Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Would love to hear what you guys might think this is!!!


  • Please log in to reply
12 replies to this topic

#1 dseufert

dseufert

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 09:16 PM

Guys,

 

I know I am known here now for complaining about that adware removal program, please don't judge me on that. I have something going on that you may find interesting! I am a superuser too, and I have been having fun (literally) fighting malware since I started building my own PCs back in the late 90s. This one is entertaining - at the moment - too. Luckily I am smart enough to not have anything worthy of stealing on my PC, I just hope I'm not screwing anybody up by coming here and somehow passinly along something to a hacker somewhere... (I know, sounds like I don't know much, but I have never had this happen before, so I don't know what it may do).

 

So, for the first time in a couple of years, I reformatted my drive last week and reinstalled my Win7 64. I used to do this frequently with XP, but Windows 7 is stable enough...but my OS was starting to corrupt frequently, requiring lots of chkdsks, so I did it. It was easy, of course. Anyway, two of my favorite utilities are System Mechanic and Fix-it. I have never had problems with either, though I did buy a fake BitDefender last year, got it cheap online and it turned out to be bogus. I've also seen the fake Control Centers and such in the past... anyway, I reinstalled my System Mechanic two days ago, and was really surprised. It came up with a new interface. I did the same with Fix-it and got the same thing. These were clearly not the same programs, I knew it right away. I own licenses to both, but somehow I got pretenders... I just contacted Iolo (System Mechanic), and they gave me the instructions below. Something is impersonating these two programs, any idea how I got this (torrent downloads? cracked software?) and what it's actually doing on my PC right now? I will reformat again once I learn how this all happened. What do you all think?
 

Dear (me),
 

Thank you for raising your concern about a fraudulent program posing as System Mechanic.

To better assist you and provide you the best resolution, can you please provide us a screenshot of the fraudulent program:

Step 1: Capture the image - press Alt + Print Screen to merely capture a screenshot of the active window
Step 2: Open Paint: Click the Start menu, navigate to the Accessories folder and click Paint. For Windows XP click the Start menu, then go to All Programs, navigate to the Accessories folder and click Paint
Step 3: Paste the screenshot: Once open, Press Ctrl + V on the keyboard
Step 4: Save the screenshot: Select Save as, title the new file, choose a save location, and select your desired file format from the drop-down menu.
 

Best regards,

Gladys V.
iolo CustomerCare



BC AdBot (Login to Remove)

 


#2 sparklestar

sparklestar

  • Members
  • 348 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 09:26 PM

You got the programs, where did you get them from?



#3 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 11 December 2015 - 09:57 PM

I'm just curious why you are posting again?


“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#4 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 10:05 PM

Sparklstar, I downloaded straight from Iolo and and Vcom, the makers of both programs. Weird, huh>

 

Jburd, I have an issue I am asking about...?



#5 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 11 December 2015 - 10:07 PM

Try to play nice this time...


“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#6 sparklestar

sparklestar

  • Members
  • 348 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 10:24 PM

Based on the info, I would assume that you didn't actually download them from official sources, but you thought you did. So for example, from a spoof site, or from a real site but you got fooled by some advertisements with "download now" text which re-route you to other software downloads.



#7 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 10:30 PM

Ahh... that makes sense. It got hijacked somewhere along the line. Hmm... I wonder where I got hijacked, and how to get around it now. So these fake programs must do bad things, eh? I guess I'd better reformat again :(



#8 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 10:39 PM

Actually, if this has been a present hijack that traveled with my software to this new install of Win 7 64, it could explain why the Adwcleaner was removing my tcpip connection. Could be that this was doing it and I thought it was Adwcleaner. :( If that's the case....wow, what a way to find out you were full of sh*t about something and posted about it. Sorry guys :(


Edited by dseufert, 11 December 2015 - 10:43 PM.


#9 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 11:07 PM

So, now I have reinstalled it and I have the correct version! The bad version came with a download manager from a CNET download! Same with the Fix-it program, I guess. The only question is now, is my system compromised at all? Can I keep everything as is, or do I need to reinstall again to be safe?

I guess that's what I really was hoping for from you all in this post anyway... and I am sorry about my whining about the Adwcleaner program :( - but what are these fake versions? Am I safe not that I am rid of it?



#10 sparklestar

sparklestar

  • Members
  • 348 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 11:22 PM

(EDIT: Oh, you posted while I was writing so, here's my replies to each of your posts then I guess)

 

Ahh... that makes sense. It got hijacked somewhere along the line. Hmm... I wonder where I got hijacked, and how to get around it now. So these fake programs must do bad things, eh? I guess I'd better reformat again :(

 

I would use another computer and then go to a site like majorgeeks or right here at bc, to get proper downloads (but still, watch out for fake download ads). You can also sometimes do like md5 checksums or whatever (I guess only if the download site provides it, but, I bet that is the kind of thing that a iolo tech support might tell you when trying to get the correct files) to make sure the file you downloaded is the right one.

 

I'm a power user too, and to be honest, I don't use System Mechanic or Fix-it, and I see zero need for those programs. If there is something they would do for me, I don't know what it is? Defrag? Windows does it. Registry cleanup? That's just silly to me, all a person needs to do is not randomly install and uninstall a bunch of software and then they wouldn't need that.

 

My recommendation is, destroy any old downloaded files which are now suspect, so you aren't copying along any problems from before. Then reinstall windows again (formatting). Then, don't even get those programs (you may still want to get them, but this is just my recommendation), or if you do get them, make sure they are fully legit.

 

 

So, now I have reinstalled it and I have the correct version! The bad version came with a download manager from a CNET download! Same with the Fix-it program, I guess. The only question is now, is my system compromised at all? Can I keep everything as is, or do I need to reinstall again to be safe?

I guess that's what I really was hoping for from you all in this post anyway... and I am sorry about my whining about the Adwcleaner program :( - but what are these fake versions? Am I safe not that I am rid of it?

 

Sadly CNET download is a bad site to download from now. They bundle crapware - or at least, they bundle some sort of something that you don't actually want. Sourceforge is doing that now too. My advice is to get everything from majorgeeks.com instead, because they have clean checked stuff (here at BC is fine too but I think major geeks has a lot more files since it's primarily a file site).

 

Considering you just installed windows and can't have done much with it or sunk much time into it yet, I'd just reinstall windows again and start fresh. It could be that your system is fine, but, I have no idea, and I have no idea if those softwares have left any residue behind or whatever.

 

I would also check to make sure your router is ok and not infected in any way. Sometimes routers get hijacked and redirect dns so when you are trying to go to a real site, you end up pushed to some other site. I think that's not what happened to you, but just saying. Also, imo, don't ever install something stupid like CNET Download manager. Download managers might do stuff like steal your bandwidth and use you as part of a p2p distribution network. How lame is that? :|



#11 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 11 December 2015 - 11:33 PM

I test a lot of software. Windows utilities don't do much for me. That's all part of who we are and what we do with our PCs, though. I'm a tester by nature. I don't know now, I will probably spend lots of time figuring out how this worked, and what it did :)



#12 dseufert

dseufert
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 December 2015 - 12:02 AM

Having said all of that, I just rebooted and the fake System Mechanic came up. Except maybe it's not fake, the download page has the same look to it, plain looking, blah. I'll let you know what happens, maybe the company's been bought out. I will revisit this soon, it may be wise to close this topic now, I'm really sorry if I've made a stink about nothing. I just went into safe mode and used all the tools, combofix, rtl, adwcleaner (which doesn't kill my network now, sorry about that first complaint again), and there's nothing here to worry about (I don't think). It seems that the company has a new face on its software (which really sucks). I don't see any abnormal processes or high cpu usage by any of them. It just seems to be a new software face and a downgraded program. I will let you all know if the companies tell me different.


Edited by dseufert, 12 December 2015 - 01:43 AM.


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:27 PM

Posted 12 December 2015 - 07:55 AM

Hi there,

Bleeping Computer DOES NOT support the use of PC optimizer programs like System Mechanics.

Tools like AdwCleaner, ComboFix etc. are not meant to be used in Safe Mode. They should only be used in Safe Mode if Normal Mode is inaccessible. Furthermore, ComboFix should not be used without supervision from a trained malware removal helper, who has the knowledge to help you if things go south while running CF.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users