Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Was tricked by fileplanet into running InstallCore. Is my computer OK?

  • Please log in to reply
3 replies to this topic

#1 F91W


  • Members
  • 2 posts
  • Local time:07:35 AM

Posted 17 November 2016 - 09:07 AM

I was trying to download the patch for the video game "Prey" and was linked to fileplanet (I did not realize the "legit" version of fileplanet shut down years ago).




When clicking on the download link, I get sent to a "If the download does not start automatically, click here" page. The file wasn't downloading automatically, so I clicked on the link and downloaded the file.


I've only now just learned this page is a trap and the link leads to advertisement downloads and not the legit file.


The link downloaded a file that was named Prey-v1.4-Patch.exe, but was actually an InstallCore bundler. I ran the file believing it to be a patch; it asked me if I wanted to install ByteFence. I figured it was some kind of bundleware, so I hit "decline" and ran the install for the patch. It spent several minutes installing "something" onto my computer, but it sure wasn't the patch for the game because when I tried running the  game it hadn't been patched at all. 


Anyway, I became suspicious and ran Malwarebytes, it immediately identified the Prey-v1.4-Patch.exe "patch" file as an InstallCore PUP. I deleted the file and ran a system restore.


I've since gotten the real patch file direct from 3D Realm's FTP server. It looks nothing like the file I got from fileplanet and installs in just a few seconds.


I checked the fileplanet link using an old computer with no valuable data. Turns out it's a complete fake that links to advertisements; sometimes it downloads fake patch files (that aren't even the right size), and sometimes it just sends me to an advertisement site for junk software.


I feel like a complete idiot right now falling for this.


I've since run Malwarebytes, Malwarebytes anti-rootkit, and MSERT.exe. All come up clean, but I'm still worried I may have messed up my computer.


Anyone familiar with this scam? Is it just trying to hard-sell programs like ByteFence, or is it something more malicious like a trojan or something like that? Any help would be greatly appreciated. Thanks.  

BC AdBot (Login to Remove)


#2 SuperTA


  • Members
  • 32 posts

Posted 17 November 2016 - 12:36 PM

By downloading a "patch", do you mean you were trying to pirate the game? Most patches or keygens out there are just scams, malware, or even worse.

If you are worried about your PC, remove any pirated software. Reply back here once you have done that, and I can help you if you need it.

#3 F91W

  • Topic Starter

  • Members
  • 2 posts
  • Local time:07:35 AM

Posted 18 November 2016 - 02:33 AM

I do not play pirated games. I have a retail CD version of Prey, it requires a patch to be updated to the latest version. Because it's a retail CD version and not a Steam/digital distribution version, I need to manually download and install the patch.


The official page for the patch (which has not been updated in several years) lists several file hosting links for the patch. The top link is an html link to 2K Games, this link is no longer active. The next link immediately below that is to fileplanet, which is why I tried to download the patch from there.



Edited by F91W, 18 November 2016 - 02:35 AM.

#4 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,572 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 AM

Posted 18 November 2016 - 12:28 PM

Hi, we should scan...

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users