Trojans from CNET

Discussion in 'Windows - Virus and spyware problems' started by Mez, Aug 4, 2013.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I downloaded VLC from CNET. You download a install file not a setup. The install added at least one 'bonus' app. It was a cloud backup from Norton. Either as a part of this package or something from CNET or something else was an app called update. I can't see it as a process but it kept trying to connect to the internet. I normally keep my self unplugged from the network unless I need to be connected so it continued to fail making the connection.

    I restored my system to an earlier date just to be safe. I will NEVER download anything from CNET ever again. I assume the Trojan is a white hat Trojan but it may have the ability to automatically install more apps I do not want without my saw so.

    I looked for some indication that I would be installing software I did not want. This is all that was mentioned
    The
    said nothing about the extra software.
     
  2. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    Your first quote stated you would be offered it,however you have to move with the times & be sneakier than them by hitting decline on the offers regardless if it appears grayed it will still work & keep hitting decline till you get the the vlc install then it will do whats required without the added bonuses.lmao..,AD has a similar download only it uses tick boxes or just use filehippo instead or direct download at sourceforge
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Gee, Mez, You're an addict, I thought you had been around long enough that you wouldn't fall for loading a bunch of Foistware from CNET. It's not a Trojan, just a bunch of junk you don't need. [​IMG]
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I was never given a choice other than to click the download button or not. The information I posted was from the mouseover which I didn't check until after a had a auto downloader installed on my computer. Then I went over everything with a fine tooth comb to see if I had missed something. Even reading that message you would expect an offer. There were none. Plus the updater was not part of the backup. For all I know a hacker added it to the the download. I say this because the message stated the error came from update.exe instead it came from a different file with a garbage name. That sounds like it was more of a hack than a legit process.
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    That's just one good reason I never use CNET...
    If I can't find a download from the owner, Filehippo or MajorGeek, I just do without it. LOL
     
  6. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    2Old, I just saw your post. If it was just Foistware why was it trying to get to the internet? I know I am paranoid when it comes to malware but I am thinking it is probably a black Trojan even it is white I still do not want to get new Foistware every day.
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Foistware is just software that you did not intentionally download, not necessarily bad..
    And most software calls out for different reasons, not always bad...
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    These days most of the Free software comes with a sh.t load of Foistware, even from the reputable company's. You have to be on your toes all of the time. Or download adwcleaner and run it every so often to clean up the Adware and Foistware.

    2oG
     
  9. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    Mez it's secure downloader it doesn't get installed only the software you don't opt of does the rest is held & dumped from the temp folder including the downloader just like any of the normal bundled opencandy your used too,its not permanent the downloader that is
     
  10. andrews04

    andrews04 Member

    Joined:
    Mar 21, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    If you download programs using CNET installer then you will surely get tons of unwanted programs and crappy toolbars free of cost. That's why I prefer to download directly from developers website.
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Is there an echo in here? I think that's what I said.... LOL
     
  12. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    I hadn't used CNET in a few years. Then they were 'cleaner' than many owners' sites which usually had foistware and CNET did not. Well those days are long gone. While I am on the uploader roll...

    I had maleware I couldn't find late last year. I kept the C: untouched as D: not to lose any valuable data and started a new C: with little data on it. I still keep my data on D: when I can. I have re-imaged C: more than once since then.

    Well this week my virus scanner finally found one of the bad guys on that old drive. It was Airupdater.exe. I assume there is pleanty more where that came from with a name like that. So just because your scanners say you are clean doesn't mean a thing. I am sure I believed I was getting that malware from the adobie website when I was updating my plug ins. Again it was inside the update package I distrust autoupdates so I was given no choice not to install it. I suspect this move to downloading an update package instead of the EXE is one huge step away from security.
     
  13. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,725
    Likes Received:
    46
    Trophy Points:
    78
    mez,adobe air updater???
     
  14. andrews04

    andrews04 Member

    Joined:
    Mar 21, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Sorry, I didn't see it....lol
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    @aldan, Probably Adobe AIR but you should know by now that Mez always goes around his fist to get to his thumb. Even tho a straight line is the shortest distance between two points. lol

    @Mez, I know I have told you how to relocate your data so you don't have a chance to loose it and how to backup your boot drive so that when you really do get malware you can just recover it back a day or so and poof the malware is gone. Quit trying to re-invent the wheel! LOL
     
  16. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    2old, what I did was buy a new smaller C: and kept the old C: as F:. I do keep all my data on F:. By the way how is that going "around his fist to get to his thumb", or did I forget to do that this time?

    Aldan yes it is the air updater. However, the air updater on C: was fine. Maybe it was a false positive with that version or maybe it was malware. What better place for a trojan? From what I have read the trend is to package malware in legitimate applications especially ones that have a firewall pass. The code in the exe doesn't need to be all that different. They can just call a different routine in a different DLL or just overwrite the DLL.
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    LOL, Just meaning you could have handled it a lot easier, I was being facetious, all in jest, I love to stir the pot to see what comes to the top..... Nothing personal.. Hang in there, Bro![​IMG]


    2oG
     
  18. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    2oldGeek, shit disturber!!!!
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yeah, I'm always pushing around a bucket of shit, with a short handle stick. LOOK OUT!!!
     
  20. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    wouldn't touch that with a 10 foot pole.
     

Share This Page