Trojans from CNET

I downloaded VLC from CNET. You download a install file not a setup. The install added at least one 'bonus' app. It was a cloud backup from Norton. Either as a part of this package or something from CNET or something else was an app called update. I can't see it as a process but it kept trying to connect to the internet. I normally keep my self unplugged from the network unless I need to be connected so it continued to fail making the connection.

I restored my system to an earlier date just to be safe. I will NEVER download anything from CNET ever again. I assume the Trojan is a white hat Trojan but it may have the ability to automatically install more apps I do not want without my saw so.

I looked for some indication that I would be installing software I did not want. This is all that was mentioned

The

said nothing about the extra software.

 

Your first quote stated you would be offered it,however you have to move with the times & be sneakier than them by hitting decline on the offers regardless if it appears grayed it will still work & keep hitting decline till you get the the vlc install then it will do whats required without the added bonuses.lmao..,AD has a similar download only it uses tick boxes or just use filehippo instead or direct download at sourceforge

 

Gee, Mez, You're an addict, I thought you had been around long enough that you wouldn't fall for loading a bunch of Foistware from CNET. It's not a Trojan, just a bunch of junk you don't need.

 

I was never given a choice other than to click the download button or not. The information I posted was from the mouseover which I didn't check until after a had a auto downloader installed on my computer. Then I went over everything with a fine tooth comb to see if I had missed something. Even reading that message you would expect an offer. There were none. Plus the updater was not part of the backup. For all I know a hacker added it to the the download. I say this because the message stated the error came from update.exe instead it came from a different file with a garbage name. That sounds like it was more of a hack than a legit process.

 

That's just one good reason I never use CNET...
If I can't find a download from the owner, Filehippo or MajorGeek, I just do without it. LOL

 

2Old, I just saw your post. If it was just Foistware why was it trying to get to the internet? I know I am paranoid when it comes to malware but I am thinking it is probably a black Trojan even it is white I still do not want to get new Foistware every day.

 

Foistware is just software that you did not intentionally download, not necessarily bad..
And most software calls out for different reasons, not always bad...

 

These days most of the Free software comes with a sh.t load of Foistware, even from the reputable company's. You have to be on your toes all of the time. Or download adwcleaner and run it every so often to clean up the Adware and Foistware.

2oG

 

Mez it's secure downloader it doesn't get installed only the software you don't opt of does the rest is held & dumped from the temp folder including the downloader just like any of the normal bundled opencandy your used too,its not permanent the downloader that is

 

If you download programs using CNET installer then you will surely get tons of unwanted programs and crappy toolbars free of cost. That's why I prefer to download directly from developers website.

 

Is there an echo in here? I think that's what I said.... LOL

 

I hadn't used CNET in a few years. Then they were 'cleaner' than many owners' sites which usually had foistware and CNET did not. Well those days are long gone. While I am on the uploader roll...

I had maleware I couldn't find late last year. I kept the C: untouched as D: not to lose any valuable data and started a new C: with little data on it. I still keep my data on D: when I can. I have re-imaged C: more than once since then.

Well this week my virus scanner finally found one of the bad guys on that old drive. It was Airupdater.exe. I assume there is pleanty more where that came from with a name like that. So just because your scanners say you are clean doesn't mean a thing. I am sure I believed I was getting that malware from the adobie website when I was updating my plug ins. Again it was inside the update package I distrust autoupdates so I was given no choice not to install it. I suspect this move to downloading an update package instead of the EXE is one huge step away from security.

 

mez,adobe air updater???

 

Sorry, I didn't see it....lol

 

@aldan, Probably Adobe AIR but you should know by now that Mez always goes around his fist to get to his thumb. Even tho a straight line is the shortest distance between two points. lol

@Mez, I know I have told you how to relocate your data so you don't have a chance to loose it and how to backup your boot drive so that when you really do get malware you can just recover it back a day or so and poof the malware is gone. Quit trying to re-invent the wheel! LOL

 

2old, what I did was buy a new smaller C: and kept the old C: as F:. I do keep all my data on F:. By the way how is that going "around his fist to get to his thumb", or did I forget to do that this time?

Aldan yes it is the air updater. However, the air updater on C: was fine. Maybe it was a false positive with that version or maybe it was malware. What better place for a trojan? From what I have read the trend is to package malware in legitimate applications especially ones that have a firewall pass. The code in the exe doesn't need to be all that different. They can just call a different routine in a different DLL or just overwrite the DLL.

 

LOL, Just meaning you could have handled it a lot easier, I was being facetious, all in jest, I love to stir the pot to see what comes to the top..... Nothing personal.. Hang in there, Bro!


2oG

 

Yeah, I'm always pushing around a bucket of shit, with a short handle stick. LOOK OUT!!!