Jump to content

Paint.NET - MD5Sums - Fileforum 2.63 download calls Bulgaria

Recommended Posts

We are testing various editions of Paint.NET on the Microsoft Windows XP SP2 with all of the updates and .NET packages pre-installed. We first downloaded the Paint.NET 2.63 with .NET 2.0 from the Fileforum site and loaded it with Custom - No Automatic updates. The program wouldn't install without calling the crl.usertrust.com. We packet logged the installation and completely blocked the Internet. Eventually it appeared to install. When I attempted to open a tif file for editing the firewall alarmed with a Paint.NET is trying to reach ftp.eunet.bg ( Bulgaria--access was denied. Then Paint.NET tried to call the.earth.li and then ftp.chiark.greenend.org.uk and began an internal denial of service attack. The version of XP Pro SP2 is OEM, (completely new install) with Genuine Advantage.

We downloaded the 2.64 without the .NET packages and installed it after removing the other version and deleting the installation directory and it is working perfectly without a glitch or single firewall alarm and it doesn't appear to call the Internet when opening and closing a file or when uninstalling. We installed it without the automatic updates.

Any thoughts or similar experiences? Is there a way to verify download integrity by including an MD5 Sum or CRC checksum on the download page?

Link to comment
Share on other sites

well crl.usertrust.com seems to have security certificates.

ftp.eunet.bg doesn't seem to be an active site.

the.earth.li hasd very little things.

ftp.chiark.greenend.org.uk has very little things.

you must have downloaded a glitchy version.


I built my first computer at age 11!

Link to comment
Share on other sites

* Fixed a startup performance problem on some systems that was an artifact of the way the .NET Framework was verifying Authenticode signatures as part of its assembly loading process

No. Way. I've just seen Bob. And... *poof!*—just like that—he disappears into the mist again. ~Helio

Link to comment
Share on other sites

If you're worried about the download integrity just verify the digital signature on the package. See the end of this thread for an explanation as to what is going on with respect to the crl.usertrust.com connection, it's completely harmless but fixed in 2.64: http://paintdotnet.12.forumer.com/viewt ... ow+startup .

Paint.NET does not "call Bulgaria" or those FTP sites. If you are seeing connections like that then you have something else on your system that is probably hijacking the PaintDotNet.exe process and injecting a thread or threads to do various things. Please run a full virus and antispyware scan.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...