Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lethal Virus Spread Alert!


  • Please log in to reply
4 replies to this topic

#1 Touchito

Touchito

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nevada
  • Local time:09:30 PM

Posted 05 March 2015 - 10:32 AM

Hello, Everybody,

 

I didn’t know where else I could “publish” this alert, I hope this is the appropriate forum.

 

Malware producers surely like popular software to spread virus and all kind of nasty stuff, and CCleaner might be one of their favorites.  I caught trojan.malpak by downloading CCleaner from downloadinfo.co by mistake, and this might happen to anyone the least expected day.  This is the way I made the said mistake:

 

If you—like almost everybody—use CCleaner free version, you have to update it somewhat often; normally, you click on CCleaner’s “There is a new version” pop-up dialogue box or “Check for Updates”, and it will send you to piriform.com [CCleaner official website]; but if you’re doing it by googling “CCleaner”, you probably (not always) will be redirected to downloadinfo.co (.co; not .com) instead of piriform.com  You don't notice the difference because that website looks a lot like piriform.com, so you will download CCleaner’s new version from there …with unwanted programs and trojan.malpak (also called Trojan Downloader or Sality Virus) which is not-curable, so you got to re-install Windows.

 

Right when I opened the ccsetup502.exe file, a Malwarebytes pop-up alerted me and I chose “quarantine”, but it couldn’t quarantine it (it said “quarantine failed”).

 

And if after being infected, you want to return to downloadinfo.co to report it to Google, you can’t get in again.


Edited by Touchito, 05 March 2015 - 10:43 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:30 PM

Posted 05 March 2015 - 12:24 PM

Sorry to hear about your unfortunate experience. Many third-party hosting sites bundle junk software in their download packages as a way to increase vendor revenue and recoup business costs through the distribution of third party software. This practice is now the most common revenue generator for free downloads...see Third-Party Bundling.

These bundled packages, installers and downloaders can often be the source of various issues and problems to include adware, pop-up ads, browser hijacking which may change your home page/search engine, and cause user profile corruption. As such many of them are classified as Potentially Unwanted Programs (PUPs).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 05 March 2015 - 12:30 PM

When I Google "CCleaner", that website you mentionned doesn't show up in the first page of results. I had to Google "CCleaner DownloadInfo" to get the link and it returned me a 404.

hxxp://www.downloadinfo.co/review/ccleaner/

Looks like it's already down.

Mod Edit by quietman7: Disabled active link(s) to possible malware.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:30 PM

Posted 05 March 2015 - 12:36 PM

Please do not post active links to possible malware, including links which may lead to sites where infections have been contracted and spread. If the site becomes workable again, we don't want other members accidentally clicking on such links and infecting their machines.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 05 March 2015 - 12:38 PM

Sorry I forgot about that, I used to do it on MalwareTips but I lost the habit I guess.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users