NirBlog

I created a new Web site which provides general information about file extensions and which software can open or use them: http://extension.nirsoft.net.
Currently, this Web site is based on extension information sent from my FileTypesMan utility by me and by some other users. It’s possible that in the future, I’ll also  enable the visitors  of extension.nirsoft.net Web site to add their own extension description and remarks.

extension.nirsoft.net Web site

I also added a new option for both FileTypesMan utility and ShellMenuView utilities that allows you to easily open your Web browser in the right file extension page.

If you want to help this extension database to grow, you are welcomed to  add extension information stored in your own computer into http://extension.nirsoft.net Web site, by using the ‘Send Report To extension.nirsoft.net’ option.  Full instructions about how to do it are available in the main page of extension.nirsoft.net Web site.

Also, be aware that this ‘Send Report’ option only send general information about the extension and which program opens it on your computer. It doesn’t send any personal or private information that might reveal your identity.

In the last 2 months, I reported about a nasty phishing scam known as ‘msn-blocked.com’ that ask the users to type their MSN user name/password and then use their log-in details to connect the server of MSN/Live Messenger and send a fake invite messages to all the contacts of the user.
This Web site also send the users to msnpass.info Web site, which is used to sell my freeware MessenPass utility by using the payment system of Allopass. You can read more about this scam, in the previous posts of my Internet Scams section.

MsnPass.Info Scam In English

Until now, msn-blocked Web site was in french language, and targeted only  users that speaks french.
But now the owner of this nasty scam decided to go international and created new versions of msn-blocked and msnpass.info Web sites in multiple languages, including English. The user that browse into these Web sites automatically get the right language according to the  language settings of the Web browser and there is also a flags toolbar to select the right language.
This means that Internet users of many countries that were not affected by this scam until now, including all Live Messenger users in United State, are now vulnerable to this scam.

Msn-Blocked.com in English

Since I discovered this scam, around 2 months ago,  I tried to contact any company/ organization that can help to stop this scam right away, including well- known companies like Microsoft and GoDaddy.  Unfortunately, it seems that these companies don’t care that their services are used for Messenger spamming and phishing scams.

Here’s a partial list of companies that received my complaint about msn-blocked scam and didn’t do anything to stop it:

1. GoDaddy:  GoDaddy is the domain registrar of all domains used for this scam, including msnpass.info, msn-blocked.com, msn-block.info,  msnblocks.com, msnapps.net, and possibly a few others.The Web site of GoDaddy says that “We do not allow our customers to send mass unsolicited e-mails, or spam” and they even provide a special spam report form to report about spammers. They also have an option in their form to report about IM Spam, which is exactly what msn-blocked Web site does.
   So I sent my entire report about msn-blocked.com to GoDaddy, even twice, but so far, there is no any response from them.
2. Domains by Proxy:  This company provide a ‘privacy protection’ service that hides the real details of the user that Registers  a domain. It’s a very good and useful service, as long as it’s used by legitimated Web site owners, but unfortunately, this service is also used by scam owners like msn-blocked.com that want to hide their identity.
   Like GoDaddy, this company also says that they don’t allow to their customers to send spam and they also provide a form to fill a complaint about a spammer.
   I also send them my full report about msn-blocked.com scam, and exactly like GoDaddy, they simply don’t answer.
3. Microsoft Live Messenger Team:  The entire scam of msn-blocked.com Web site is based on connecting the MSN/Live Messenger servers and flooding the contacts of the user with fake messages.  The team of Live Messenger servers can easily block the IP addresses of msn-blocked Web site and bring down this scam right away.
   I reported about this scam to the team of Live Messenger, by using their feedback form and as a comment in their Blog. I also know that I’m not the only one that reported them about the msn-blocked scam.Unfortunately, like the other companies, the team of Live Messenger don’t bother themselves to do anything with this issue, even when they can easily shut down the scam by making a few changes in their Firewall.

   Maybe now, when this scam also targets English speakers, and will probably start to spread in United States very quickly, Microsoft will understand that they have to do something about it.

4. Allopass: As I already reported in my previous posts, the owner of this scam sell my MessenPass software in msnpass.info Web site, by using the SMS payment system of Allopass.
   As opposed to other companies, Allopass answered the messages I sent them about this scam, but unfortunately, they refused to stop working with the scam owner, saying that they cannot legally close the account and other excuses. Allopass also enjoys their part in the scam, because for each SMS code used by msnpass.info Web site, the revenue is shared between the scam owner, Allopass, and the phone company.
5. EURO-WEB Servers renting: EURO-WEB is the hosting company that currently hosts the servers of msn-blocked scam. I sent a full report about the scam to the abuse email of this company, but their is no any response from them.

I hope that one of the above companies will finally decide to take action against msn-blocked Web site before it start spreading in United States and many other countries that were not affected by this scam until now.

There is only one good side  in this story:  Both Firefox and Internet Explorer blocks some of the Web addresses of msn-blocked Web site thanks to the phishing reports made by users. However,  this Web site blocking only slows down the spreading of scam, but it doesn’t really prevent it. The scam owner also constantly replace the domain name and host name to avoid the blocking by the Web browser.

WirelessNetView, a utility that show all wireless networks currently detected by your wireless adapter, now provide a ‘Very High’ update rate.

This feature can be useful if you move with your laptop from one location to another (by foot or with a vehicle) and you want to locate any wireless network in your path.  It can also be useful if you have a wireless adapter plugged to a USB cable and you want to put it in a location with the best signal quality.

WirelessNetView now also allows you to save the current detected networks list into text/html/xml/csv file, by using the right command-line options, and without displaying any user interface.

The new version of WirelessNetView is available here.

The new version of BlueScreenView, version 1.05, now also support the MiniDump Files created by x64 version of Windows.
The executable file of BlueScreenView is still created as 32-bit application, but it can read and analyze the crash MiniDump Files of both both 32-bit and x64 systems.

Many people ask me if there is any package with all NirSoft utilities and a launcher application to easily find and run the desired utility.
So now there is something in development:
NirLauncher (The name might be changed later) is a utility that will be packed with dozens of NirSoft utilities and will display them in the main window, separated by different categories, like ‘Password Recovery Tools’, ‘Network Tools’, ‘Web Browser Tools’, and so on.

It’ll allow you to easy run a utility, run the utility with command-line parameters, open the help file, browser into the Web page of the utility, and so on.
It’s also possible that NirLauncher will allow other developers to provide their utilities as additional package for NirLauncher.

I hope that the first Beta of NirSoft Launcher will be available to download in the incoming weeks.
For now, you can enjoy the first screenshots of NirLauncher:

WinFontsView is a new utility that enumerates all fonts installed on your system, and displays them in one simple table.
For each font, WinFontsView draws 5 samples of the font in different sizes, in order to allow you to easily find and choose the desired font that you need. WinFontsView also allows you to view the fonts as Bold, as Italic or with underline, as well as it allows you to export the fonts list into html file.

For more infromation about WinFontsView, click here.

WinFontsView Screenshot

A few days ago, I reported that Allopass company decided to close the account of msnpass.info scam. So it seems that they simply lied to me.
After a few days, I saw that msnpass.info Web site is still very active, so I contacted Allopass again, and now their representative says that they are not going to close the account.

The reason: The owner of msnpass.info told them that msnpass.info sell a software developed by msnpass.info team, and this Web site doesn’t sell the utilities of NirSoft at all.
This is probably the reason for the screenshot change, that I reported a few days ago.

The owner of msnpass.info created a fake screenshot of a software that doesn’t really exist, and told the Allopass company that msnpass.info sell the software shown in the screenshot, which doesn’t look like the MessenPass utility of NirSoft.

But according to reports that I received in the last days from 2 people that fell into msnpass.info scam, after users pay through the payment system of Allopass, they are still sent to download my MessenPass and Mail PassView utilities.
The fake screenshot in the landing page of msnpass.info was just created to give Allopass a good excuse for not closing the account.

The sad fact is – Both msnpass.info and Allopass company have interest of keeping msnpass.info account open and to continue making a lots of money from this nasty scam.

In the last few weeks, I was in contact with a few employees of Allopass company regarding this scam, and in all this time, they just wasted my time and protected the side of the criminals.
Instead of suspending the account of msnpass.info and require this Web site owner to stop the nasty MSN spamming activities and to stop selling the software of others,
Allopass simply sent my complaint to msnpass.info owner. msnpass.info owner answered them that he sell his own software and not my software, and Allopass simply accepted this answer, and decided to keep the account open.

Just to remind you again – msnpass.info and msn-blocked.com are a pair of scam Web sites in french that use very nasty way to get a large amount of traffic and… money.
The first one, msn-blocked.com – asks innocent users to type their MSN user/password, and then floods all their contacts with fake instant messages that invite them to join msn-blocked Web site, and enter their user/password too.
The second one, msnpass.info – offer the users of msn-blocked.com to purchase the MessenPass utility of NirSoft through the SMS payment system of allopass.com, misleading french users that don’t know that this utility is available for free at www.nirsoft.net.

For more information about how this scam works, read this post.

msn-blocked.com blocked by Firefox, so other domains are used

Due to complains of many users about msn-blocked Web site, Firefox and Google blocked this domain for ‘Reported Web Forgery’.
So the owner of this scam started to redirect Firefox users to other domains like msn-block.info, msn-blocking.com, msn-check.info, and possibly others.
msn-block.info and msn-blocking.com domains are already completely blocked by Firefox too, while msn-check.info is only partly blocked.

So for, Firefox/Google are the only good side in this world that do something against this scam.
I already reported about this scam to Microsoft (for MSN Messenger abuse), to GoDaddy (The domain registrar), to Domains By Proxy (the privacy protection company), to EURO-WEB Servers renting (the current hosting company), and to some other organizations that handle these kind of scams. So far, there is no any action from any of them.

BlueScreenView is a new utility that allows you to watch the details of all ‘Blue Screen of Death’ crashes that occurred in your system.

It automatically scans all your minidump files created during ‘blue screen of death’ crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version).
BlueScreenView also displays the list of all drivers loaded during the crash, as well as it allows you to view a blue screen window which is very similar to the one that Windows displayed during the crash.

For more information about this utility, go to BlueScreenView Web page.

MetarWeather utility has a new feature that allows you to watch the latest METAR weather reports from Google Earth map.
In order to use this feature, simply selected the desired METAR report lines, go to ‘Save Selected Items’ (Ctrl+S), choose the KML in the file type combo-box, and save the file. After that, you can open the saved .kml file in Google Earth, and watch the METAR reports on earth map.

Here’s a sample result of METAR reports in Google Earth:

As I already reported in the past, MessenPass, my password recovery tool for Messenger applications, is falsely detect as Virus/Trojan/Malware by many Antivirus programs.

Currently, according to this virustotal report, 18 out of 41 Antivirus programs shows a virus alert for MessenPass utility.

So I decided to make a nice test. I took the same code of MessenPass, and recompiled it with different compiler optimization options.
I also left it without UPX compression that I usually do with all my utilities.
I posted the new build of MessenPass for testing in VirusTotal Web site, and here’s the amazing result:

Only 2 out of 41 Antivirus programs trigger a virus alert for the new build of MessenPass.
Just to be clear – It’s still the same version of MessenPass (v1.26) like the original MessenPass with the 18 Antivirus alerts.
I simply compiled the same code of MessenPass with different compiler options.
avoiding from UPX compression also helped a little, because after compressing the same file with UPX, I got 5 virus alerts.

Currently, this build of MessenPass is only posted in this blog, while the I left the original build in the MessenPass Web page.
It’s interesting to see whether the Antivirus companies read or scan my blog.
If they do, the number of virus alerts in this MessenPass build will increase very soon…