mirror of
https://github.com/quasar/Quasar.git
synced 2026-04-25 15:25:59 +03:00
[GH-ISSUE #1238] how do i end the proccess #914
Labels
No labels
bug
bug
cant-reproduce
discussion
duplicate
easy
enhancement
help wanted
improvement
invalid
need more info
pull-request
question
wont-add
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/Quasar#914
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @someguy1412 on GitHub (Jan 22, 2024).
Original GitHub issue: https://github.com/quasar/Quasar/issues/1238
Quasar version
1.4.1
Server installed .NET version
.NET 6.0
Server operating system
Windows 11/Server 2022
Client installed .NET version
.Net 6.0
Client operating system
Windows 11/Server 2022
Build configuration
Release
Describe the bug
i cannot end the process that was made by client built.exe
How to reproduce
open builder
build it
open the file
Expected behavior
cannot end the process
also it doesnt connect with quasar.exe
Actual behavior
.
Additional context
.
@edcdecl commented on GitHub (Jan 22, 2024):
this is not a bug.
@someguy1412 commented on GitHub (Jan 22, 2024):
i dont care. how the fuck do you close it
@MaxXor commented on GitHub (Jan 22, 2024):
Simply kill it in task manager.
@someguy1412 commented on GitHub (Jan 22, 2024):
didnt work because it said access denied even tho im administrator
@MaxXor commented on GitHub (Jan 22, 2024):
Just reboot the PC then and remove it from autostart in task manager. However normally Quasar has no persistence options to hinder terminating the process. Where did you download Quasar from?
@Yttrium-tYcLief commented on GitHub (Jan 25, 2024):
Unrelated (I think) to this original issue, but related to this question - it seems to me like malicious actors are using custom builds of Quasar to infect machines and remotely access them. I caught this happening in the act on a machine I admin. I fully understand this is an open-source project, and greatly value that, but figured I should make you aware of the fact that it is now turning up in malicious situations.
Malwarebytes actually caught it as renamed processes hidden in manually-created Roaming folders. I've seen it named as NVIDIA.exe, explorer.exe, Discord.exe, and uTorrent.exe. These malicious versions of the binary use app icons of the apps they're trying to impersonate, but under the hood it's Quasar and the files even mention your name (MaxXor) in the description fields of their metadata.
When active, it seems bad actors are logging into these machines, firing up Chrome, and going for low-hanging fruit of directly accessing PayPal and other institutions. They can't get past 2FA, but they're hoping their prey have autofill for passwords and don't have 2FA, in which case they immediately try to drain accounts. In the instance above they accessed Gmail looking for leads, and then tried PayPal and Coinbase, all in a matter of minutes.
I really hope, for your sake, this practice doesn't get too widely-adopted, or else it's going to train antivirus heuristics that anything related to Quasar is a PUP.
I'd be interested in obtaining logs - how exactly are those stored? I see the documentation about setting a path, but it doesn't say much about the log format. There are (expectedly) a lot of nondescript log files on a typical system.