Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Beware if you use SpyHunter


  • Please log in to reply
6 replies to this topic

#1 Drakonix

Drakonix

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 February 2016 - 08:37 AM

Be very wary if you use SpyHunter, their software will not deal with threats if they come from "legitimate" sources. Which I've only just found out (see message below). If it came from a legitimate source; regardless of whether it is actually compromised or not; the software will not protect you from any malware that may be inside it, as I found out to my cost.

 

HP was informed yesterday, but whether they've actually got around to reading the report or not I'm unable to say. Just be aware that the 'Bing virus' as it's being called now, doesn't just affect small time players such as small software houses, but even the major ones, like HP. Get the best protection you can, I used to consider Enigma Software to be reliable, but sadly in this case they certainly aren't. This could be true for other companies also, so be careful!

 

*******

 

Drakonix:
In my case, I found the infecting agent was actually HP's C6180 Photosmart driver and software installation package, but reporting it for further testing seems to be a problem. In the eventuality that the downloadable version has been replaced; because I informed HP yesterday; I still have the package that caused the problem which I'll happily send to verify the nature of the threat that I've managed to track down. When this is installed, web browsing is severely compromised/made impossible by the bing implementation in the HP software. The link to the affected file; provided it's not been handled and removed yet; is gotten to from here: http://support.hp.com/us-en/product/HP-Photosmart-C6100-All-in-One-Printer-series/1153695/model/1153698/drivers.

In my experience I had issues the minute the package installed, bearing in mind there was no option to remove the 'Bing trap' that is there, it's built into the installer, you cannot manually remove it; like other nuissances; like Ask which is actually selectable, this isn't.

Plamen D.:
Hello Drakonix, thank you for using SpyHunter!

Unfortunately, there is nothing that SpyHunter can do about this.

The driver and software package are clearly coming from a legitimate source and their integrity is the responsibility of the software developer or HP in this case.

On another note, Bing.com is a safe search engine supported by Microsoft and will not be detected as a threat.

Apologies for the inconvenience.

All the best, and thanks again!

Plamen D.
Technical Support Department
Enigma Software Group
http://www.enigmasoftware.com



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:59 AM

Posted 08 February 2016 - 09:45 AM

HP software normally has Bing as an optional install for most of their drivers. You just have to select the "Customize" while installing and uncheck it. It's a packaged deal as part of their normal bundling. No antivirus or malware tool will detect it as it is legitimate. Bing is not a virus; it may be considered a PUP by some at the most. It isn't malicious, just possibly unexpected or annoying if you didn't realize it was in the bundled software.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:59 AM

Posted 08 February 2016 - 09:50 AM

Even thought SpyHunter isn't worth using at all (the company behind it have quite shady marketing/selling tactics and the software itself is just a big pile of trouble), I agree that Bing.com isn't a virus, nor a malware, but a legitimate search engine like Google. So it's totally understandable that SpyHunter and other security software doesn't flag it as malicious or else, since it isn't.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Drakonix

Drakonix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 February 2016 - 10:07 AM

That may be the normal, but not in this driver installation, it is literally NOT a choice whether to have it or not. Be my guest, install the driver, just don't whine if you have the same issue I had, I did warn you!



#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:07:59 AM

Posted 08 February 2016 - 10:46 AM

Using the link to HP you posted I did take you up on your challenge to install the driver and software. Since I don't have an HP printer the only thing I wanted to find out is whether to option to customize is there. After I took the 2nd screenshot, I cancelled the install.

 

I chose the full feature software and drivers download, which was last updated on December 6, 2015. If you downloaded the software after that date you should see what I saw.

 

WWokyF0.png

 

 

Pnq0JGf.png



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,599 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:59 AM

Posted 08 February 2016 - 11:48 AM

That may be the normal, but not in this driver installation, it is literally NOT a choice whether to have it or not. Be my guest, install the driver, just don't whine if you have the same issue I had, I did warn you!


Well, Queen-Evie just proved to you that you are able to opt-out the Bing Bar for HP so.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Drakonix

Drakonix
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 February 2016 - 01:06 PM

In that case I don't know as it didn't at any point provide me an option not to install it. It did with the Ask browser change that I got at the start, but not the bing one. I declined all changes and addons when I ran it and pbviously still ended up with the bing hassle. This of course assumes that HP didn't change anything their end after reporting the problem I got to them. With hindsight I should have screenshoted as I went or recorded it, but it was late in the day when I came back across this issue, with it having messed up my Internet connection originally, it was the process of putting everything back to normal when it happened. So essentially I'm doing without the full blown install now with no extras. The screenshots above that were posted are completely blank to me so I cannot see what they show, I just get a spinning cursor icon shown when clicking on the images.

 

And as a by the way, the issue happened not at the start, but when the printer driver part was actually working (as I do have the printer), so if it was an earlier on selection that was changed, that was already done when the bing thing happened to me towards the end of the install.


Edited by Drakonix, 08 February 2016 - 01:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users