Slimjet downloads compromised??

General discussion about Slimjet, or other issues related to web browser in general.
Locked
PietRada
Posts: 17
Joined: Fri Jun 03, 2016 9:10 am

Slimjet downloads compromised??

Post by PietRada » Mon Mar 19, 2018 2:35 pm

did a download of the complete install package today (also tested the Slimjet webinstaller) and my Firewall started immediately complaining at the start of the installation of slimjet (typing this with slimjet on my "normal"PC).

C:\users\<myself>\appdata\roaming\recovobj\update.exe (part of slimjet installation directory)
is trying to access a number of porno-sites.

Checking this "update.exe": ii is actally a FireFox-instance (i have no Firefox on two PC's were i did the test).

Killed the Update-process and stopped installation immediately and cleaned installation directory. I'm not a newbie on Slimjet and using this browser on 3 other PC's for years without problems. Please check a.s.a.p the installation package preferably with a firewall that prohibits unknown outgoing traffic!!!

Download size via mirror MajorGeeks: 47,7 MB (32 bit V18.0.1) installs fine
Download size via Home Slimjet: 54,8 MB (version firefox ??)

User avatar
oftentired
Posts: 1224
Joined: Tue May 13, 2014 3:14 am

Re: Slimjet downloads compromised??

Post by oftentired » Mon Mar 19, 2018 6:15 pm

What was the actual Internet Address where you downloaded the bad file?

https://www.slimjet.com/?
https://www.slimjet.com/en/dlpage.php?

if the dlpage, which link specifically did you find a bad file at?

Stable Release (18.0.1.0)
Web installer ( 0.34MB, 2018-02-14)?

or the Big Icon Download Slimjet?
For those of you who wear aluminum foil hats, the voices lie, don't believe them!

Running 32 Bit SJ on Win 7 Pro

PietRada
Posts: 17
Joined: Fri Jun 03, 2016 9:10 am

Re: Slimjet downloads compromised??

Post by PietRada » Tue Mar 20, 2018 7:26 am

checked my browser history: all version 18.0.1.0 downloads were done from

19.3.2018 19:22 off-line installer https://www.slimjet.com/en/dlpage.php
link https://www.slimjet.com/en/postdl.php?v ... 2&type=exe
19.3.2018 ?? webinstaller https://www.slimjet.com/ (big icon)
19.3.2018 22:26 off-line installer http://www.majorgeeks.com/files/details/slimjet.html

Looks like that a Fixefox installer package was packaged into a slimjet installation package; i've even got the corrupted ïnstallation file "sjtsetup_X86.exe". If interested i could send it via "wetransfer" to . . .

Could not find when i did download the webinstaller package

flashpeak
Site Admin
Posts: 361
Joined: Mon Apr 21, 2014 3:57 pm

Re: Slimjet downloads compromised??

Post by flashpeak » Tue Mar 20, 2018 8:58 am

I am pretty sure our download server is not compromised. There might be something else going on on your system.
All our installers are protected by digital signatures. If it's compromised, you wouldn't see a valid digital signature. If digital signature is valid, Windows should show a blue dialog with "FlashPeak Inc" as the publisher. Otherwise, the elevation dialog will have a yellow color.

The 32bit full installer should have 50,061,920 bytes when downloaded.
The 64 bit full installer should have 50583352 bytes when downloaded.
The 32bit web installer should have 353336 bytes when downloaded.
The 64bit web installer should have 353336 bytes when downloaded.

You should always see a blue elevation dialog when you attempt to install any of these.
PietRada wrote:did a download of the complete install package today (also tested the Slimjet webinstaller) and my Firewall started immediately complaining at the start of the installation of slimjet (typing this with slimjet on my "normal"PC).

C:\users\<myself>\appdata\roaming\recovobj\update.exe (part of slimjet installation directory)
is trying to access a number of porno-sites.

Checking this "update.exe": ii is actally a FireFox-instance (i have no Firefox on two PC's were i did the test).

Killed the Update-process and stopped installation immediately and cleaned installation directory. I'm not a newbie on Slimjet and using this browser on 3 other PC's for years without problems. Please check a.s.a.p the installation package preferably with a firewall that prohibits unknown outgoing traffic!!!

Download size via mirror MajorGeeks: 47,7 MB (32 bit V18.0.1) installs fine
Download size via Home Slimjet: 54,8 MB (version firefox ??)
Stephen Cheng
FlashPeak Inc.

PietRada
Posts: 17
Joined: Fri Jun 03, 2016 9:10 am

Re: Slimjet downloads compromised??

Post by PietRada » Thu Mar 22, 2018 10:27 am

flashpeak wrote: If it's compromised, you wouldn't see a valid digital signature. If digital signature is valid, Windows should show a blue dialog with "FlashPeak Inc" as the publisher. Otherwise, the elevation dialog will have a yellow color.

The 32bit full installer should have 50,061,920 bytes when downloaded.
Thanks for your reply,

Just downloaded again:
1. can confirm the 32bit installer size.
2. signed by "Flash Peak Inc" with sha256 algorithm: correct

indeed: the Fake One is signed by "Stockhub Limited" with sha1 algorithm. Will throw away and forget this incidence not knowing how this occurred (i'm pretty well protected, but did not notice the signing (thrust Slimhet.com domain in advance).

Locked