumbling service like BitcoinFog, but I don't find it necessary. The fact that the coins can't be linked to you in the first place is what really matters. Whenever you're happy with the degree
to which your coins have been obscured, transfer your funds into your Silk Road wallet.
3. Buying on Silk Road
No vendor will allow you to stay in escrow until you have at least 5 purchases. To solve this just go over to the digital goods section and buy 5 books.
Once you have a history, find a product you're interested in (mmm, Mushrooms ;P) and add it to your cart. SR is a lot like Amazon so the procedure
shouldn't be too much of a mystery for anyone. Select a shipping option (it almost always costs extra, so keep that in mind with the price of the product),
enter in your information (encrypted of course! see the next section on how to use PGP) and hit buy.
If you have over 5 purchases, do not EVER finalize early, even for trusted vendors. If a vendor tells you that you have to finalize in order to have your order
sent, demand them to cancel your order. The escrow system is the ONLY way for SR to protect your money and SR is not responsible if you finalize
early and get scammed.
4. Using GPG
GPG stands for Gnu Privacy Guard. It is a free replacement for PGP, which was recently bought by Symantec and now costs money. Liberte comes with
GPG pre-configured. To use it, hit the computer icon, and under "System Tools" select "gpa".
The first time you open up "gpa" you'll have to create a keypair. Enter in your SR name, your tormail as the contact, and a strong password. Create a
backup copy of your private key and save it to "persist>security>pgp" for now (I highly recommend saving it on Tormail and deleting it off of your USB).
To encrypt a message with pgp, first find the public key of the person you want to send the message to. Save that key as a file and import that to gpa
with the "Import" button. Now press the "Clipboard" button, type your message, and hit "Encrypt". Choose the key of the person you're sending the
message to and your message will become encrypted. Unless you want to get an encrypted message back, you don't have to include your public key.
5. Receiving Packages
Always use the real name of a person registered at the house you are sending to. The Post Office checks to make sure the two match up, they'll realize somethings up when they get a package to "John Smith" at a random street. Don't spell your name slightly wrong either as again that can raise a flag at the post office. I recommend getting a friend to pick up packages for you (always ask him/her first!).
Once you get the package, write "RETURN TO SENDER" in big red letters with a marker across the package. Wait 1 day, and if the police don't come banging down your door then you should be fine. Never use your product at the house you received it at. I also recommend only buying personal amounts as local law enforcement doesn't have the time or resources to bust someone getting an 1/8th of weed in the mail. If they do catch it, they'll probably just send you a love letter. Freakonomics (a popular book) showed that most street level drug dealers make less than minimum wage, so buying ounces of stuff off of SR is really not that worth it.
If the police does come knocking, DENY that the package is yours. Remember that anyone can send you drugs in the mail. Don't consent to any searches, don't say much at all, call your lawyer and let his expensive lips do the talking.
To Be Continued.....................
-
Excuse me for posting so much; but this was a very important issue for me, at least.
I reverted back to TOR-version 2.3.25-2, english version. And it works completely fine; without any virus warnings. NOR does it want me to upgrade this version to the so called "latest" TOR-version.
Until I receive other information persuading me to switch, I will stick to the above stated TOR-version.
/Scandinavia
-
Case closed regarding the virus detection issue/panic caused when updating TOR. As previous commentators so correctly predicted, it was simply a false alert due to heuristic scanning employment.
I will now post the latest scan results F-secure provided regarding the newest TOR-update:
Scanning type: Scan the target
Target: C: \ *** \ *** \ Desktop \ tor-browser-3.2.25-4_en-US.exe
Results
No malware found