• Register
  • Help
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Topic: Semi OT - But important - Virus warning

Share/Bookmark
  1. #1

    Semi OT - But important - Virus warning

    I got a nasty surprise this morning when every machine on my LAN started reporting that every installed application was infected. I traced the problem to the machine that I use as my DAW and video editing work. It is connected to the Internet, only because NI pretty much requires it for authorization.

    The virus (identified as "unknown") was apparently located in a folder named c:\Documents and Settings\user1\Local Settings\temp\Patcher\Patcher 2580\Staging Area\. The user name may be different on your machine. Windows XP Pro normally hides this folder, so you have to make it visible in Windows Explorer. (It may be different on VISTA or other versions of Windows.) I had to find and delete it myself because my antivirus application (NOD32) -- which was the highest rated (and most expensive) available at the time of purchase -- choked when it go to this entry. Froze up and wouldn't let me shut down the machine (except by literally pulling the plug.)

    It removed the infected files (executables and dlls for Kontakt2, NI Akoustic Piano, Kontakt Player 2, and several others). I have had to reinstall everything from scratch because NI's installation programs won't replace the single infected executible in each that was removed. I am now having to deal with NI's maddening and infuritating re-authorization process (but for which this machine would not have been on the Internet and gotten infected in the first place). The NI Service Center, as always, tells me there is an update available, but hangs 99% of the way through the process and never finishes downloading or installing the update. If I elect not to update, it goes ahead and tries to install it anyway, while I sit there and watch the progress bar for 20 minutes. After it has made one attempt, I can usually abort subsequent ones. Once I get in there to authorize the NI software, I get messages telling me that it is all ready authorized. But, of course, ithe NI applications say the opposite and won't let me start them. Round and round we go until something kicks in and it lets me in -- at least that's the way it has been in the past -- not there yet, this time.

    So basically nothing is working and I am spending my day trying to convince NI's authorization software that I am a legall licenced to use it and pleading with them to let me use the software that I have all ready purchased and have been using for several years. All they have to do is look at their billing records -- or the first time I authorized this stuff -- and then unlock it, permanently, so I can use what I paid for.

    I know I have said this before, but I think here is a case where a boycott would work. NI should not only come up with a more reasonable authorization scheme, but a patch that no longer allows my existing purchases to be crippled by their lack of expertise in designing an authorization scheme. And, regardless of whatever other users do, this absolutely the end for me with NI. Never, never, never again will I purchase anything made by this company. And for developers who develop libaries that depend on Kontakt to run, I would strongly urge you to start developing for ARIA or another platform that does not treat end users like this. It just generates so much bad will and it so discouraging that I at this point I don't care WHAT their sampler sounds like or WHAT it can do. Nothing is worth going through this madness every time Windows has problem -- and it certainly wasn't worth infecting all my other computers with a virus and cripling my ability to conduct business for the better part of a day. This latest fiasco has cost me more in lost revenue than everything I've spent on NI products to date.

    ---- MORE ---

    When I try to start any NI application, I get an error message saying that I have to use the registration tool in the application folder. When I use it, it goes to a web page, saything that I have to use the update center.

    When I use the update center, I still see the behavior mentioned above (it tells me that I am all ready registered) and no button, link or command on the update center will allow me to change it.

    So I am completely and utterly disabled here -- not able to use any NI application, nor any of my Kontakt instruments. Garritian, Kirk Hunter, Westgate, Dan Dean, et. al -- are you listening? The sample libraries that I puchased from you are going unused because of this same authorization problem that I first reported to NI years ago.

  2. #2
    Moderator
    Join Date
    Oct 2000
    Location
    Orcas Island
    Posts
    11,454

    Re: Semi OT - But important - Virus warning

    Quote Originally Posted by ejr View Post
    I got a nasty surprise this morning when every machine on my LAN started reporting that every installed application was infected. I traced the problem to the machine that I use as my DAW and video editing work. It is connected to the Internet, only because NI pretty much requires it for authorization....
    So I am completely and utterly disabled here -- not able to use any NI application, nor any of my Kontakt instruments. Garritian, Kirk Hunter, Westgate, Dan Dean, et. al -- are you listening? The sample libraries that I puchased from you are going unused because of this same authorization problem that I first reported to NI years ago.
    ejr,

    You need to talk to a tech person and get this sorted. The first place to start is Native Instruments. They handle registration for the Kontakt Players exclusively. Call them at 323-467-2693 and describe the problem and they should be able to help. If that doesn't work, give us a call.

    Best,

    Gary Garritan

  3. #3

    Re: Semi OT - But important - Virus warning

    Yes, I know, but I am frustrated with their lack of responsiveness. I have been complaining about their registration process for years and it never gets fixed.

    Here's what happened when I contacted them today:

    I got an auto generated email, quoting my complaint -- but truncating it so that most of the pertinent feedback I had given them about the nature of the problem was missing -- in German.

    At this point, I felt like saying to NI, Danke for nothing.

  4. #4
    Moderator
    Join Date
    Oct 2000
    Location
    Orcas Island
    Posts
    11,454

    Re: Semi OT - But important - Virus warning

    Quote Originally Posted by ejr View Post
    Yes, I know, but I am frustrated with their lack of responsiveness. I have been complaining about their registration process for years and it never gets fixed.

    Here's what happened when I contacted them today:

    I got an auto generated email, quoting my complaint -- but truncating it so that most of the pertinent feedback I had given them about the nature of the problem was missing -- in German.

    At this point, I felt like saying to NI, Danke for nothing.
    ejr,

    Did you call them and talk to a real live warn person? Try that.

    Best,

    Gary

  5. #5

    Re: Semi OT - But important - Virus warning

    There is a new (nicer) version of Service Center out, if you haven't discovered it yet. It's version 2.0, and doesn't use flash. Perhaps if you update it might help? It's available for download off of the NI site, and you need to uninstall version 1 first.

  6. #6
    Senior Member Nigel W's Avatar
    Join Date
    Jan 2003
    Location
    Cologne, Germany
    Posts
    676

    Re: Semi OT - But important - Virus warning

    I have found NI really helpful and co-operative on the 'phone, especially if you make it clear you're a working musician. They don't advertise 'phone support because they would need about 50 times more staff if everybody called up (compared to dealing with email requests) but it is there and I've never been disappointed.

    Nigel

  7. #7

    Re: Semi OT - But important - Virus warning

    Thanks for the input. I did eventually find the new activation application. But it's very odd how when the other apps fail they don't tell you that the newer version can be downloaded from a plain old HTML web page.

    This is the kind of sloppy programming that just sets my teeth on edge. Some programmer had to write that error message. It would have taken two seconds longer to point the user to the place where he could find a fix. Bad enough that the other versions don't work, but when you take the trouble to catch the error and then give no useful information about how to remedy it, you have to wonder about the competence and/or attitude of the company you are dealing with.

    As for phone tech support. Maybe it's different now. The last time I spoke with one of their reps was several years ago and it was not productive. There is only so much that can be accomplished when the person you are speaking with refuses to accept that there could be a problem. Since then, I felt it better to communicate with NI in writing, so there is no doubt about who said what and when.

    As for the new Service Center -- it seemed to function like every other NI product I own: one step backward for every step forward. I got it to install, but it installed two copies of itself at the same time. No idea why. I've never seen anything like this as an end user or a developer. I managed to re-activate Kontakt2 and Akoustic Piano. I managed to download and install the update for Akoustic Piano -- but it still keeps telling that I haven't done it. And it tells me that the Kontakt2 Player is installed, when I know for a fact that the exe file was infected and deleted. All this just reminded me of a recent discussion in another thread about authorization/copy protection schemes. My point then, as now, is if your installation and activation methods are verifiably losing customers for your business, doesn't that cancel out whatever you imagine you are losing due to piracy?

    It would do well for some of these companies who are so concerned about lost income to put themselves in my position for a moment. As an actor, I earn residuals from the broadcasts and DVD sales of films that I have been in. Every person who records a show represents lost income for me. Netflix may by a couple of hundred copies of the DVD, but rent them hundreds of thousands of times. I make nothing on that. Only on the sale of the rights to the company that burns the DVD (and believe me it's a lot less than you think -- unless you are a major star). And don't get me started on new media. I recently provided the voice over and motion capture for one of the characters in the video game Grand Theft Auto IV. I was paid only for the voice over and motion capture sessions. I don't get a dime from sales. No residuals at all. So I am not unsympathetic to the piracy issue -- but just think about how you would feel if you had to identify yourself every time you watched a DVD or had to ask permission from the studio whenever you decided to view it on a different TV. Would you put up with that?

    So, forgive me if my heart doesn't bleed for NI. I know enough about developing applications to understand that someone who can program a decent VI or sampler is certainly capable of protecting his rights without alientating the people they are depending on for their revenue and good word of mouth.

  8. #8
    Senior Member
    Join Date
    Jun 2006
    Location
    South of the Ohio River
    Posts
    555

    Re: Semi OT - But important - Virus warning

    You really need to call them in person and speak with them. Companies do change and NI seems to be doing a lot better in that respect. But they need to hear your voice.

    JMO
    Jerry
    Dayton, Kentucky
    Personally, I'm waiting for caller IQ.

  9. #9

    Re: Semi OT - But important - Virus warning

    Less whiny whiny, more phoney phoney.
    All your strings belong to me!
    www.strings-on-demand.com

  10. #10

    Re: Semi OT - But important - Virus warning

    A little more info here, regarding the virus. Hopefully, it will be of use to someone.

    The /Patcher temporary folders were legitmate ones, created by the updates for Adobe applications. The problem with tracking down this particular bit of malware is that it infested perfectly legitimate applications, dynamic link libraries, temporary files, even your Windows recovery data. What makes it even harder to identify is that it is apparently a varient of a win32:trojan-gen that has not been named yet, so to casual users, it looks like a false positive in your anti-virus application. Not so. After a lot of work, I managed to find at least one known bit of malware that was spawning it all over every system it was on, and every computer connected to it. The file was named YNTUMS_A.exe. But this does not necessarily mean this is the only host that is carrying it.


    From what I have been able to learn of it, it is a keylogger (this means that it captures everything you type and sends it on to the person who created or distributed it). So, if you have entered personal info, credit card numbers, etc. on a web site, it could be relayed to these people. Likewise for uncopyrighted work, etc. (Now that's a scary thought). But it also did things like corrupted NI installation files, so I had to reinstall from the DVD-ROMs and disabled the exe files for applications like Akoustic Piano.


    What burns me (other than the fact that my DAW has to be connected to the Internet at all) is that I was using a very highly-rated, heavy duty anti-virus application (NOD32) which is supposed to be known for its thoroughness, speed, and its ability to not interfere with audio and video production. Countless updates and in depth scans failed to prevent this infestation, to identify all the infected Windows components, or to find and remove the host file where the darn thing lived. The way I finally found it and cleaned things up was by replacing NOD32 with Avast! (an often maligned AV app that has been recently getting exceptionally high ratings on a lot of techie websites). I did an optional scan that starts before Windows loads -- and that turned up all the bad stuff that NOD32 missed. So, FWIW, I think I'll be using that app from now on. And I continue to urge developers to impliment saner registration schemes that don't involve opening your DAW to unecessary risks.

Go Back to forum

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •