Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Brand new Computer - story


  • Please log in to reply
28 replies to this topic

#1 UncleZen

UncleZen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 01 April 2015 - 05:17 AM

I setup a brand new Windows 8.1 computer for a freinds business. I installed:

- Avast

- LibreOffice

- Flash Player

- HMRC App (UK business government thing)

- Teamviewer QS

Thats it. Its for business.

 

Next day there are popups whenever the internet is visited.

So I Installed Malware Bytes to see if I could track down the cause - nothing found.

So with a bit more manual digging, it turns out that there was something called. Digital More installed, more here:

http://malwarefixes.com/remove-digital-more-ads/

I removed this and all is well.

I then got to wondering:

1) Was this installed by default on a new computer (no other bloatware on the box)?

2) Did this sneak on somehow, after connecting to the internet and before AV was installed?

3) Did this get loaded by another installer (all the installers were downloaded from their owning sites)?

 

I was somewhat surprised that malware bytes didnt find it, I was led to belive that it's quite good.

 

Any views, thoughts, musings anyone?


Edited by hamluis, 01 April 2015 - 07:05 AM.
Moved from Win 8 to General Security - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:27 AM

Posted 01 April 2015 - 05:29 AM

Hi UncleZen :)

My guess is that your friend most likely downloaded something or clicking on something he shouldn't have and that installed the "Digital More" adware on his system. If you say that the image was "fresh" (clean one) on the computer, then I doubt it was present as "out of the box". For number two, unless you browsed on very shade websites/webpages before (and even after) installing avast!, I doubt this is how it got on the system. For number 3 it's still possible, it depends if you really downloaded the installers from their official websites.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 54,840 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:27 AM

Posted 01 April 2015 - 07:03 AM

Well...it's a known fact...that there is NOTHING which neutralizes the gazillions of malware types that currently exist.

 

That's why there are a variety of tools that are typically used in efforts to find and neutralize malware existing on the system.

 

To assume otherwise...is somewhat foolhardy, IMO, regardless of the rhetoric used by the developers of malware tools purporting to be capable of that which is just...beyond the tool's capabilities.  In defense of Malwarebytes...I've never seen any claim by the developers that using their tool will result in 100% detection/removal of existing malware.

 

To assume that Malwarebytes (or any other tool) is all that one needs to remove malware...does not seem appropriate thinking as one surveys the malware scene in 2015, IMO.

 

Louis



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 01 April 2015 - 06:56 PM

What browser and what add-ons were installed?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 UncleZen

UncleZen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 02 April 2015 - 03:08 AM

Internet explorer v11.x straight out of the box. Like I said only 5 things were installed.
Have checked with the manufacturer, the said digital more was not pre installed.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 02 April 2015 - 04:42 AM

Both Teamviewer and Flash Player are available for download from several sites which are known to bundle junkware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:27 AM

Posted 02 April 2015 - 05:24 AM

Flash Player will bundle Google Chrome and the Google Toolbar if you install it from a web browser other than Google Chrome, or it'll bundle McAfee Security Scan Plus if you install it from Google Chrome. You need to uncheck these offers before clicking on the Download button. As for Teamviewer, the official website doesn't bundle anything. Like I said, are you sure that you used the official download websites for each programs? I can link you them if you wish to confirm.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 02 April 2015 - 05:34 AM

CNET, Softoni, Filehippo all host Teamviewer downloads...all are known for bundling.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:27 AM

Posted 02 April 2015 - 05:39 AM

Yes I know, and they often come up at the top of a Google search when you look for "Teamviewer". Hence why I would like him to confirm if the sites I'll post are the ones he downloaded the programs from. If he did, then the adware most likely came from another place.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:27 AM

Posted 02 April 2015 - 05:42 AM

The OP set up the computer and can advise where he downloaded from.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 speel

speel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 02 April 2015 - 10:11 AM

Ninite is perfect for situations like this. It lets you pick out what software you need and installs it with out all the crapware that comes with most installers these days. 



#12 UncleZen

UncleZen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 02 April 2015 - 11:11 AM

All the downloads came from the vendor sites, not a third party download site. I'm very careful about that and I realise that the official site is not always at the top of search results. I dont have the URLs to hand right now. I did have to uncheck chrome on one installer and a macafee AV thing, probably the adobe download.

Edited by UncleZen, 02 April 2015 - 11:14 AM.


#13 UncleZen

UncleZen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 02 April 2015 - 11:15 AM

Correction on my original post, it was adobe reader, not flash player as stated (can't edit the post for some reason).

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:07:27 AM

Posted 02 April 2015 - 11:22 AM

Then you unchecked these from Adobe Reader since they are the one pushing these programs in their installer. And sometimes you might need to wait a few seconds for the "promotional offer" to load and uncheck it since it doesn't appear right away.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 UncleZen

UncleZen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 02 April 2015 - 11:41 AM

Thanks, that's a point worth noting for next time. Though there probably wont be a next time as I wouldn't personally use adobe reader, I prefer foxit reader.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users