My GCB IDE has been working fine though I haven't used it in like 3 months. Just today, I tried compiling a short program and the cursor keeps turning then the program says not responding. It then pops up up this error message with a command prompt behind. Once I close the pop-up, there's some text displayed on the command prompt but it "promptly" disappears.
Here's what I thought I'd do but without progress.
I tried uninstalling the program but it wouldn't uninstall.
I tried firstly from windows "program and features", then from the uninstaller application in the GCB SYN folder on the drive.
I then proceeded to delete the whole folder and the shortcut and downloaded and installed the program again.
It compiled for a few times like 4 or so. Then the error continued.
Yes, I rebooted before I uninstalled
I use windows 8.1 though I recently installed Ubuntu (side by side).
For anti-virus, I use Norton though the use period has expired.
I'll do well to check the logs. But how can I do that?that?
Last edit: Judah Ben 2020-07-08
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1.
The shown errormessage occurs, when g+stool.exe is called with less than two parameters.
2.
The intended parameters are automatically generated by the IDE. This is configured via
IDE Tools -> Customize external tools ...
and should look as in the attached picture.
3.
It appears that a "vg+stool.exe" is being called. Such a file must not exist! Especially not after a new installation. Instead, a "g+stool.exe" must be available in the "G+Stools" folder.
Judah - may I recommend you complete a virus check. I think you may have serious infection.
Try uploading and testing the ZIP to https://fortiguard.com/faq/onlinescanner I get positive with your zip but I do not get a positive with a similar zip I created here.
I may be wroing but this is highly likely to be the cause of your issues.
My support tickets for your reference. These are issued to track the virus sample submission.
Based on our initial analysis, the following samples contain malicious code and are already detected as the following detection:
"ide.exe" - md5: 19345f70ba0278f3c11ab76068c891a0 - W32/Injector.DJYO!tr - This appears to copy and disguise itself as other executables.
"callchm.exe" "g+stool.exe" "gawk.exe"- md5: 4ccfa16b90d52569fdb6460e30d233ff - W32/Injector.DJYO!tr - This appears to copy and disguise itself as other executables.
Good day.
I purchased norton security antivirus and performed a full system scan.
It turned out a worm, W32.tapin had infiltrated some of my program files and executables.
Other threats were heuristic viruses and some trojans.
After they were purged, I uninstalled GCB and reinstalled it.
I compiled two programs and it seems to be functioning fine now.
Thank you so much.
Let me reassure you the installer was clean. As the MD5 hashes match and this is proof that the code shipped was the code that started with V<name>.exe on your system. </name>
We found the issue and you resolved. Yipee.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
My GCB IDE has been working fine though I haven't used it in like 3 months. Just today, I tried compiling a short program and the cursor keeps turning then the program says not responding. It then pops up up this error message with a command prompt behind. Once I close the pop-up, there's some text displayed on the command prompt but it "promptly" disappears.
Here's what I thought I'd do but without progress.
I tried uninstalling the program but it wouldn't uninstall.
I tried firstly from windows "program and features", then from the uninstaller application in the GCB SYN folder on the drive.
I then proceeded to delete the whole folder and the shortcut and downloaded and installed the program again.
It compiled for a few times like 4 or so. Then the error continued.
It's really strange.
Any help please?
Hello,
Not seen this one before. I guess you have rebooted? What OS? What virus checker (and, check the logs)
Yes, I rebooted before I uninstalled
I use windows 8.1 though I recently installed Ubuntu (side by side).
For anti-virus, I use Norton though the use period has expired.
I'll do well to check the logs. But how can I do that?that?
Last edit: Judah Ben 2020-07-08
Should be ok in Windows 8.1
Try disabling anti-virus for a quick test.
How are you programming? I mean what is the DOS box doing?
I uninstalled the antivirus entirely but the problem remains.
I write the code to the chip with a pickit 3 programmer.
Hi,
1.
The shown errormessage occurs, when g+stool.exe is called with less than two parameters.
2.
The intended parameters are automatically generated by the IDE. This is configured via
IDE Tools -> Customize external tools ...
and should look as in the attached picture.
3.
It appears that a "vg+stool.exe" is being called. Such a file must not exist! Especially not after a new installation. Instead, a "g+stool.exe" must be available in the "G+Stools" folder.
Please compare points 2 and 3 with yours.
Frank
I replied earlier but it seems my messages did not go through.
I compared with yours and all seems the same.
Here's a snip of my dialog.
Most odd.
Post your USE.INI (GCB@SYN\GREATCOWBASIC directory) and your GSTOOLS directory, as a ZIP. We can compare to the masters.
Alright, thank you.
Morning.
Judah - may I recommend you complete a virus check. I think you may have serious infection.
Try uploading and testing the ZIP to https://fortiguard.com/faq/onlinescanner I get positive with your zip but I do not get a positive with a similar zip I created here.
I may be wroing but this is highly likely to be the cause of your issues.
My support tickets for your reference. These are issued to track the virus sample submission.
Ticket No. 4214155 Ticket Title: OVS&S: July 14, 2020 10:35:13 PM ( Positive)
and
Ticket No. 4214182 Ticket Title: OVS&S: July 14, 2020 10:49:26 PM (Negative)
Also, I have deleted the attached ZIP to remove any threat.
Last edit: Anobium 2020-07-15
@Judah. The results from Fortis. Please NOTE the GOLD software in the installer DOES NOT have this infection.
And, we DO NOT ship any application commencing with V. As in
VIDE.EXE, VGAWK.EXE, VCALLCHM.EXE etc....
Looks like a virus to me.
Analysis report
Evan
Last edit: Anobium 2020-07-15
@Judah - more information on the virus.
Based on our initial analysis, the following samples contain malicious code and are already detected as the following detection:
"ide.exe" - md5: 19345f70ba0278f3c11ab76068c891a0 - W32/Injector.DJYO!tr - This appears to copy and disguise itself as other executables.
"callchm.exe" "g+stool.exe" "gawk.exe"- md5: 4ccfa16b90d52569fdb6460e30d233ff - W32/Injector.DJYO!tr - This appears to copy and disguise itself as other executables.
The following samples do not perform noticeable trojan/malware like behavior:
"flashavr.bat" - md5: 3ae8009b0c1c694d45e27a77d9610e9e
"useini.bat" - md5: 9fe4f1ea1e30f1055093f8fffc0d045d
"flashpic.bat" - md5: a8feea60b356b62445dcd52f5f1414de
"flashthis.bat" - md5: e4618556dbfdf40afbd0c4214a89e439
"foini.bat" - md5: 8779e039236d41ab4407d4c0ec143436
"makeasm.bat" - md5: b7e500f5c0761172502e2458b7094afb
"makehex.bat" - md5: 7eb5d7b13e291e74ab5243ba2a5aa9da
"pk2cmdline.bat" - md5: 59b0479343f62dd4758c31540694622f
"cow48x48.ico" - md5: 3e71fe38026ca93941932a1f797a80be
"android-icon-192x192.ico" - md5: fa036503231666cbe157e14a1dacfb70
"cowicon.rc"- md5: 6a60c458275b7befef34c5572185db1d
"g+stool.bas"- md5: bb35452cb2e7523bb5829772c4821dbd
"ide.bas"- md5: 1ea9be89382975ab74d5380eee8384c9
"callchm.bas"- md5: 880d6f9e3748f8cf7da7b01f9f07562d
"preprocess.awk"- md5: 24b713164d7de6a034525b87d6b4eb69
"vgawk.exe"- md5: 32342699d3708e3a05509840a7054944
"vide.exe"- md5: fb315480d6f864db74a67412447f0525
"vcallchm.exe"- md5: 4a135dc656be7c52a7c920ef45211cae
"vg+stool.exe"- md5: 770ab414ecca77929ac0d3b6e786ddcc
I have examined the EXE we provode the MD5 hashes are as shown below and these MATCH the EXE starting with V.
callchm.exe - 4A135DC656BE7C52A7C920EF45211CAE
g+stool.exe - 770AB414ECCA77929AC0D3B6E786DDCC
gawk.exe - 32342699D3708E3A05509840A7054944
ide.exe - FB315480D6F864DB74A67412447F0525
So, the EXEs that start with V is the real code and something is infecting the files.
Good day.
I purchased norton security antivirus and performed a full system scan.
It turned out a worm, W32.tapin had infiltrated some of my program files and executables.
Other threats were heuristic viruses and some trojans.
After they were purged, I uninstalled GCB and reinstalled it.
I compiled two programs and it seems to be functioning fine now.
Thank you so much.
Good news - well done.
Let me reassure you the installer was clean. As the MD5 hashes match and this is proof that the code shipped was the code that started with V<name>.exe on your system. </name>
We found the issue and you resolved. Yipee.