1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SUPER... a program I had used for years... NOW TROJAN HELL

Discussion in 'Windows - Virus and spyware problems' started by Pawpcorn, Jan 2, 2018.

  1. Pawpcorn

    Pawpcorn Newbie

    Joined:
    Jan 2, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Alert, to my fellow Video processing enthusiasts!!!

    SUPER, a program that I had used for YEARS on my Windows 7 computer.... just did a MAJOR number on my Windows10 PC....

    I downloaded the "free" version of it here:
    http://www.erightsoft.com/SUPER.html

    And... there were NO options to NOT install the piggyback software...

    Next thing I knew Windows Defender was chiming every few seconds with additional TROJAN reports!!!

    I went to Task manager, and tried to stop NUMEROUS programs that were running... while I saw my screen, fonts, login to MEGA, just fall apart.

    I DID manage to get a system restore rolling, in the midst of this chaos.... which luckily had a system history of ONE DAY ago... and this seems to have done the trick.

    Here's the list, in Defender, of the Trojans that managed to get installed:
    https://s26.postimg.org/tzd0g6kgp/Trojan_Attack_from_Super.jpg

    Looking at the details from the FIRST Trojan in that list... it reported the source as being:
    file: C:\Users\OnSit\AppData\Local\Temp\68899703\ic-0.1ac4dd386555e4.e

    I navigated there, and found the 688... folder still there, so I deleted that...

    THEN saw a whole series of files that had dates/times of the attack on the
    C:\Users\OnSit\AppData\Local\Temp\ folder... and deleted all of those, too.

    Looking at all the details there, I deleted ANY and ALL Files and Folders there, that were created at the time of the attack.

    I also checked for this... and ANY other items in the Windows Defender Exclusions list, of which there were none:
    regkeyvalue: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\6161dd8c186ad3a4dc2561d6663ce7c2\

    This was insane, and to say that it stressed me out... and has left me in a state of anguish... would be an understatement.

    I DID report this site address to the Google Malicious Website Reporting page...

    I think I'll go ahead and take a XANAX, since my body is still shaking....

    Take care,
    Pawpcorn
     
    Last edited: Jan 2, 2018
  2. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,261
    Likes Received:
    63
    Trophy Points:
    78
    Concur ! avast is going nuts.The installer & the website do say there is bundle ware,however this software can now be considered virus ware
    @ pawcorn
    go take a gander at media coder as a replacement
     
  3. cactikid

    cactikid Active member

    Joined:
    Jun 2, 2007
    Messages:
    4,625
    Likes Received:
    23
    Trophy Points:
    68
    i use avast and now notice it needs to add more stuff but needs subscription:p
     
  4. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,261
    Likes Received:
    63
    Trophy Points:
    78
    That's the difference compared to Super.You have to pay avast before it will install the rest of the crap you don't need,except for software updater & the other free garbage it lets you have at least you can untick it before installing
     
  5. cactikid

    cactikid Active member

    Joined:
    Jun 2, 2007
    Messages:
    4,625
    Likes Received:
    23
    Trophy Points:
    68
    i only added the software updater as on xp laptop many things were old including drivers.
     
  6. Ethrieltd

    Ethrieltd Member

    Joined:
    Jul 21, 2005
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    11
    Super has been like that a while.

    Switch to StaxRip or Hybrid, the same sort of thing. A Frontend for other programs, but no evil included.
     
  7. ChappyTTV

    ChappyTTV Member

    Joined:
    Nov 2, 2006
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    18
    Many times these 3rd party software distributors will wrap an original installer, with an installation program of it's own and that's mostly where these parasite programs reside. These wrappers basically take over the process that the original installer performed and installs all it's parasitic junk before, or as it runs the original exe in the background, basically looking just like a regular installer as it does the dirty shit in hiding. This makes many people think that their fave program is now Malware/Adware crap, but in reality, many times the original program developer has no idea these 3rd party software sites have done this....sometimes they do know, in the case of Adware, and receive a kickback on revenues.

    If this is the case, you can use a program called UniExtract to strip this installer wrapper and extract the original program installer exe file and run it as it was intended, clean! Install Uniextract, add it to your context menu options and then use it to open your installer and extract whatever files are hidden inside. Most times, you'll find the original program exe installer in the extracted files, run that and you may just get your clean program back.

    Good Luck!
    Dave
     
  8. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,261
    Likes Received:
    63
    Trophy Points:
    78
    Always wondered how to extract stuff from a .exe.Looking forward to trying it out..
    There's also an update at github in 2nd link however i have no idea what your supposed to do with it.There's no .exe to execute the app & adding copy pasting into the old version seems to do nothing to add more function

    https://www.legroom.net/software/uniextract

    Universal Extractor 2 is an unofficial updated and extended version of the original UniExtract by Jared Breland. It brings several hundred changes including community-wanted ones such as a batch mode, auto-updater and scan-only-functionality.
    https://github.com/Bioruebe/UniExtract2
     
  9. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,147
    Likes Received:
    41
    Trophy Points:
    128
  10. Pawpcorn

    Pawpcorn Newbie

    Joined:
    Jan 2, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the advice, guys...

    Aftermath... I (made the mistake) installing Malwarebytes, and now my restores fail...

    Seems the main thing that's occurred (beyond the ramifications of the above) is that I need my browser (I use Pale Moon) to block popups... then things seem to be "under control", but... I know... my OS is now damaged... :(
     
  11. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,153
    Likes Received:
    134
    Trophy Points:
    143
    uninstall Malwarebytes then run system restore.
     
  12. ChappyTTV

    ChappyTTV Member

    Joined:
    Nov 2, 2006
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    18

    Hi Scorp, long time! Attar, this is for you too...and Hi!

    I just installed UniExtract 1.6.1 on Win10 and it installs and runs just as it should, if you don't want to try V2, which I hear is not quite the same, but that's probably more GUI and a few tweaks probably, but I'm used to the older version.
    There's a few ways to extract or decompile from an exe file my friend, I could show you some screenshots from my reverse engineering virus & trojans that can make a coder's head spin ;), but I had the tools and training to do so.
    Anyway, I'd use Uni to extract files from these wrapper/container installers that 3rd party sites, or bad guys use, to hide an original installer and the crap files it wants to install on the sly, but I'd use another tool to extract resources, strings, icons and other stuff from a clean, unwrapped exe, with a program like Resource Hacker, or Hex Toolbox.
    These are more user friendly, but when I really wanted to tear into something, make changes, strip or add injector points, access libraries, recompile, etc, I used tools like IDA Pro Advanced, along with various unpackers to crack the protections. Took me a great many sleepless nights (years) learning that program, even with the EXTENSIVE handbook from the creator, IDA Pro is a fusking NIGHTMARE to learn, but a monster program that gives you all the power to do anything you need with an .exe, .com and basically all executables.
    Have fun! (don't fusk up and infect yourself tho...lol!!)

    Dave
     

Share This Page