• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
m3equals333

Malware from CNET, how is this possible?

4 posts in this topic

I ran ESET online scanner the other day and it also found about 4 or 5 instances of A VARIANT OF WIN32/INSTALLCORE.D APPLICATION, most (if not all) of them related to downloaded installation files from download.cnet.com (ESET Online Scanner log in my 2nd post)

 

cnm - how is this possible from a trusted site like CNET (unless the trojan specifically masks itself to look like it is originating from CNET downloads)?

 

EDIT: Also important to add, none of my other anti-virus programs found this malware, including Malwarebytes, MSFT Security Essentials....I don't even think combofix found it as I ran combofix right before I ran the ESET online scanner.

 

The first instance of malware that triggered me to run all these scans was Malwarebytes which found the below although I don't think it is related to the WIN32/INSTALLCORE.D APPLICATION trojan....

 

Files Infected:

c:\Windows.old\Derek\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XR1AX8G6\oi_limewirewin.exe (Adware.OpenInstall) -> Quarantined and deleted successfully.

Edited by m3equals333

Share this post


Link to post
Share on other sites

C:\Users\D\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111107214245323.rsc a variant of Win32/InstallCore.D application deleted - quarantined

C:\Users\D\Downloads\cnet2_Nero_BurnLite-10_0_10500_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\D\Downloads\cnet_MemTest_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Windows.old\Derek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UJUQG1S\cnet_PowerISO48_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Windows.old\Derek\AppData\Local\Temp\ICReinstall\cnet_PowerISO48_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Windows.old\Derek\AppData\Local\Temp\is271270771\WhiteSmokeTrial.exe multiple threats deleted - quarantined

C:\Windows.old\Derek\AppData\Local\Temp\is271270771\WSZugo.exe Win32/Toolbar.Zugo application deleted - quarantined

Share this post


Link to post
Share on other sites

Well, first of all these could be false positives. Got to http:\\www.virustotal.com and submit the files one at a time.

 

Secondly, just because CNET offers software doesn't mean it is guaranteed safe or desirable. It is always best to download from the developer's site if there is one. Why get Nero from CNET when you can get it from the Nero site? http://www.nero.com/eng/downloads-nbl-free.php

 

And third, if you believe your PC is infected then you should post in your own thread. Never post in the thread of another member. Only trained helpers are allowed to do that.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0