Quantcast

Maximum PC

It is currently Wed Dec 24, 2014 7:12 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 3 posts ] 

Have you ever Used download.com?
Yes 80%  80%  [ 8 ]
No 20%  20%  [ 2 ]
Total votes : 10
Author Message
 Post subject: Download.com aka CNET, Mass Virus Distributing
PostPosted: Fri Feb 13, 2009 8:32 pm 
8086
8086
User avatar

Joined: Fri Feb 13, 2009 8:15 pm
Posts: 2
Ok here's the Story last night i was making a video and needed a clip my buddy had, it was in MP4 formats no big deal right? I know off hand that window's movie maker wont load up mp4's so i needed to convert it to WMV so it will load, i hit up CNET hell everyone loves CNETand try a free program called "All Video to Audio Converter 3.2" from "AML Software" as buy the CNET logo on the page and the "Tested spyware free" in the picture i provided i thought it was safe. My only Worry at the time was it was a 14-use trial program, i only needed it for one file so i downloaded it anyway and ran the installer they my computer went ape shit on me Avira, a well know antivirus program told me it was a Trojan , i couldn't stop the installer it put the Trojan on my computer along with a program called "RelevantKnowledge" that start's when your computer dose and makes it impossible to do anything after 15 seconds the mouse would freeze on the back of the desktop and ctrl+alt+del only opened the taskbar but unable to use it making it useless the only good news at this point was the programs that were started can keep going. After being forced to restart the computer many times i was able to run a program called Spyware Terminator it found and stopped the main part of the virus in under 30 seconds with that out of the way i opened the task bar went to Processes and stopped everything i knew should be there, 15 minutes later and using regedit along with trashing all the files under "AML" , "RelevantKnowledge" and " All Video to Audio Converter 3.2" along with using CCleaner in Gutmann mode (35 Secure File Deletion passes) my computer was mine again free to play what ever i wanted now i know this isn't much a story alone as almost everyone has a "virus" story to tell but I'm not pissed at "AML Software" at all, I'm pissed at CNET they say they scanned that software and it was safe!!!! I want to know when they scan program's if they just scan the installer without really installing it if so then that what they need to change even a 300$ dell could be used as a testbed. CNET need's to clean up there software before this kind of stuff happen's, just think of the damage this could have done to John q public.

Sorry for the spelling error's its late and im tired.

Screenshot's

Attack's - http://i640.photobucket.com/albums/uu12 ... r/Log2.jpg
File on CNET - http://i640.photobucket.com/albums/uu12 ... er/Log.jpg
CNET's Security Policies - http://i640.photobucket.com/albums/uu12 ... r/log3.jpg


Log's Below
____________
Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 6.0.6001 Service Pack 1

2/13/2009 3:31:50 PM
mbam-log-2009-02-13 (15-31-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155777
Time elapsed: 1 hour(s), 14 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
____________________________

Exported events:

2/13/2009 13:02 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file
'C:\$Recycle.Bin\S-1-5-21-1303555423-2236838974-2449894910-1000\$RA96SMB\All
Video to Audio Converter\video.exe.
Action performed: Delete file

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 13:00 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Delete file

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Delete file

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:59 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:57 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:57 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Delete file

2/13/2009 12:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access

2/13/2009 12:56 [Guard] Malware found
Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files (x86)\AML Products\All Video to Audio
Converter\video.exe.
Action performed: Deny access


Top
  Profile  
 
 Post subject:
PostPosted: Sat Feb 14, 2009 1:06 am 
Million Club 2+ [PC]
Million Club 2+ [PC]
User avatar

Joined: Mon Jun 14, 2004 11:20 am
Posts: 1700
I hope like hell you forward this post to them in an email. They may not be aware of it. Some companies will submit clean software and give them an file to allow for download that has the embedded shit in it.


Top
  Profile  
 
 Post subject:
PostPosted: Sat Feb 14, 2009 8:28 am 
Malware specialist
Malware specialist
User avatar

Joined: Sun Apr 03, 2005 12:49 pm
Posts: 11696
Location: Kansas City, KS
I was originally going to post a response saying to read through the EULA.

However, I read through the EULA at least 5 times and did not see a mention of RelevantKnowledge being installed. I didn't even see a hint of something else being installed.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© 2014 Future US, Inc. All rights reserved.