source nsis setup have virus - exe

I Have nsis source setup ajax file and clean the internet explorer becose sameone use file dll to block me
the file when i go to virustotal i get to virus i don't know where the problem can anyone help me
this is the source
; saudivoice NSIS Installer Script File
; khaild Winston <babh532#gmail.com>
;--------------------------------
;Include some predefined NSIS libraries
!include "WinMessages.nsh"
; --------------------
XPStyle on
; LANG: 1033
LangString LSTR_43 1033 "Show &details"
LangString LSTR_44 1033 Completed
; --------------------
;General
;Name and file
Name "SaudiVoice"
;Default installation folder
InstallDir "$PROGRAMFILES\SaudiVoice"
; --------------------
; PAGES: 3
; Page 0
Page license /ENABLECANCEL
LicenseText "Welcome to the Saudivoice Voice Setup." Next
LicenseData [LICENSE].txt
; Page 1
Page instfiles
CompletedText $(LSTR_44) ; Completed
DetailsButtonText $(LSTR_43) ; "Show &details"
/*
; Page 2
Page COMPLETED
*/
; --------------------
; --------------------
; SECTIONS: 1
;Installer Sections
Section "Install saudivoice"
SetOutPath "$INSTDIR"
; Copy all of the required files (note the /r switch to recursively copy directories)
File chat5.ocx
File chat5.dll
File chat5.inf
File setup.bat
File IMSVoiceStarter.exe
File npIMSChatStarter.dll
File Readme.htm
; Register the COM server
ClearErrors
RegDLL $INSTDIR\chat5.ocx
RegDLL $INSTDIR\npIMSChatStarter.dll
Exec $INSTDIR\setup.bat
Exec "$PROGRAMFILES\KSAChatControl2017\Firewall\Uninstall.exe /S"
DetailPrint "unInstalling the Block..."
Exec "$PROGRAMFILES\KSAChatControl2017\Firewall14\Uninstall.exe /S"
DetailPrint "unInstalling the Block..."
Exec "$PROGRAMFILES\KSAChatControl2017\2.11.0.0\Uninstall.exe /S"
DetailPrint "unInstalling the Block..."
CreateDirectory $SMPROGRAMS\SaudiVoice
CreateShortCut "$SMPROGRAMS\SaudiVoice\Read Me.lnk" $INSTDIR\Readme.htm
CreateShortCut "$SMPROGRAMS\SaudiVoice\Uninstall SaudiVoice.lnk" $INSTDIR\Uninstall.exe
WriteRegStr HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice DisplayName "SaudiVoice 1.0.0.1"
WriteRegStr HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice DisplayVersion 1.0.0.1
WriteRegStr HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice UninstallString $\"$INSTDIR\Uninstall.exe$\"
WriteRegDWORD HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice NoModify 1
DeleteRegKey HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice
WriteRegDWORD HKLM Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice NoRepair 1
DeleteRegKey HKLM "SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{EB938183-780F-48FD-89ED-50686F7F7259}"
DeleteRegKey HKLM "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ModuleUsage"
DeleteRegKey HKLM "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDlls"
DeleteRegKey HKLM "SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EB938183-780F-48FD-89ED-50686F7F7259}"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls"
DeleteRegKey HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
DeleteRegKey HKCU "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
DeleteRegKey HKEY_CURRENT_USER "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
DeleteRegKey HKEY_USERS ".DEFAULT\Software\Microsoft\Windows Firewall"
WriteUninstaller $INSTDIR\Uninstall.exe ; $INSTDIR\$INSTDIR\Uninst.exe
SectionEnd
; --------------------
;Uninstaller Section
Section "Uninstall"
Delete "$INSTDIR\Uninstall.exe"
; Unregister the COM server
UnRegDLL "$INSTDIR\chat5.ocx"
Delete "$INSTDIR\chat5.ocx"
Delete "$INSTDIR\chat5.dll"
Delete "$INSTDIR\chat5.inf"
Delete "$INSTDIR\IMSVoiceStarter.exe"
Delete "$INSTDIR\npIMSChatStarter.dll"
Delete "$INSTDIR\Readme.htm"
; Delete all installed files
RMDir "$INSTDIR"
; And registry entries
DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\SaudiVoice"
Delete "$SMPROGRAMS\SaudiVoice\Read Me.lnk"
Delete "$SMPROGRAMS\SaudiVoice\Uninstall SaudiVoice.lnk"
RMDir $SMPROGRAMS\SaudiVoice
SectionEnd
and this is the file
http://saudidos.com/fix.exe
Please help me for that

The VirusTotal results have a detection ratio of 2 / 55 and the two are Bkav and Invincea and I would go out on a limb and say that these are not well known companies and this is probably a false positive. You could try reporting the false positives...

This isn't the first time this happened to nsis or some related plugins. Just inform those companies or virustotal (chapter "Information we share") will also do that for you (which only may take a while longer)...

Related

NSIS Welcome Image stretching

I have a bitmap 164x314 with my logo which is showing just fine.
When I use header to resize my installer
!include "nsResize.nsh"
and add width and height to it
!define AddWidth 100u
!define AddHeight 75u
I also change dimensions of my bitmap to 164x436 and my logo is looking ugly and stretchy.
Even if I use
!define AddHeight 122
or
!define MUI_WELCOMEFINISHPAGE_BITMAP_NOSTRETCH
it don't do much.
What am I missing?
Left — original, right — NSIS
Solved my problem with using 0px intro file
File "/oname=$PluginsDir\modern-wizard.bmp" "${}\Intro\intro0.bmp"
${NSD_SetImage} "$mui.WelcomePage.Image" "$PLUGINSDIR\modern-wizard.bmp" "$mui.WelcomePage.Image.Bitmap"
${NSD_SetImage} "$mui.FinishPage.Image" "$PLUGINSDIR\modern-wizard.bmp" "$mui.FinishPage.Image.Bitmap"
and setting image later:
${NSD_CreateBitmap} 0 0 164 436 ""
Pop $9
File "/oname=$pluginsdir\welcomeimg.bmp" "${}\Intro\intro96.bmp"
${NSD_SetImage} $9 "$pluginsdir\welcomeimg.bmp" $1

NSIS not displaying new control after change ui

I took ui.cpp and default.rc from the svn, compiled it, used changeui ---> works!
I can't display new controls. This is a section from the new default.rc
IDD_LICENSE DIALOGEX 0, 0, 266, 130 STYLE DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x1
BEGIN
ICON IDR_MAINFRAME,IDR_MAINFRAME,0,0,22,20
LTEXT "pppppppppppppppppppppp",507,25,0,241,23
LTEXT "email user",508, 172, 106, 233, 31
CONTROL "",IDC_EDIT1,RICHEDIT_CLASS,WS_BORDER | WS_VSCROLL |
WS_TABSTOP | 0x804,0,24,266,105
END
In the nsh script, on create function of a page I tried:
GetDlgItem $MyHandle $HWNDPARENT507
MessageBox MB_OK $MyHandle //this is always 0 no matter what I tried in the previous line!!!
EnableWindow $MyHandle 1
I also tried editing the original defalt.exe with resource hacker but nsis wouldn't display new text/control.
How can I display the new text and control???
The NSIS GUI is actually one dialog window with another dialog window inside it.
You first need to find the inner dialog before you can find the controls in it:
FindWindow $0 "#32770" "" $HWNDPARENT ; Find the inner dialog (See attached picture)
GetDlgItem $MyHandle $0 507 ; Find the control
Complete example:
!define ResHacker "$%localappdata%\Programs\ResHacker.exe" ; TODO: Adjust this path
!define myui "${__FILE__}\..\mytempui.exe"
!tempfile res
!tempfile rc
!delfile "${rc}"
!delfile "${res}"
!define /redef rc "${res}.rc"
!define /redef res "${res}.res"
!appendfile "${rc}" '#define IDD_LICENSE 102$\r$\n'
!appendfile "${rc}" '#define IDC_EDIT1 1000$\r$\n'
!appendfile "${rc}" '#define RICHEDIT_CLASS "RichEdit20W"$\r$\n'
!appendfile "${rc}" 'LANGUAGE 0x09, 0x01$\r$\n'
!appendfile "${rc}" 'IDD_LICENSE DIALOGEX 0, 0, 266, 130$\r$\n STYLE DS_FIXEDSYS | DS_CONTROL | WS_CHILD$\r$\n'
!appendfile "${rc}" 'FONT 8, "MS Shell Dlg", 0, 0, 0x1$\r$\n'
!appendfile "${rc}" 'BEGIN$\r$\n'
!appendfile "${rc}" ' LTEXT "pppppppppppppppppppppp",507,25,0,241,23,SS_LEFT|WS_VISIBLE$\r$\n'
!appendfile "${rc}" ' LTEXT "email user",508, 172, 106, 233, 31,SS_LEFT|WS_VISIBLE$\r$\n'
!appendfile "${rc}" ' CONTROL "",IDC_EDIT1,RICHEDIT_CLASS,WS_BORDER | WS_VSCROLL | WS_TABSTOP|WS_VISIBLE | 0x804,0,24,266,55$\r$\n'
!appendfile "${rc}" 'END$\r$\n'
!system '"${ResHacker}" -open "${rc}" -save "${res}" -action compile -log CON' = 0
!delfile "${rc}"
!system '"${ResHacker}" -open "${NSISDIR}\Contrib\UIs\default.exe" -save "${myui}" -action addoverwrite -res "${res}" -mask DIALOG,102,1033 -log CON' = 0
!delfile "${res}"
ChangeUI IDD_LICENSE "${myui}"
Page License "" MyLicShow
Page InstFiles
!include WinMessages.nsh
Var MyHandle
Function MyLicShow
FindWindow $0 "#32770" "" $HWNDPARENT ; Find the inner dialog (See attached picture)
GetDlgItem $MyHandle $0 507 ; Find the control
SendMessage $MyHandle ${WM_SETTEXT} "" "STR:New control text"
SetCtlColors $MyHandle ff0000 transparent
FunctionEnd

Whats wrong with my 2nd call to ReadINIStr?

I am a newbiew to NSIS. Trying to build a little sample that help to understand the techniques that I'd like to use in the production-installer that's build eventually...
I'd like to build a silent-installer that gets its parameter from an .INI-File with multiple section. Want to specific the section the command-line of the installer.
So, I have this NSIS-TEST.INI-File:
[PROD]
PATHONE=c:\Folder\Foo
AppName=My little stupid app
The idea is to have command-line like this:
FooSetup config=prod
The actual setup NSIS-TEST.NSI is:
; Script generated by the HM NIS Edit Script Wizard.
var /global REGAPPKEY
var /global PRODUCT_DIR_REGKEY
; HM NIS Edit Wizard helper defines
!define REG_APPKEY ""
!define config "PROD"
!define PATHONE ""
!define PRODUCT_NAME "foo"
!define PRODUCT_VERSION "1.0"
!define PRODUCT_PUBLISHER "foo"
!define PRODUCT_WEB_SITE "http://www.example.com"
!define PRODUCT_UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCT_NAME}"
!define PRODUCT_UNINST_ROOT_KEY "HKLM"
Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "FooSetup.exe"
InstallDir "c:\foo-goo"
Icon "${NSISDIR}\Contrib\Graphics\Icons\modern-install.ico"
UninstallIcon "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"
;SilentInstall silent
;SilentUninstall silent
;InstallDirRegKey HKLM "${PRODUCT_DIR_REGKEY}" ""
Section -aHauptgruppe SEC01
ReadINIStr $REGAPPKEY $INSTDIR\nsis-test.ini ${config} "AppName"
ReadINIStr $PATHONE $INSTDIR\nsis-test.ini ${config} "PATHONE"
;MessageBox MB_ICONINFORMATION|MB_OK "config=${config}"
;SetOutPath "$INSTDIR"
;SetOverwrite ifnewer
; File "..\..\..\pfad\zur\datei\AppMainExe.exe"
; CreateDirectory "$SMPROGRAMS\foo"
; CreateShortCut "$SMPROGRAMS\foo\foo.lnk" "$INSTDIR\AppMainExe.exe"
; CreateShortCut "$DESKTOP\foo.lnk" "$INSTDIR\AppMainExe.exe"
; File "..\..\..\path\to\file\Example.file"
SectionEnd
Section -AdditionalIcons
WriteIniStr "$INSTDIR\${PRODUCT_NAME}.url" "InternetShortcut" "URL" "${PRODUCT_WEB_SITE}"
CreateShortCut "$SMPROGRAMS\foo\Website.lnk" "$INSTDIR\${PRODUCT_NAME}.url"
CreateShortCut "$SMPROGRAMS\foo\Uninstall.lnk" "$INSTDIR\uninst.exe"
SectionEnd
Section -Post
WriteUninstaller "$INSTDIR\uninst.exe"
;WriteRegStr HKLM "${PRODUCT_DIR_REGKEY}" "" "$INSTDIR\AppMainExe.exe"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayName" "$(^Name)"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "UninstallString" "$INSTDIR\uninst.exe"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayIcon" "$INSTDIR\AppMainExe.exe"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayVersion" "${PRODUCT_VERSION}"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "URLInfoAbout" "${PRODUCT_WEB_SITE}"
;WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "Publisher" "${PRODUCT_PUBLISHER}"
SectionEnd
Function un.onUninstSuccess
MessageBox MB_ICONINFORMATION|MB_OK "$(^Name) wurde erfolgreich deinstalliert."
FunctionEnd
Function un.onInit
MessageBox MB_ICONQUESTION|MB_YESNO|MB_DEFBUTTON2 "M�chten Sie $(^Name) und alle seinen Komponenten deinstallieren?" IDYES +2
Abort
FunctionEnd
Section Uninstall
Delete "$INSTDIR\${PRODUCT_NAME}.url"
Delete "$INSTDIR\uninst.exe"
Delete "$INSTDIR\Example.file"
Delete "$INSTDIR\AppMainExe.exe"
Delete "$SMPROGRAMS\foo\Uninstall.lnk"
Delete "$SMPROGRAMS\foo\Website.lnk"
Delete "$DESKTOP\foo.lnk"
Delete "$SMPROGRAMS\foo\foo.lnk"
RMDir "$SMPROGRAMS\foo"
RMDir "$INSTDIR"
DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}"
;DeleteRegKey HKLM "${PRODUCT_DIR_REGKEY}"
SetAutoClose true
SectionEnd
FooSetup config=prod
If I compile this, the last lines of the output are:
Section: "-aHauptgruppe" ->(SEC01)
ReadINIStr $REGAPPKEY [PROD]:AppName from $INSTDIR\nsis-test.ini
Usage: ReadINIStr $(user_var: output) ini_file section entry_name
Error in script "c:\blabla\setup2019\nsis-test.nsi" on line 29 -- aborting creation process
So it has processed the first of my ReadINIStr-Instructions and barfed on the second one. I have looked at this code for hours, have injected line-feed etc., but I can't see what's so different about the 2nd instruction...
$PATHONE is not a variable. You're missing:
Var PATHONE
Note you do have:
!define PATHONE ""
So be careful not getting the two confused.

Is there anyway to call function after nsDialog show?

I wonder if there is any way which I can call function after nsDialog::show.
My case is a custom page that need to run http get request after the nsDialog show.
Function customPage
nsDialogs::Create 1018
Pop $0
${NSD_CreateButton} 0 0 100% 12u Test
Pop $BUTTON
${NSD_CreateText} 0 35 100% 12u hello
Pop $EDIT
${NSD_CreateCheckbox} 0 -20 100% 8u Test
Pop $CHECKBOX
${NSD_CreateLabel} 0 40u 75% 40u "* Type `hello there` above.$\n* Click the button.$\n* Check the checkbox.$\n* Hit the Back button."
Pop $0
nsDialogs::Show
Call MyFunc
FunctionEnd
Actually, the call for MyFunc is occuring only when im closing the nsDialog..
Use nsDialogs::CreateTimer with a short timeout and kill the timer in the function callback, it is a bit of a hack but seems to work fine.
nsDialog running by solo thread, but actually you can use nsDialogs::CreateTimer to callback a function without specify time which.
You can read more about that on:
http://nsis.sourceforge.net/Docs/nsDialogs/Readme.html#ref-createtimer

Ways to update progress bar

I want to control progressbar in my nsis installer. Actually I'm using ThreadTimer plugin but I've got big problem with it. ThreadTimer runs function every 10 seconds to update progress bar (increace progress bar value by 1%). The problem is that it crashes stack (as I can see ThreadTimer is using the same stack as NSIS). Crashes stack means that when I want to get value from the stack the value is wrong because of ThreadTimer function action. Any ideas? Maybe there are some other ways to update progress bar?
Those are functions/macros which should update progress bar. Macro StartProgressBarIntervalUpdate starts updating progress bar, macro StopProgressBarIntervalUpdate stops doping it.
Var /GLOBAL ProgressBarPosition
Var /GLOBAL ProgressBarParentWindow
Var /GLOBAL ProgressBarItem
Function InitProgressBar
StrCpy $ProgressBarPosition "0"
FindWindow $ProgressBarParentWindow "#32770" "" $HWNDPARENT
GetDlgItem $ProgressBarItem $ProgressBarParentWindow 1004
FunctionEnd
Function UpdateProgressBarTimer
${If} $ProgressBarPosition >= 30000 ; 100% * 300
StrCpy $ProgressBarPosition "0"
${Endif}
IntOp $ProgressBarPosition $ProgressBarPosition + 300
SendMessage $ProgressBarItem ${PBM_SETPOS} $ProgressBarPosition 0
FunctionEnd
!define StartProgressBarIntervalUpdate "!insertmacro StartProgressBarIntervalUpdate"
!macro StartProgressBarIntervalUpdate
Call InitProgressBar
GetFunctionAddress $UpdateProgressBarTimerFunctionAddress UpdateProgressBarTimer
ThreadTimer::Start /NOUNLOAD 20 -1 $UpdateProgressBarTimerFunctionAddress
Sleep 1000
!macroend
!define StopProgressBarIntervalUpdate "!insertmacro StopProgressBarIntervalUpdate"
!macro StopProgressBarIntervalUpdate
ThreadTimer::Stop $UpdateProgressBarTimerFunctionAddress
Sleep 15000
!macroend
Here are sections which uses progressbar
Var /GLOBAL UpdateProgressBarTimerFunctionAddress
Section BeforeMoveData SEC01
${StartProgressBarIntervalUpdate}
Call core.UnpackExeData
SectionEnd
Section OnMoveData SEC02
Call InstallFiles
Call InstallRegistry
Call InstallShortcuts
${StopProgressBarIntervalUpdate}
...
SectionEnd

Resources