Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Program - PSPad


  • Please log in to reply
11 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 22 May 2014 - 04:58 PM

Luckily I always test programs that I want to use in a virtual environment, or on an isolated, test PC, UNDER THE PREMISE THAT THEY'RE INFECTED, UNTIL PROVEN OTHERWISE.

I came across the above program - see subject line.  IT FORCES the download of "InstallManager.exe", and "InstallManager.exe" attempts to download and install VOPackage.exe, infected with win32:Dropper-gen [Drp].

Luckily I have a pristine copy of my Paragon Image, plus AVAST blocked the problem.  I've reset the isolated, test computer, just to be safe.

 

Strike one more win for paranoia. :bananas: :bounce:

AVOID THIS PROGRAM.



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:33 AM

Posted 22 May 2014 - 05:08 PM

This shows yet again why one must always ensure to download applications directly from the developers website, or other highly trusted sources. Downloading from sites like C-net often have malicious attachments like this.

 

This program is legitimate and malware free when downloaded from the developers site.



#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 22 May 2014 - 05:43 PM

It was downloaded from the developer's site!



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:33 AM

Posted 22 May 2014 - 06:10 PM

I see... You did read this bit on the developers page? It is directly underneath the application description.

 

PSPad installer contains install manager that will make recommendations for additional free software that you may be interested in. Additional software may include toolbars, browser add-ons, game applications, anti-virus applications, and other types of applications. You are not required to install any additional software to receive your selected software. You can completely remove the program at any time in Windows' Add/Remove Programs. At the time of downloading you accept the conditions of use and privacy policies stated. The download will be executed through a download manager. The mentioned download manager doesn't have any relationship with the author. PSPad aims to offer downloads free of viruses and malwares.
In case you run installer in silent mode or with /nobundle switch, no bundled software is installed.

 

The usual opt-out stuff... Though admittedly slightly more advanced. It is a coders tool after all.

 

My firewall policies wouldn't even allow the server connection, and the target application just installed after installmanager.exe failed to download.


Edited by TsVk!, 22 May 2014 - 06:12 PM.


#5 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 22 May 2014 - 06:48 PM

I declined each option for additional software installation, but the program still tried to download it!  Since the author created the installer, he is responsible.


Edited by scotty_ncc1701, 22 May 2014 - 06:51 PM.


#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:33 AM

Posted 22 May 2014 - 07:37 PM

I hope you didn't take offense at my replies to your topic. I wasn't trying to knock you down mate, just addressing the subject.

 

I see you started a topic earlier on firewalls also. I can see you take your system security seriously and I wanted to make a recommendation. I use a product called M0n0wall, both at home and at my company. Here are pre-buillt routers with this firewall installed as firmware.

 

http://www.applianceshop.eu/index.php/firewalls/opnwall/desktop-editions.html

 

This is the equivalent of a commercial firewall in a box. It is just as powerful a a Cisco router in terms of protection but a hell of a lot easier to configure. With this device you can monitor ALL of your network traffic, see exactly which ports are being used, block all ports except your needed ones, prevent all unauthorized connections to you machine going in AND out. Because it is open source code it is highly verified and highly secure. Multimillion dollar companies rely on this exact same software for security, it's what we use here at my company (not this box, but the software that runs on it) and I can tell you, it is ultra secure without being ultra complicated.

 

This solution prevented my machine being infected with this add-on ware, which did present on your machine.

 

Regards,

 

TsVk!



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 22 May 2014 - 08:12 PM

Win32:Dropper-gen [Drp] is a generic antivirus detection for a file that appears to have Trojan-like behavior...a dropper Trojan generally contains potentially unwanted software which it drops (installs) alongside other free software downloaded from the Internet. The detection is not an infection in the typical sense...it is more accurately classified as a Potentially Unwanted Program (PUP) which does not fall in the same category as malicious files such as viruses, Trojans, worms, rootkits and bots. A PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic.

More information and Best practices for downloading software can be found in this topic:
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:33 AM

Posted 22 May 2014 - 08:17 PM

Thanks quietman7... I learn something new everyday, here on BC.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 22 May 2014 - 08:30 PM

You're welcome.

BTW scotty_ncc1701 , I have tried PSPad (portable zipped version) in the past but find these to be better alternatives.

EditPad Lite
Notepad++
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,233 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:33 AM

Posted 22 May 2014 - 08:33 PM

I use Notepad++

 

I think it's very good.



#11 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:33 PM

Posted 22 May 2014 - 09:47 PM

Malware Study Hall Junior: Don't worry, I didn't take your posts negatively.

Bleepin' Janitor: I have several text editors installed, but the main one used (maybe 98% of the time) being UltraEdit (older version).  I'm looking for a freeware replacement with good/excellent scripting abilities (e.g. javascript, c, python, etc).  I'm trying to eliminate as much retail/shareware programs that I can.

 

Thanks folks.
 



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 23 May 2014 - 05:41 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users