Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3869)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/enumerate_modules_model_win.cc

Issue 15969017: Warn by default when certain DLL conflicts exist on XP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Freshly sync'ed Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/enumerate_modules_model_win.h ('k') | chrome/browser/resources/about_conflicts.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/enumerate_modules_model_win.cc
diff --git a/chrome/browser/enumerate_modules_model_win.cc b/chrome/browser/enumerate_modules_model_win.cc
index 3569b105a0cc8f31c7a741c3ee92a0c882bb5cd2..79aa9470023a08118db16381148250dbcc0f6994 100644
--- a/chrome/browser/enumerate_modules_model_win.cc
+++ b/chrome/browser/enumerate_modules_model_win.cc
@@ -23,6 +23,7 @@
#include "base/version.h"
#include "base/win/registry.h"
#include "base/win/scoped_handle.h"
+#include "base/win/windows_version.h"
#include "chrome/browser/net/service_providers_win.h"
#include "chrome/common/chrome_constants.h"
#include "chrome/common/chrome_notification_types.h"
@@ -30,13 +31,14 @@
#include "content/public/browser/notification_service.h"
#include "crypto/sha2.h"
#include "grit/generated_resources.h"
+#include "grit/google_chrome_strings.h"
#include "ui/base/l10n/l10n_util.h"
using content::BrowserThread;
// The period of time (in milliseconds) to wait until checking to see if any
// incompatible modules exist.
-static const int kModuleCheckDelayMs = 60 * 1000;
+static const int kModuleCheckDelayMs = 45 * 1000;
// The path to the Shell Extension key in the Windows registry.
static const wchar_t kRegPath[] =
@@ -118,167 +120,195 @@ const ModuleEnumerator::BlacklistEntry ModuleEnumerator::kModuleBlacklist[] = {
// Version 3.2.1.6 seems to be implicated in most cases (and 3.2.2.2 in some).
// There is a more recent version available for download.
// accelerator.dll, "%programfiles%\\speedbit video accelerator\\".
- { "7ba9402f", "c9132d48", "", "", "", kInvestigatingLink },
+ { "7ba9402f", "c9132d48", "", "", "", ALL, kInvestigatingLink },
// apiqq0.dll, "%temp%\\".
- { "26134911", "59145acf", "", "", "", kUninstallLink },
+ { "26134911", "59145acf", "", "", "", ALL, kUninstallLink },
// arking0.dll, "%systemroot%\\system32\\".
- { "f5d8f549", "23d01d5b", "", "", "", kUninstallLink },
+ { "f5d8f549", "23d01d5b", "", "", "", ALL, kUninstallLink },
// arking1.dll, "%systemroot%\\system32\\".
- { "c60ca062", "23d01d5b", "", "", "", kUninstallLink },
+ { "c60ca062", "23d01d5b", "", "", "", ALL, kUninstallLink },
+
+ // aswjsflt.dll, "%ProgramFiles%\\avast software\\avast\\", "AVAST Software".
+ // NOTE: The digital signature of the DLL is double null terminated.
+ // Avast Antivirus prior to version 8.0 would kill the Chrome child process
+ // when blocked from running.
+ { "2ea5422a", "6b3a1b00", "a7db0e0c", "", "8.0", XP,
+ static_cast<RecommendedAction>(UPDATE | SEE_LINK | NOTIFY_USER) },
+
+ // aswjsflt.dll, "%ProgramFiles%\\alwil software\\avast5\\", "AVAST Software".
+ // NOTE: The digital signature of the DLL is double null terminated.
+ // Avast Antivirus prior to version 8.0 would kill the Chrome child process
+ // when blocked from running.
+ { "2ea5422a", "d8686924", "a7db0e0c", "", "8.0", XP,
+ static_cast<RecommendedAction>(UPDATE | SEE_LINK | NOTIFY_USER) },
// Said to belong to Killer NIC from BigFoot Networks (not verified). Versions
// 6.0.0.7 and 6.0.0.10 implicated.
// bfllr.dll, "%systemroot%\\system32\\".
- { "6bb57633", "23d01d5b", "", "", "", kInvestigatingLink },
+ { "6bb57633", "23d01d5b", "", "", "", ALL, kInvestigatingLink },
// clickpotatolitesahook.dll, "". Different version each report.
- { "0396e037.dll", "", "", "", "", kUninstallLink },
+ { "0396e037.dll", "", "", "", "", ALL, kUninstallLink },
// cvasds0.dll, "%temp%\\".
- { "5ce0037c", "59145acf", "", "", "", kUninstallLink },
+ { "5ce0037c", "59145acf", "", "", "", ALL, kUninstallLink },
// cwalsp.dll, "%systemroot%\\system32\\".
- { "e579a039", "23d01d5b", "", "", "", kUninstallLink },
+ { "e579a039", "23d01d5b", "", "", "", ALL, kUninstallLink },
// datamngr.dll (1), "%programfiles%\\searchqu toolbar\\datamngr\\".
- { "7add320b", "470a3da3", "", "", "", kUninstallLink },
+ { "7add320b", "470a3da3", "", "", "", ALL, kUninstallLink },
// datamngr.dll (2), "%programfiles%\\windows searchqu toolbar\\".
- { "7add320b", "7a3c8be3", "", "", "", kUninstallLink },
+ { "7add320b", "7a3c8be3", "", "", "", ALL, kUninstallLink },
// dsoqq0.dll, "%temp%\\".
- { "1c4df325", "59145acf", "", "", "", kUninstallLink },
+ { "1c4df325", "59145acf", "", "", "", ALL, kUninstallLink },
// flt.dll, "%programfiles%\\tueagles\\".
- { "6d01f4a1", "7935e9c2", "", "", "", kUninstallLink },
+ { "6d01f4a1", "7935e9c2", "", "", "", ALL, kUninstallLink },
// This looks like a malware edition of a Brazilian Bank plugin, sometimes
// referred to as Malware.Banc.A.
// gbieh.dll, "%programfiles%\\gbplugin\\".
- { "4cb4f2e3", "88e4a3b1", "", "", "", kUninstallLink },
+ { "4cb4f2e3", "88e4a3b1", "", "", "", ALL, kUninstallLink },
// hblitesahook.dll. Each report has different version number in location.
- { "5d10b363", "", "", "", "", kUninstallLink },
+ { "5d10b363", "", "", "", "", ALL, kUninstallLink },
// icf.dll, "%systemroot%\\system32\\".
- { "303825ed", "23d01d5b", "", "", "", INVESTIGATING },
+ { "303825ed", "23d01d5b", "", "", "", ALL, INVESTIGATING },
// idmmbc.dll (IDM), "%systemroot%\\system32\\". See: http://crbug.com/26892/.
- { "b8dce5c3", "23d01d5b", "", "", "6.03",
+ { "b8dce5c3", "23d01d5b", "", "", "6.03", ALL,
static_cast<RecommendedAction>(UPDATE | DISABLE) },
// imon.dll (NOD32), "%systemroot%\\system32\\". See: http://crbug.com/21715.
- { "8f42f22e", "23d01d5b", "", "", "4.0",
+ { "8f42f22e", "23d01d5b", "", "", "4.0", ALL,
static_cast<RecommendedAction>(UPDATE | DISABLE) },
// is3lsp.dll, "%commonprogramfiles%\\is3\\anti-spyware\\".
- { "7ffbdce9", "bc5673f2", "", "", "",
+ { "7ffbdce9", "bc5673f2", "", "", "", ALL,
static_cast<RecommendedAction>(UPDATE | DISABLE | SEE_LINK) },
// jsi.dll, "%programfiles%\\profilecraze\\".
- { "f9555eea", "e3548061", "", "", "", kUninstallLink },
+ { "f9555eea", "e3548061", "", "", "", ALL, kUninstallLink },
// kernel.dll, "%programfiles%\\contentwatch\\internet protection\\modules\\".
- { "ead2768e", "4e61ce60", "", "", "", INVESTIGATING },
+ { "ead2768e", "4e61ce60", "", "", "", ALL, INVESTIGATING },
// mgking0.dll, "%systemroot%\\system32\\".
- { "d0893e38", "23d01d5b", "", "", "", kUninstallLink },
+ { "d0893e38", "23d01d5b", "", "", "", ALL, kUninstallLink },
// mgking0.dll, "%temp%\\".
- { "d0893e38", "59145acf", "", "", "", kUninstallLink },
+ { "d0893e38", "59145acf", "", "", "", ALL, kUninstallLink },
// mgking1.dll, "%systemroot%\\system32\\".
- { "3e837222", "23d01d5b", "", "", "", kUninstallLink },
+ { "3e837222", "23d01d5b", "", "", "", ALL, kUninstallLink },
// mgking1.dll, "%temp%\\".
- { "3e837222", "59145acf", "", "", "", kUninstallLink },
+ { "3e837222", "59145acf", "", "", "", ALL, kUninstallLink },
// mstcipha.ime, "%systemroot%\\system32\\".
- { "5523579e", "23d01d5b", "", "", "", INVESTIGATING },
+ { "5523579e", "23d01d5b", "", "", "", ALL, INVESTIGATING },
// mwtsp.dll, "%systemroot%\\system32\\".
- { "9830bff6", "23d01d5b", "", "", "", kUninstallLink },
+ { "9830bff6", "23d01d5b", "", "", "", ALL, kUninstallLink },
// nodqq0.dll, "%temp%\\".
- { "b86ce04d", "59145acf", "", "", "", kUninstallLink },
+ { "b86ce04d", "59145acf", "", "", "", ALL, kUninstallLink },
// nProtect GameGuard Anti-cheat system. Every report has a different
// location, since it is installed into and run from a game folder. Various
// versions implicated.
// npggnt.des, no fixed location.
- { "f2c8790d", "", "", "", "", kInvestigatingLink },
+ { "f2c8790d", "", "", "", "", ALL, kInvestigatingLink },
// nvlsp.dll,
// "%programfiles%\\nvidia corporation\\networkaccessmanager\\bin32\\".
- { "37f907e2", "3ad0ff23", "", "", "", INVESTIGATING },
+ { "37f907e2", "3ad0ff23", "", "", "", ALL, INVESTIGATING },
// post0.dll, "%systemroot%\\system32\\".
- { "7405c0c8", "23d01d5b", "", "", "", kUninstallLink },
+ { "7405c0c8", "23d01d5b", "", "", "", ALL, kUninstallLink },
// questbrwsearch.dll, "%programfiles%\\questbrwsearch\\".
- { "0953ed09", "f0d5eeda", "", "", "", kUninstallLink },
+ { "0953ed09", "f0d5eeda", "", "", "", ALL, kUninstallLink },
// questscan.dll, "%programfiles%\\questscan\\".
- { "f4f3391e", "119d20f7", "", "", "", kUninstallLink },
+ { "f4f3391e", "119d20f7", "", "", "", ALL, kUninstallLink },
// radhslib.dll (Naomi web filter), "%programfiles%\\rnamfler\\".
// See http://crbug.com/12517.
- { "7edcd250", "0733dc3e", "", "", "", INVESTIGATING },
+ { "7edcd250", "0733dc3e", "", "", "", ALL, INVESTIGATING },
// rlls.dll, "%programfiles%\\relevantknowledge\\".
- { "a1ed94a7", "ea9d6b36", "", "", "", kUninstallLink },
+ { "a1ed94a7", "ea9d6b36", "", "", "", ALL, kUninstallLink },
// rooksdol.dll, "%programfiles%\\trusteer\\rapport\\bin\\".
- { "802aefef", "06120e13", "", "", "3.5.1008.40", UPDATE },
+ { "802aefef", "06120e13", "", "", "3.5.1008.40", ALL, UPDATE },
// scanquery.dll, "%programfiles%\\scanquery\\".
- { "0b52d2ae", "a4cc88b1", "", "", "", kUninstallLink },
+ { "0b52d2ae", "a4cc88b1", "", "", "", ALL, kUninstallLink },
// sdata.dll, "%programdata%\\srtserv\\".
- { "1936d5cc", "223c44be", "", "", "", kUninstallLink },
+ { "1936d5cc", "223c44be", "", "", "", ALL, kUninstallLink },
// searchtree.dll,
// "%programfiles%\\contentwatch\\internet protection\\modules\\".
- { "f6915a31", "4e61ce60", "", "", "", INVESTIGATING },
+ { "f6915a31", "4e61ce60", "", "", "", ALL, INVESTIGATING },
// sgprxy.dll, "%commonprogramfiles%\\is3\\anti-spyware\\".
- { "005965ea", "bc5673f2", "", "", "", INVESTIGATING },
+ { "005965ea", "bc5673f2", "", "", "", ALL, INVESTIGATING },
+
+ // snxhk.dll, "%ProgramFiles%\\avast software\\avast\\", "AVAST Software".
+ // NOTE: The digital signature of the DLL is double null terminated.
+ // Avast Antivirus prior to version 8.0 would kill the Chrome child process
+ // when blocked from running.
+ { "46c16aa8", "6b3a1b00", "a7db0e0c", "", "8.0", XP,
+ static_cast<RecommendedAction>(UPDATE | SEE_LINK | NOTIFY_USER) },
+
+ // snxhk.dll, "%ProgramFiles%\\alwil software\\avast5\\", "AVAST Software".
+ // NOTE: The digital signature of the DLL is double null terminated.
+ // Avast Antivirus prior to version 8.0 would kill the Chrome child process
+ // when blocked from running.
+ { "46c16aa8", "d8686924", "a7db0e0c", "", "8.0", XP,
+ static_cast<RecommendedAction>(UPDATE | SEE_LINK | NOTIFY_USER) },
// sprotector.dll, "". Different location each report.
- { "24555d74", "", "", "", "", kUninstallLink },
+ { "24555d74", "", "", "", "", ALL, kUninstallLink },
// swi_filter_0001.dll (Sophos Web Intelligence),
// "%programfiles%\\sophos\\sophos anti-virus\\web intelligence\\".
// A small random sample all showed version 1.0.5.0.
- { "61112d7b", "25fb120f", "", "", "", kInvestigatingLink },
+ { "61112d7b", "25fb120f", "", "", "", ALL, kInvestigatingLink },
// twking0.dll, "%systemroot%\\system32\\".
- { "0355549b", "23d01d5b", "", "", "", kUninstallLink },
+ { "0355549b", "23d01d5b", "", "", "", ALL, kUninstallLink },
// twking1.dll, "%systemroot%\\system32\\".
- { "02e44508", "23d01d5b", "", "", "", kUninstallLink },
+ { "02e44508", "23d01d5b", "", "", "", ALL, kUninstallLink },
// vksaver.dll, "%systemroot%\\system32\\".
- { "c4a784d5", "23d01d5b", "", "", "", kUninstallLink },
+ { "c4a784d5", "23d01d5b", "", "", "", ALL, kUninstallLink },
// vlsp.dll (Venturi Firewall?), "%systemroot%\\system32\\".
- { "2e4eb93d", "23d01d5b", "", "", "", INVESTIGATING },
+ { "2e4eb93d", "23d01d5b", "", "", "", ALL, INVESTIGATING },
// vmn3_1dn.dll, "%appdata%\\roaming\\vmndtxtb\\".
- { "bba2037d", "9ab68585", "", "", "", kUninstallLink },
+ { "bba2037d", "9ab68585", "", "", "", ALL, kUninstallLink },
// webanalyzer.dll,
// "%programfiles%\\contentwatch\\internet protection\\modules\\".
- { "c70b697d", "4e61ce60", "", "", "", INVESTIGATING },
+ { "c70b697d", "4e61ce60", "", "", "", ALL, INVESTIGATING },
// wowst0.dll, "%systemroot%\\system32\\".
- { "38ad9963", "23d01d5b", "", "", "", kUninstallLink },
+ { "38ad9963", "23d01d5b", "", "", "", ALL, kUninstallLink },
// wxbase28u_vc_cw.dll, "%systemroot%\\system32\\".
- { "e967210d", "23d01d5b", "", "", "", kUninstallLink },
+ { "e967210d", "23d01d5b", "", "", "", ALL, kUninstallLink },
};
// Generates an 8 digit hash from the input given.
@@ -334,6 +364,15 @@ ModuleEnumerator::ModuleStatus ModuleEnumerator::Match(
DCHECK(!strstr(blacklisted.version_from, " "));
DCHECK(!strstr(blacklisted.version_to, " "));
+ base::win::Version version = base::win::GetVersion();
+ switch (version) {
+ case base::win::VERSION_XP:
+ if (!(blacklisted.os & XP)) return NOT_MATCHED;
+ break;
+ default:
+ break;
+ }
+
std::string filename_hash, location_hash;
GenerateHash(WideToUTF8(module.name), &filename_hash);
GenerateHash(WideToUTF8(module.location), &location_hash);
@@ -374,9 +413,8 @@ ModuleEnumerator::ModuleStatus ModuleEnumerator::Match(
// If descriptions match (or both are empty) and the locations match, then
// we also have a confirmed match.
if (description_hash == desc_or_signer &&
- !location_hash.empty() && location_hash == blacklisted.location) {
+ !location_hash.empty() && location_hash == blacklisted.location)
return CONFIRMED_BAD;
- }
// We are not sure, but it is likely bad.
return SUSPECTED_BAD;
@@ -776,6 +814,13 @@ EnumerateModulesModel* EnumerateModulesModel::GetInstance() {
return Singleton<EnumerateModulesModel>::get();
}
+// static
+void EnumerateModulesModel::RecordLearnMoreStat(bool from_menu) {
+ UMA_HISTOGRAM_ENUMERATION("ConflictingModule.UserSelection",
+ from_menu ? ACTION_MENU_LEARN_MORE : ACTION_BUBBLE_LEARN_MORE,
+ ACTION_BOUNDARY);
+}
+
bool EnumerateModulesModel::ShouldShowConflictWarning() const {
// If the user has acknowledged the conflict notification, then we don't need
// to show it again (because the scanning only happens once per the lifetime
@@ -901,19 +946,38 @@ ListValue* EnumerateModulesModel::GetModuleList() const {
return list;
}
+GURL EnumerateModulesModel::GetFirstNotableConflict() {
+ lock->Acquire();
+ GURL url;
+
+ if (enumerated_modules_.empty()) {
+ lock->Release();
+ return GURL();
+ }
+
+ for (ModuleEnumerator::ModulesVector::const_iterator module =
+ enumerated_modules_.begin();
+ module != enumerated_modules_.end(); ++module) {
+ if (!(module->recommended_action & ModuleEnumerator::NOTIFY_USER))
+ continue;
+
+ url = ConstructHelpCenterUrl(*module);
+ DCHECK(url.is_valid());
+ break;
+ }
+
+ lock->Release();
+ return url;
+}
+
+
EnumerateModulesModel::EnumerateModulesModel()
: limited_mode_(false),
scanning_(false),
conflict_notification_acknowledged_(false),
confirmed_bad_modules_detected_(0),
- suspected_bad_modules_detected_(0) {
- const CommandLine& cmd_line = *CommandLine::ForCurrentProcess();
- if (cmd_line.HasSwitch(switches::kConflictingModulesCheck)) {
- check_modules_timer_.Start(FROM_HERE,
- base::TimeDelta::FromMilliseconds(kModuleCheckDelayMs),
- this, &EnumerateModulesModel::ScanNow);
- }
-
+ suspected_bad_modules_detected_(0),
+ modules_to_notify_about_(0) {
lock = new base::Lock();
}
@@ -921,16 +985,37 @@ EnumerateModulesModel::~EnumerateModulesModel() {
delete lock;
}
+void EnumerateModulesModel::MaybePostScanningTask() {
+ static bool done = false;
+ if (!done) {
+ done = true;
+
+ const CommandLine& cmd_line = *CommandLine::ForCurrentProcess();
+ if (cmd_line.HasSwitch(switches::kConflictingModulesCheck) ||
+ base::win::GetVersion() == base::win::VERSION_XP) {
+ check_modules_timer_.Start(FROM_HERE,
+ base::TimeDelta::FromMilliseconds(kModuleCheckDelayMs),
+ this, &EnumerateModulesModel::ScanNow);
+ }
+ }
+}
+
void EnumerateModulesModel::DoneScanning() {
confirmed_bad_modules_detected_ = 0;
suspected_bad_modules_detected_ = 0;
+ modules_to_notify_about_ = 0;
for (ModuleEnumerator::ModulesVector::const_iterator module =
- enumerated_modules_.begin();
- module != enumerated_modules_.end(); ++module) {
- if (module->status == ModuleEnumerator::CONFIRMED_BAD)
- ++confirmed_bad_modules_detected_;
- if (module->status == ModuleEnumerator::SUSPECTED_BAD)
- ++suspected_bad_modules_detected_;
+ enumerated_modules_.begin();
+ module != enumerated_modules_.end(); ++module) {
+ if (module->status == ModuleEnumerator::CONFIRMED_BAD) {
+ ++confirmed_bad_modules_detected_;
+ if (module->recommended_action & ModuleEnumerator::NOTIFY_USER)
+ ++modules_to_notify_about_;
+ } else if (module->status == ModuleEnumerator::SUSPECTED_BAD) {
+ ++suspected_bad_modules_detected_;
+ if (module->recommended_action & ModuleEnumerator::NOTIFY_USER)
+ ++modules_to_notify_about_;
+ }
}
scanning_ = false;
@@ -965,7 +1050,8 @@ void EnumerateModulesModel::DoneScanning() {
GURL EnumerateModulesModel::ConstructHelpCenterUrl(
const ModuleEnumerator::Module& module) const {
- if (!(module.recommended_action & ModuleEnumerator::SEE_LINK))
+ if (!(module.recommended_action & ModuleEnumerator::SEE_LINK) &&
+ !(module.recommended_action & ModuleEnumerator::NOTIFY_USER))
return GURL();
// Construct the needed hashes.
« no previous file with comments | « chrome/browser/enumerate_modules_model_win.h ('k') | chrome/browser/resources/about_conflicts.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698