First, great forum, it's an awesome resource.
So I recently bought a gamepad for my new Windows 8 PC (and it was a bit buggy on a game that I just installed) and I wanted to check and see if it was working properly. I searched Google and went what I thought was the official Windows 8 App website (yeah, I'm an idiot) and downloaded a program called Joystick Tester, here is the link (oddly, its actually the first search item that pops up) -- the actual site "looks" like an official Windows 8 site, but it's not:
At any rate, the install didn't complete (I don't think), I cancelled halfway through cause it didn't seem kosher (it kept asking me to install other bloatware-like apps). After a bit of digging, found out the app is from a developer called Cheng Du Vtools Information Technology... seems sketchy, I don't know... a quick Google search and they seem to be connected with some kind of quasi-military tech university institution in the PRC?
At any rate, I have ran Norton Internet Security full scan of my PC and it hasn't come up with anything, however, I did note that after the install, from my Norton logs, there is a process called KMS connection broker which was enabled through my firewall, I Googled this it is a proper MS program, but it's connected to remote desktop application (geez, that's worrying, I don't ever remember enabling this nor do I ever use this)... And I also noted there were several logs related to "Teredo Tunneling Pseudo-Interface" I have never seen before in my logs prior... Now I'm getting worried, so I went to the online scanner site Jotti, and scanned the installer and it found this:
ClamAV found "PUA.Win32.Packer.Upx-28"
esset found "Win23/FreeNew.B"
But, the rest of their scanners "Found Nothing" (a total of 20 others including Kasperksy, TrendMicro, VBA32, AVG, Dr.WEB, etc)
Lastly, the thing is (as far as I can tell) the actual program never installed (there is nothing in the installed programs section which shows this program) and so there isn't a way to "uninstall" -- multiple Norton scans have come up empty... Am I being paranoid? Am I screwed?
Any thoughts would be helpful. Thanks.
Edited by agoodfella, 17 August 2013 - 05:06 AM.