Just joined, but I have used your utilities for years. I am overdue in making a donation.
I want to bring something to the attention of Pros like yourself, at Bleeping.
In trying to straighten out a licensing problem with my Waves Plugins, I resorted to searching out a more comprehensive Reg cleaner.
I came across WinSysCleanPro. It appeared to be legit, had an HTTPS connection. it also took Credit cards and Paypal. It appeared to be somewhere in Eastern Europe.
Downloaded it, installed it and was very impressed with it right out of the gate, so I paid the $20 for it and activated it on my studio recording computer.
About the same time, I installed it on my laptop. All seemed well for a couple of weeks. But Around the same time I installed it, I started having wifi drop outs.
After 10 or 15 attempts to install, re-install Intel's Wifi AC 7260 drivers, I concluded it was either a virus or the card was going up. I also tried sfc /scannow. It did replace some files, but they did not seem significant to the issue.
My Anti Virus is Emsisoft, so I thought I was ok.
I turned to you guys again, with the main utilities here.
rKill64, Adaware, and Rougekiller64 all 3 identified it as a PUP, with 2 registry entries.
rKill64 shut down a service called something like "NSIDN" or some variation.I stopped it with rKill64 first, then cleaned it up with Rougekiller and Adaware.
After each cleaning , I would do a final cleanup with "WinSysCleanPro" and System Mechanic, then a reboot.
It still returned.
Using your FRST, I did not see anything funky. I used MS-autoruns and identified a suspicious file. Deleted it, cleaned the computer again, , then WInsysCleanPro and Sys Mech Pro, then rebooted.
All seemed fine. I was in the process of purchasing 3D models for computer games approx 4. PM EST.. I left Firefox open and went to the next room to consult with my lead programmer about the Nvidia Iray concept.
Their was also an application launch window opened for WinsyscleanPro 8. I never set the program up to launch on a schedule.
Then I noticed the cursor appeared to be moving itself. I let it continue and it moved to the upper-lefthand corner. Immediately I noticed that someone had moved my taskbar from the bottom to the left side of the screen, vertically. It then appeared to be opening up an app.I immediately pushed and held the on-off button, shutting the PC down.
When I rebooted, I immediately shut down the Wifi conection and went straight and uninstalled WInsyscleanPro. I then proceeded to clean up again with you utilities, and finally using SystemMechanic to delete the uninstaller entries in the Reg, which had been changed.
It appears to be eradicated for 24 hrs now.
Bottom line, THIS is a serious issue for guys like bleeping. The app itself, Winsysclaen pro is actually an excellent product. But I am now convinced it is being used to covertly download docs and things from unsuspecting victims.
Like you here at Bleeping, I also make software, since 1981. Believe me, I have seen it all. Started with the Atari 800, in Sid Mier's Atrari 800 user group. (Civilization), 5MB Hard Drives, then 10MB hard Drives, then 20MB Hard Drivers, 30, 40, 80, 120, 6502 CPU, 68000, 8088, 8086. 286, 386, 386, etc...etc...etc.. MS DOS 1.0 and up.
You have to flag this guy as a hacker and somehow warn others. When this breaks into the main news, it will put a bad spotlight on the small utility developers like yourself.
You might want to start by testing it yourself. I plan to notify certain people about the legal issues.
It also brings to mind the Federal Justice Dept interviewing the CEO of Kaspersky for putting spyware into they're Anti-Virus software for Putin.
Fellows, this scared the crap out of me.
Edited by Lempereur, 15 September 2017 - 08:33 PM.