Bad Program - PSPad

Luckily I always test programs that I want to use in a virtual environment, or on an isolated, test PC, UNDER THE PREMISE THAT THEY'RE INFECTED, UNTIL PROVEN OTHERWISE.

I came across the above program - see subject line.  IT FORCES the download of "InstallManager.exe", and "InstallManager.exe" attempts to download and install VOPackage.exe, infected with win32:Dropper-gen [Drp].

Luckily I have a pristine copy of my Paragon Image, plus AVAST blocked the problem.  I've reset the isolated, test computer, just to be safe.

 

Strike one more win for paranoia.

AVOID THIS PROGRAM.

This shows yet again why one must always ensure to download applications directly from the developers website, or other highly trusted sources. Downloading from sites like C-net often have malicious attachments like this.

 

This program is legitimate and malware free when downloaded from the developers site.

It was downloaded from the developer's site!

I see... You did read this bit on the developers page? It is directly underneath the application description.

 

PSPad installer contains install manager that will make recommendations for additional free software that you may be interested in. Additional software may include toolbars, browser add-ons, game applications, anti-virus applications, and other types of applications. You are not required to install any additional software to receive your selected software. You can completely remove the program at any time in Windows' Add/Remove Programs. At the time of downloading you accept the conditions of use and privacy policies stated. The download will be executed through a download manager. The mentioned download manager doesn't have any relationship with the author. PSPad aims to offer downloads free of viruses and malwares.
In case you run installer in silent mode or with /nobundle switch, no bundled software is installed.

 

The usual opt-out stuff... Though admittedly slightly more advanced. It is a coders tool after all.

 

My firewall policies wouldn't even allow the server connection, and the target application just installed after installmanager.exe failed to download.

Edited by TsVk!, 22 May 2014 - 06:12 PM.

I declined each option for additional software installation, but the program still tried to download it!  Since the author created the installer, he is responsible.

Edited by scotty_ncc1701, 22 May 2014 - 06:51 PM.

I hope you didn't take offense at my replies to your topic. I wasn't trying to knock you down mate, just addressing the subject.

 

I see you started a topic earlier on firewalls also. I can see you take your system security seriously and I wanted to make a recommendation. I use a product called M0n0wall, both at home and at my company. Here are pre-buillt routers with this firewall installed as firmware.

 

http://www.applianceshop.eu/index.php/firewalls/opnwall/desktop-editions.html

 

This is the equivalent of a commercial firewall in a box. It is just as powerful a a Cisco router in terms of protection but a hell of a lot easier to configure. With this device you can monitor ALL of your network traffic, see exactly which ports are being used, block all ports except your needed ones, prevent all unauthorized connections to you machine going in AND out. Because it is open source code it is highly verified and highly secure. Multimillion dollar companies rely on this exact same software for security, it's what we use here at my company (not this box, but the software that runs on it) and I can tell you, it is ultra secure without being ultra complicated.

 

This solution prevented my machine being infected with this add-on ware, which did present on your machine.

 

Regards,

 

TsVk!

Win32:Dropper-gen [Drp] is a generic antivirus detection for a file that appears to have Trojan-like behavior...a dropper Trojan generally contains potentially unwanted software which it drops (installs) alongside other free software downloaded from the Internet. The detection is not an infection in the typical sense...it is more accurately classified as a Potentially Unwanted Program (PUP) which does not fall in the same category as malicious files such as viruses, Trojans, worms, rootkits and bots. A PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic.

More information and Best practices for downloading software can be found in this topic:
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Thanks quietman7... I learn something new everyday, here on BC.

You're welcome.

BTW scotty_ncc1701 , I have tried PSPad (portable zipped version) in the past but find these to be better alternatives.

EditPad Lite
Notepad++

I use Notepad++

 

I think it's very good.

Malware Study Hall Junior: Don't worry, I didn't take your posts negatively.

Bleepin' Janitor: I have several text editors installed, but the main one used (maybe 98% of the time) being UltraEdit (older version).  I'm looking for a freeware replacement with good/excellent scripting abilities (e.g. javascript, c, python, etc).  I'm trying to eliminate as much retail/shareware programs that I can.

 

Thanks folks.
 

You're welcome on behalf of the Bleeping Computer community.