Solved Spamware installed by Download.com: What to do?

martienne

New Member
Member
Messages
128
Location
European Union
I installed a PDF metadata editor from the formerly respectable site Download.com (CNET).
Turns out they joined the DARK side:

Despite me DECLINING all dodgy offers by the installer, it STILL installed a bunch of unwanted junk on my machine.
I've now spent an hour on and off trying to get rid of this junk. Just as I thought I was more or less done, I get an "Alert" frrom the "Microsoft Advanced System Protector" (yeah, right...)

I have of course checked in Add/Remove programs and uninstalled what I could find (although the uninstall hung).
I used HijackThis and deleted all the changes this junkware used. I am trying to restore homepages for my browsers.
I don't use antivirus, and I doubt it would have reacted to this junk which probably passes for real software.

Does anyone know precisely WHAT unwanted junk Download.com installs and how to clear out every last bit of it?
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
The software Revo Uninstaller had a good idea what had been installed and didn't hang when i tried to uninstall.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
MalwareBytes should be able to take care of that for you...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Thanks! I installed it, but it appears that my License (which I assume must be an old trial) has ended.

I think I've cleaned this out manually, but I absolutely puke on Download.com.

I wish I could use malware bytes though. T

This isn't malicious virus or anything, just annoying and unwanted junk that spies on people for commercial reasons.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
You still can install MalwareBytes free version and use it. What exactly did you download from download.com ? I did a search on "PDF metadata editor" and it came back with a long long list. Can you provide the link of the software you downloaded.
 

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
Yes, download and install the free version of MalwareBytes and it will clean the malware. Download.com, cnet.com and most other "freeware" sites have a ton of unwanted garbage that tries to install when you install the application you downloaded. After you clean up the garbage, run Ccleaner to clean out the registry entries and you'll be all set... Good luck!
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Despite me DECLINING all dodgy offers by the installer, it STILL installed a bunch of unwanted junk on my machine.

No doubt the buttons were set for you to accept the offer even if you clicked on "decline." Just another way malware is able to sneak onto machines. Some types of malware are set up so that even if you click the "X" to close the window, it will still install the software.

Another good program to clean out adware/malware is AdwCleaner.

AdwCleaner Download

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Free PDF Metadata Editor - Free download and software reviews - CNET Download.com
This is the one I downloaded!

Thanks for the great tips! I am going to give Malwarebytes a second try, and also run СССleaner, had forgotten about that.
I'll do AdwCleaner too!

Back in the early 2000s, Download.com was actually a good site! It's essentially stolen 2 hours of my day today, cleaning out this junk. And they wonder why people use scene releases.....
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
Download.com (CNET) is too close to edge - not worth tarnishing your ((CNET)) name trying to trick people into installing crapware IMO
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Envy 700z
    CPU
    AMD 4.1 GHz quad-core
    Motherboard
    MSI
    Memory
    8 GB
    Graphics Card(s)
    Integrated Radeon HD 8670D
    Sound Card
    Integrated Sound, Envy Audio; Beats Audio
    Hard Drives
    1TB 7200 RPM SATA
    PSU
    460 watt
    Keyboard
    wired USB
    Mouse
    wired USB
    Browser
    IE11 / Chrome
    Antivirus
    Windows Defender aka MSE
I installed what you gave me above and no doubt they kept insisting to click accept to continue and I kept insisting to skip and finally I got the installer for it. Went ahead and installed it, everything works fine. I guess you need to be very careful and look closely on every step. My PC is working fine and here's the screen shot:

bb.png

EDIT: If you have a system restore point created earlier then just restore it. This is one case that it is always good to have a backup image so you won't get into trouble like this.
 

My Computer

System One

  • OS
    8.1x64PWMC Ubuntu14.04x64 MintMate17x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home Brewed
    CPU
    I7 4970K OC'ed @4.7 GHz
    Motherboard
    MSI-Z97
    Memory
    16 GB G-Skill Trident X @2400MHZ
    Graphics Card(s)
    NVIDIA GeForce GTS 450
    Sound Card
    X-Fi Titanium Fatal1ty Professional Series
    Monitor(s) Displays
    Dual HP-W2408
    Screen Resolution
    1920X1200
    Hard Drives
    256 GB M2 sm951, (2) 500GB 850EVO, 5TB, 2 TB Seagate
    PSU
    Antec 850W
    Case
    Antec 1200
    Cooling
    Danger Den H20
    Keyboard
    Logitech
    Mouse
    Logitech Performance Mouse MX
    Internet Speed
    35/12mbps
    Browser
    Firefox
Running AdCleaner (great software, thanks for the tip), Malwarebytes and CCleaner.
I count on this resolving the problem.

RevoCleaner was a lifesaver for this.
The malware tricked the Windows Add/Remove software so it didn't see what had been installed. But Revo Cleaner knew it.

Thanks all! :)
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
I installed what you gave me above and no doubt they kept insisting to click accept to continue and I kept insisting to skip and finally I got the installer for it. Went ahead and installed it, everything works fine. I guess you need to be very careful and look closely on every step. My PC is working fine and here's the screen shot:

View attachment 46794

EDIT: If you have a system restore point created earlier then just restore it. This is one case that it is always good to have a backup image so you won't get into trouble like this.

Interesting! Yes, I must have missed one then. But I am VERY conscious of this kind of stuff and I could have sworn I declined all offers. But maybe not...
It's not the first time I get junk from Download.com so I was very much on my guard.
Normally it's just the Ask toolbar or something less drastic. This time it was at least FIVE different search, weather, system scan junk apps.

EDIT: If you have a system restore point created earlier then just restore it. This is one case that it is always good to have a backup image so you won't get into trouble like this.
I don't actually know how to do that.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
As far as AdwCleaner - It is not very user friendly: It flagged ONE item in the list then forced a reboot. But when it showed the log, it turned out it deleted a ton of stuff. One of them were Babylon, a program I very much wanted. I'll re-install it, but just want to encourage anyone reading this to be careful with Adwcleaner. It's just very... brutal. It will fix the problem, but using a sledgehammer.

My problem is definitely solved though.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
I programm i can recommanded is UnChecky:
Unchecky - Keeps your checkboxes clear

Have you ever felt, while installing software, that the installer tries to push additional unwanted programs at all cost? Ever missed a checkbox, and spent hours afterwards removing adware? Ever opened your browser after an installation, only to find out that you have a new homepage, a new search engine, or even a new browser?
Unchecky aims to keep potentially unwanted programs out of your computer.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    PC/Desktop
One of them were Babylon, a program I very much wanted.

I hope you don't mean Babylon Toolbar. It's listed as a browser hijacker.

The Babylon Search toolbar is frequently categorized as a browser hijacker because it takes control of the Web browser and does things the user may not have specifically requested. For example, even if you set your "home" page, Babylon will display its own site. Or when you try to get to Google or Bing to perform a search, the browser will redirect to Babylon Search (search.babylon.com). A toolbar will also appear at the top of your browser window.

It's technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a "PUP," or potentially unwanted program.

Yes, AdwCleaner does come down hard, but in most cases of malware, that's what you need to do. AdwCleaner has multiple tabs that you can see what has been found in each area, services, files, folders, etc.

Glad you got it sorted :)
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Interesting! Yes, I must have missed one then. But I am VERY conscious of this kind of stuff and I could have sworn I declined all offers. But maybe not...
It's not the first time I get junk from Download.com so I was very much on my guard.
Normally it's just the Ask toolbar or something less drastic. This time it was at least FIVE different search, weather, system scan junk apps.

You may find this article helpful:

Safe software download sites: Beware of deceptive download links

It talks specifically about how Cnet entices people to use their installer-enabled downloads, but they also usually provide an inconspicuous link to download the unwrapped software. That said, I generally download directly from the author's site after extensively looking it over, googling to see what people have to say about it, etc, and I rarely end up on sites like Cnet.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
Well Babylon is a translation program. I used it for many years alongside Abbyy Lingvo.
I think it includes a bar, which I opt out of, but fundamentally for simply translating it's a decent piece of software.
It's not free, so it can't be junk, and it certainly translates very well.

Re my download habits; I'm not going to talk about it here, but I think I alluded to it above. Rest assured I normally get safe quality stuff. So this was an exception and I could never have dreamt that Download.com had sunk so low.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
    CPU
    i5
    Motherboard
    ASUS
    Memory
    24 GB DDRAM3
    Graphics Card(s)
    NVIDIA GT430 x2
    Sound Card
    Audial
    Monitor(s) Displays
    2 x 28" Sharp
    Screen Resolution
    1360 x 768
    Hard Drives
    Samsung, Seagate, Toshiba, Hitachi, Western Digital
    PSU
    750 watt
    Cooling
    liquid closed
Unchecky is a reliable application that aims to protect your computer against third-party components often offered during software installations. An ounce of prevention is worth a pound of cure! ;)

Unchecky Free Download
 

My Computer

System One

  • OS
    64-bit Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM5675
    CPU
    IntelCore i5 3.20Ghz
    Motherboard
    Asus CM5675
    Memory
    6.0Gb
    Graphics Card(s)
    Intel HD integtrated
    Sound Card
    SB Audigy
    Monitor(s) Displays
    Samsung 24'
    Screen Resolution
    1900x1080
    Hard Drives
    Segate 1tb
    Intel 120Gb SSD
    Internet Speed
    100mb down /10mb up
Well Babylon is a translation program.

OK, I was just checking to be sure.:D If it includes a tool bar, that's a possible reason why AdwCleaner flagged it as problem.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
I'm with Crafish here. It doesn't matter if it's CNET Download or any other software repository, it's always better to go to directly to the developer's official site and download from there. Not only is it safest, this way you also contribute by increasing the developer's site traffic and its revenue if any ads are placed on it.

Here are some things I do to improve safety when downloading/installing some of these free software :

1. Google the name of the software, and include "malware" in your search. Check the results to see if users have found this particular program to be bundled with anything suspicious.

2. Go to the Developer's site. Most repositories include the official site adress. Check it with google, most of the time if you search for this software, the official site should show up in the top results.

3. If unfortunately even the developer's own site redirects their downloads to a 3rd party site like Downloads.com, not all is lost. Click on the redirected link from the developer's site, and download the installer. Once downloaded, do not execute it immediately but right-click then choose properties > digital signatures > details. Most reliable software will have a signature, with the name of the publisher. If you see "This digital signature is OK" then it is proof this is a legitimate and unaltered installer (More info : Digital Signatures )

4. If a zip/rar manual installer is available, prefer it to an auto-installer (.exe) which is more susceptible to have junk included.

5. Copy/Paste the download URL and use it in https://www.virustotal.com/. The URL checker might allow you to scan the file before even downlading it.

6. Once downloaded, check the MD5/SHA-1 Hash of this file. Many free programs exist to do that. Once you have the hash, compare it to the one on the developer's site if it's available (many do it automatically now). If it's not, google the hash number, and check the results pages. You can also check this hash directly on https://www.virustotal.com/ (Search Tab)

7. Backup your system before installation. At the minimum make a restore point. The safest is to create an image, many solutions including free ones exist : List of disk cloning software - Wikipedia, the free encyclopedia

8. If the file is in the form of an auto-installer (exe), try to open it with an archiver instead of executing it directly. This might be overkill but if the exe is infected with something which starts at execution, passing by the archiver should minimize the risks.


Keep in mind while Download.com might include junk in the installer, it can also be the developer's own fault. Most freeware developers need a way to get money afterall. To prevent this, always try and find if an open-source alternative already exists first.
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 (x64)
    Computer type
    PC/Desktop
Back
Top