• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Unsigned activeX controls

M

mikeblas

[H]ard|DCer of the Month - May 2006
Joined
Jun 26, 2004
Messages
12,777
I keep getting this alert when I view the forum:

"This website wants to run the following add-on: 'QuickTimeCheck Scriptable Object' from 'Apple Computer, Inc. (unverified publisher)'."

If it really is from Apple, why isn't it signed?
 
Has nothing to do with our forum. If you are getting this on a specific page, please share.
 
It's on this page itself, viewing this thread.
It's on the forum page: http://www.hardforum.com/
It's on what people here call the "front page": http://www.hardocp.com/

InorganicMatter said:
Smells like spyware or a virus to me...
Click to expand...
Smells like jumping to a conclusion to me. Of all the other sites I've browsed, the warning is only offered on the sites I search above. I'll complete a scan just the same, but unless you can offer some substantiation, your post seems like a wild-assed guess.
 
Geez, I was just trying to help. No need to get all high-and-mighty on me.
:rolleyes:
You haven't even scanned yet and your already calling my suggestion a "wild-assed" guess. Chill man.
 
I'm just wondering what your reasoning for suspecting spyware might be. After all, you haven't scanned, either.

I find that QuickTimeCheck is CLSID {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} in the registry, and references C:\WINDOWS\System32\QUICKT~1.OCX as its InProcServer32.

Code: 
C:\WINDOWS\system32>filever quicktimecheck.ocx /v
--a-- W32i   DLL ENU        6.0.0.71 shp     57,856 07-10-2002 quicktimecheck.ocx
        Language        0x0409 (English (United States))
        CharSet         0x04b0 Unicode
        OleSelfRegister Enabled
        CompanyName     Apple Computer, Inc.
        FileDescription QuickTimeCheck Scriptable Object
        InternalName    QuickTimeCheckObject
        OriginalFilenam QuickTimeCheck.ocx
        ProductName     QuickTime
        ProductVersion  QuickTime 6.0
        FileVersion     6.0
        LegalCopyright  ⌐ Apple Computer, Inc. 2000
        LegalTrademarks
        PrivateBuild
        SpecialBuild
        Comments

        VS_FIXEDFILEINFO:
        Signature:      feef04bd
        Struc Ver:      00010000
        FileVer:        00060000:00000047 (6.0:0.71)
        ProdVer:        00060000:00000047 (6.0:0.71)
        FlagMask:       0000003f
        Flags:          00000000
        OS:             00000004 Win32
        FileType:       00000002 Dll
        SubType:        00000000
        FileDate:       00000000:00000000


The date on the file matches the installed date for Quicktime in Add/Remove Programs.

Removing QuickTime 6 makes the problem go away. Installing QuickTime 7 changes the message to

"This website wants to run the following add-on: 'The QuickTime Control allows you to view a wide ...' from 'Apple Computer, Inc. (unverified publisher)'.

The involved OCX file is C:\Program Files\QuickTime\QTPlugin.ocx:

Code: 
C:\WINDOWS\system32\QuickTime>filever /v "C:\Program Files\QuickTime\QTPlugin.ocx"
--a-- W32i   DLL ENU       7.1.0.210 shp    557,056 08-11-2006 qtplugin.ocx
        Language        0x0409 (English (United States))
        CharSet         0x04e4 Windows, Multilingual
        OleSelfRegister Disabled
        CompanyName     Apple Computer, Inc.
        FileDescription The QuickTime Control allows you to view a wide variety of multimedia content in web pages.
        InternalName    QuickTime Control
        OriginalFilenam QTPlugin.ocx
        ProductName     QuickTime Control
        ProductVersion  QuickTime 7.1
        FileVersion     7.1
        LegalCopyright  Copyright Apple Computer, Inc. 1989-2006

        VS_FIXEDFILEINFO:
        Signature:      feef04bd
        Struc Ver:      00010000
        FileVer:        00070001:000000d2 (7.1:0.210)
        ProdVer:        00070001:000000d2 (7.1:0.210)
        FlagMask:       0000003f
        Flags:          00000000
        OS:             00000004 Win32
        FileType:       00000002 Dll
        SubType:        00000000
        FileDate:       00000000:00000000
 
This is a problem you are having with your system. We do not run any quicktime controls on our pages.
 
As Kyle said, it's not on this end....that being said, I will close this thread since it is becoming diagnostic in nature. If you find the cause, PM me and I will reopen the thread for your findings.
 
Ever since yesterday I keep getting this message about a Quicktime Scriptable Object (unverified publisher) wanting to install, but it ONLY appears when I view hardocp's website or forums, I cant get it to appear on any other websites and I havent made any changes recently. Anyone else seeing this? Heres a screenshot showing the message: Link.
 
Since we have had another instance of this, I combined the threads and will leave it open to others who find they are experiencing the same occurrance
 
That's good; locking the thread doesn't help fix the problem. I'm surprised that denial and locking were the initial reactions, in fact.

The issue is that IE 7 will notify you when an OLE control is requested to be run by a page. If you allow the control, it just goes and there's no message. IE 6 didn't do this (though, it might if you use some super-conservative security setting -- I don't have quicktime installed on any machines that are locked down because, well, because they're locked down).

Appoving the QT ad in control makes the pop-up go away. Of course, it also causes each page load to activate an OCX whih appears to have a workingset of about a megabyte.

Apple is sloppy: they didn't sign the control. That means you're obliged to sign the control to work around the problem even though it has an unverified publisher. The control might claim to come from Apple, but might really be from a black hat source. No way to tell for sure, since Apple didn't bother signing the executable image.

The issue seem to come from the Google ads. Other forums which use Google ads (like AOA forums, for intance, or AnandTech) reproduce the problem.
 
I'm starting to get this myself. Every page I visit, it pops up. Spybot is blocking all the changes it's trying to make

I disabled it under the "Manage Add-ons" feature in IE. Not bothering me anymore but I can tell that it's still there with the icon thats appearing in the tool bar.
 
I'll just throw out that I visited the site from home, a friend's house, and work using both Internet Explorer 6 and Firefox and I have never seen these notifications. All systems running XP Pro.
 
ComputerBox34 said:
I disabled it under the "Manage Add-ons" feature in IE.
Click to expand...
Oh, that's good. The control didn't appear in the add on manager when I had 6.0 (or 6.5?) installed. Now that I upgraded to 7.0, I can see it and have disabled it.

InorganicMatter said:
All systems running XP Pro.
Click to expand...
Do any of those systems have QuickTime installed?
 
Dunno what to tell you, we do not use the Quicktime plugin on our pages unless someone has embedded a link with such. Given the nature of Beta browsers referenced as being used here and the fact that we are about to fully upgrade our forum software, this will not be looked into on our end.
 
You must log in or register to reply here.
Back
Top