Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started to download Soundcloud Downloader, but realized it could be dangerous


  • Please log in to reply
4 replies to this topic

#1 fuzzyfishy

fuzzyfishy

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 12 August 2013 - 12:02 PM

Hi, I am running Windows XP Service Pack 3.
 
About an hour ago I clicked to download Soundcloud Downloader from CNET. I saw the high rating it had with 102 votes, so I thought the program should be pretty safe, but when I saw the downloader/installer box I started to get nervous. Then I read some of the reviews (which I clearly should have done first) and this one sums it up pretty well:

Doesn't work at all and all the 5 star reviews were created by the developer

 
As soon as I read that review I unlugged the internet and clicked on the downloader/installer box to cancel, but I don't know how far it had already gotten in putting files on my computer.
 
How concerned should I be? Could this file download possibly have installed hidden malware?
What is the best course of action to keep from having any viruses/malware/rootkits, etc. show up on my computer in a day/week/four months from now?
Is just running some virus scans enough?
Should I use system restore, and will that prevent anything from this download from still being anywhere deep in the computer?
 
Any help or advice is very appreciated.

Edited by Orange Blossom, 12 August 2013 - 12:21 PM.
Removed link. ~ OB


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:59 PM

Posted 12 August 2013 - 02:11 PM

SoundCloudDownloader.exe is a small file (600.84K) and would have downloaded very quickly. The file, if completely downloaded, would have been saved in whatever folder you set up to save your downloads. As an .exe file, it would not have been installed unless you double-clicked on it to install. If you did that...the setup box should have opened with a Welcome to the PC Gizmos Download Manager window and a Next Step button for you to click. You should then have been asked if you wanted to make Bing your search Engine, then to click the Next Step button again to continue installation. If you clicked No thanks, setup is cancelled.

You can verify if the program was installed by check Add/Remove Programs in Control Panel.

BTW, just because you read a review you did not like means SoundCloudDownloader is a bad (malicious program). CNET uses Secure Download free of malware.

CNET Downloads software policies

We will not list software that contains viruses, Trojan horses, malicious adware, spyware, or other potentially harmful components. We will not list products known to contain such items in instances outside CNET Downloads, and we may disallow products from publishers our editors feel violate the spirit of this policy.


Download.com malware policies

We have always manually evaluated every downloadable Windows product that we list on the site, and since 2005, we've had a zero-tolerance policy that prohibits all undisclosed bundled software and all software that serves browser pop-up ads.

While our malware policies are clear and well communicated to all Download.com team members, we are not immune to mistakes. If you find a product you think could be considered malware listed on Download.com, please click the "Report a Problem" link underneath the "Quick Specs" section of every Windows product page. A communication window provides the selection "This program has malware" with a description field to include as much info as you can to help us determine the program's safety.

...The Download.com Installer is a step-by-step wizard that helps users manage the process of installing the software they downloaded. The Installer has at times been flagged as malware by security vendors. We believe that all of these flags are false positives and have been resolved, or are working directly with the specific security vendors to resolve them.


However, you always have to be careful using CNET and similar reputable download hosting sites because they use heavy and confusing advertising with download links. Clicking on the incorrect link (thinking its the one you want) often results in downloading a program the user did not intend to download.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:59 PM

Posted 12 August 2013 - 02:14 PM

Should I use system restore, and will that prevent anything from this download from still being anywhere deep in the computer?

If you were actually infected, sometimes this method of recovery works but other times it may not since System Restore was not designed to be a virus or malware removal tool. Whether it will be successful depends on what type of infection you are dealing with, what damage the malware has already caused, whether it disabled System Restore and if not, what is restored during the process.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 fuzzyfishy

fuzzyfishy
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 16 August 2013 - 11:02 PM

Thank you for replying with all the information.

 

 

The program is not listed in Add/Remove Programs. When I hit cancel on it, it was at this part:

...the setup box should have opened with a Welcome to the PC Gizmos Download Manager window and a Next Step button for you to click.

I think I may have clicked Next Step, but it had not gotten to the question about Bing yet.

Considering the info about CNET and the fact that it did not finish installing the program, I guess I will assume for now that nothing malicious was put on my computer from it.

 

 

I did run an MSE full scan, and it found two things (Trojan:JS/Medfos.A, Trojan:JS/Tracur.E) but they appear to have something to do with a Mozilla Firefox extension. Unfortunately, I hadn't run a full scan on the computer (only scheduled quick scans once a week) for multiple months, so I don't know if those trojans had been there for a while or not.

 

Question 1: Do you think I should be concerned about those two items that were detected. Are they probably part of some infection on the PC?

 

 

 

On a different subject, I read the link you gave about what is restored during the System Restore process. It lists Contents of the My Documents folder(s) as being not restored. BC's System Restore Guide also mentions other file types System Restore does not store in a Restore Point:

Any file types not monitored by System Restore like personal data files e.g. .doc, .jpg, .txt etc.

 

Microsoft's page about How to restore Windows XP to a previous state says:

System Restore does not affect personal files, such as email messages, documents, or photos.

 

 

Question 2: So for example, does all that mean that if I used a System Restore point, all .jpg files and webpages saved would be totally gone from the PC, or only those types of files that were created since after the restore point was made would be gone, or does it mean something else?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:59 PM

Posted 17 August 2013 - 04:35 PM

1. Without knowing the specific file(s) name associated with the malware threat(s) and where were they located (full file path) at the system, it's difficult to determine exactly what the scanning engine detected.


Please download and perform a scan with AdwCleaner by Xplode. This is a utility which will identity and remove any unknown Toolbars, adware and potential unwanted programs (PUP).

-Double click on AdwCleaner.exe to run the tool and click on the Clean button.
Vista/Windows 7/8 users right-click and select Run As Administrator.
- When finished, a logfile (AdwCleaner[X].txt) will automatically open in Notepad after the scan has finished. The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
- Copy and paste the contents of that logfile in your next reply.


Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
2. System Restore will only restore those files it monitors...it leaves everything else alone.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users