Posted 11 January 2013 - 06:44 PM
The following should be addressed to the producer(s) of SumatraPDF Reader, but since they don’t seem to be interested in keeping in touch with the users of his/their product (the main con of whatever is free) I’ll really appreciate this forum’s members help. Thanks in advance.
Since I never have downloaded SumatraPDF (I didn’t even know it existed) when my Secunia 2.00 started showing it long, long time ago but I couldn’t find it anywhere in my computer, I worried because I didn’t know if it was a part of a program (so I shouldn’t uninstall it) or if it was some kind of malware disguised as a program.
According to Secunia 3.0 (the new version), it is always updating without (never) completing the process nor letting me do it manually, so it is a security weak point in my computer (permanently out of date/unpatched). One night I clicked my Windows Start and surprise! its icon was there! I clicked on “all programs” and yes! it was listed there! I went to “Program Files (x86) and yes! it was there too! It didn’t seem to me to be tied somehow to another program as part of it, so I took my chances and used my Revo Uninstaller to kick it out (at last!). The next day it was there again! It wasn’t only a shortcut, it was in Program Files (x86) again and it was working! It (downloaded? and) re-installed by itself! The worse thing was that it wasn’t even the latest version but the same old one that I uninstalled the night before.
I was going to uninstall it again and install the newest version to see what happened, so I tried to download the latest version, first, directly from its own homepage, but I couldn’t; something went wrong (rarely, because it didn’t happen while downloading anything else before). Then I tried at MajorGeeks website and I got it, but when I tried to install it (after uninstalling the old one) my F-Secure Internet Security alerted me about it this way:
“DeepGuard has noticed that an application is trying to manipulate or terminate another process, which is potentially dangerous. This application is SumatraPDF. Rating: Suspicious. Target: C:\program files (x86)\f-secure\fshoster32.exe”
It was trying not only to manipulate or terminate another process, but targeting precisely my antivirus, which is typical to malware. Coincidence? I did what you or anybody else would: I blocked it. A little while later that out of date version was back in its place again! So it re-installed it by itself twice already!
I downloaded Kaspersky Security Scan to have a “second opinion scan” and installed Comodo Firewall (I turned F-Secures’s firewall off). Kaspersky detected SumatraPDF and listed it under “Vulnerabilities” as a part of my NovaBackup, and my Comodo detected it too and listed it as an unknown file (so, potentially dangerous). I asked NovaStor about it and they said “yes, it is a part of your NovaBACKUP software” (it is PDF reader that works from Boot CD to Display Help File in Disaster Recovery Backup CD).
Now, at least, I know where it came from and, if it is part of a reputable, trusted program as it is to me NovaBACKUP, then it must be safe but, at the same time, now new questions have arisen. The very first: Is it really safe? (I probably should use another backup software)
1. Why that decidedly suspicious behavior?
2. Why it is now installed in my computer separately from NovaBACKUP too?
3. I understand why I can’t update the SumatraPDF that is part of NovaBACKUP (I don’t even know if it is out of date or not) but why I can’t update that SumatraPDF that is installed separately from NovaBACKUP? And
4. Why (and how) it re-installs by itself?
Thanks again for your time and help, and I hope it helps others.