Malware or not? + discussion about running 2 AVs together

truoc

Level 1
Jan 3, 2012
49
Hey all. First of all if I post this in the incorrect section I apologize and feel free to move it to where you see fit. With that said, last night I was trying to use Handbrake to rip a few DVD's I have laying around to my computer for backup purposes. For some reason Handbrake would not work for me (not sure if Windows 8.1 has anything to do with that, but I doubt it). I decided I'd download DVD Shrink. Downloaded it and installed it just fine after combing through the "accept" dialogs and noticing it wanting to install a bunch of crap. I thought I did a good job, but after waking up this morning I had something sitting in my system tray called "Filesfrog Update Checker". I immediately became suspicious because the only update checker that I had previously installed was the one from Filehippo.com and use it on a regular basis. I did a Google search and found that it was classified as malware so I wondered where it came from. Turns out from the same Google search that it comes with the DVD Shrink program. I have (at the moment) the Comcast Norton Security Suite (basically Norton 360) installed along with Malwarebytes Pro and neither of them recognized it. I have another computer that has Avast installed on it and upon even trying to run the executable it immediately blocks it. I've uploaded the file to Virustotal, Jotti, and Metascan Online and it is recognized by a few scanners as malware, but some of the bigger known names (ex. Kaspersky, Norton, Microsoft, etc.) don't classify it as malware. I got rid of it by doing a full scan with Malwarebytes and Adwcleaner. What do you guys think? Legitimate or malware?
 

BoraMurdar

Community Manager
Verified
Staff member
Aug 30, 2012
6,616
Hey all. First of all if I post this in the incorrect section I apologize and feel free to move it to where you see fit. With that said, last night I was trying to use Handbrake to rip a few DVD's I have laying around to my computer for backup purposes. For some reason Handbrake would not work for me (not sure if Windows 8.1 has anything to do with that, but I doubt it). I decided I'd download DVD Shrink. Downloaded it and installed it just fine after combing through the "accept" dialogs and noticing it wanting to install a bunch of crap. I thought I did a good job, but after waking up this morning I had something sitting in my system tray called "Filesfrog Update Checker". I immediately became suspicious because the only update checker that I had previously installed was the one from Filehippo.com and use it on a regular basis. I did a Google search and found that it was classified as malware so I wondered where it came from. Turns out from the same Google search that it comes with the DVD Shrink program. I have (at the moment) the Comcast Norton Security Suite (basically Norton 360) installed along with Malwarebytes Pro and neither of them recognized it. I have another computer that has Avast installed on it and upon even trying to run the executable it immediately blocks it. I've uploaded the file to Virustotal, Jotti, and Metascan Online and it is recognized by a few scanners as malware, but some of the bigger known names (ex. Kaspersky, Norton, Microsoft, etc.) don't classify it as malware. I got rid of it by doing a full scan with Malwarebytes and Adwcleaner. What do you guys think? Legitimate or malware?
FilesFrog Update Checker a software updater program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software updates for any software downloaded through the FilesFrog web site and alerts the user or automatically downloads and installs them if found, depending on the selected settings.

This program is powered by Somoto, a software download monitization platform which bundles various toolbars including the Somoto Toolbar.

Like it says above, it's PUP, potentially unwanted program, a toolbar which is not easy to remove sometimes, I am glad you removed it.
Just in future watch out when you're clicking next/ I accept and similar when installing any program (free programs are often bundled with this "crapware").
It's not a real virus but it's annoying and cannot be removed by easy.
 
  • Like
Reactions: Malware1

truoc

Level 1
Jan 3, 2012
49
FilesFrog Update Checker a software updater program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software updates for any software downloaded through the FilesFrog web site and alerts the user or automatically downloads and installs them if found, depending on the selected settings.

This program is powered by Somoto, a software download monitization platform which bundles various toolbars including the Somoto Toolbar.

Like it says above, it's PUP, potentially unwanted program, a toolbar which is not easy to remove sometimes, I am glad you removed it.
Just in future watch out when you're clicking next/ I accept and similar when installing any program (free programs are often bundled with this "crapware").
It's not a real virus but it's annoying and cannot be removed by easy.
Agree with Bora, that you most likely got some PUP installed.

Assisted by Unchecky, I managed to avoid this:
View: https://jumpshare.com/b/HOwqUIYBgpoyJ72zBCUt

Thank you both for quick replies. I must have missed a check box in there, but I am extremely careful when it comes to those and thought I got them all. Guess not! Maybe I'll give unchecky a go and test it out. As far as it being classified as a PUP I understand that a lot of antivirus programs don't really pick these up all that well? Is that why the Norton Security Suite didn't alert me to anything? Kind of surprised that Malwarebytes Realtime didn't pick it up, but I guess it can't get everything.
 
  • Like
Reactions: Malware1

BoraMurdar

Community Manager
Verified
Staff member
Aug 30, 2012
6,616
Thank you both for quick replies. I must have missed a check box in there, but I am extremely careful when it comes to those and thought I got them all. Guess not! Maybe I'll give unchecky a go and test it out. As far as it being classified as a PUP I understand that a lot of antivirus programs don't really pick these up all that well? Is that why the Norton Security Suite didn't alert me to anything? Kind of surprised that Malwarebytes Realtime didn't pick it up, but I guess it can't get everything.
Norton is good but nothing is perfect. Just like Norton failed you the same could happened with Kaspersky, Avast and others.
ESET is really good (maybe the best) in detecting PUPs tho. And Unchecky is also great addition. Take care in the future and have a nice day/night ;)
 

Purshu_Pro

Level 29
Verified
Trusted
Aug 3, 2013
1,878
Norton is good but nothing is perfect. Just like Norton failed you the same could happened with Kaspersky, Avast and others.
ESET is really good (maybe the best) in detecting PUPs tho. And Unchecky is also great addition. Take care in the future and have a nice day/night ;)
Yup ESET has great detection in PUPs, it detected ccleaner, recuva, auslogics reg care, many stuff. unlike others do not perform this kind of job.
 

Nico@FMA

Level 27
May 11, 2013
1,689
Norton is good but nothing is perfect. Just like Norton failed you the same could happened with Kaspersky, Avast and others.
ESET is really good (maybe the best) in detecting PUPs tho. And Unchecky is also great addition. Take care in the future and have a nice day/night ;)
Also let me add that PUP's that are bundled with your software get installed due to YOUR mouseclick.
Because during installation it asks if you want it.
Due to this agreement from your side neither Malwarebytes, neither Norton and neither ANY AV will detect it because all of them will accept your "authorization" UNLESS the PUP is considered harmful then most of them will step in and block, remove or quarantine it.
That said most PUP's are annoyance at best...

Let me remind you about the fact that running multiple AV programs is BAD.
 

truoc

Level 1
Jan 3, 2012
49
Also let me add that PUP's that are bundled with your software get installed due to YOUR mouseclick.
Because during installation it asks if you want it.
Due to this agreement from your side neither Malwarebytes, neither Norton and neither ANY AV will detect it because all of them will accept your "authorization" UNLESS the PUP is considered harmful then most of them will step in and block, remove or quarantine it.
That said most PUP's are annoyance at best...

Let me remind you about the fact that running multiple AV programs is BAD.

Yeah I am always extremely careful not to just keep clicking next, next, next through the dialog boxes and take the time to read if a step contains something I don't want, but I must have somehow missed this in this particular executable. What is funny is that upon trying this executable on a different system that has Avast installed (instead of Norton Security Suite) as well as Malwareybtes Pro, Avast immediately blocked the executable and wouldn't let it run at all. Maybe I will attempt to run the executable again on the other system and see what happens.

Is this comment directed at me for having Norton and Malwarebytes Realtime going together? I was under the impression that Malwarebytes in realtime was a supplemental program to your AV program and could possibly catch things that your AV program misses. Is that not the case and it isn't wise to run them together?
 
  • Like
Reactions: Malware1

Littlebits

Retired Staff
May 3, 2011
3,902
Next time download our files from Softpedia- it hosts many adware free installers and warns you about bundled adware on each product download page.

DVD Shrink hosted on Softpedia is 100% clean.

The following is posted on their official website:

Download DVDShrink, but... Beware of Fakes and Scams!
Current stable version: 3.2.0.15 - Other versions called "DVD Shrink 2010/2011" or "DVD Shrink 2001" are just be fakes or rip offs of the original DVD Shrink software in order to scam you money or install bundled adware.
You probably did not download DVD Shrink from a trusted source or their official site.

Also Development was discontinued in May 2005 due to legal problems. So you might want to choose a program which is current.

Enjoy!! :D
 

Spawn

Administrator
Verified
Staff member
Jan 8, 2011
21,128
I downloaded DVD Shrink from this site, linked from Softpedia. Claims to be the official, but it's an installer with PUP. Softpedia has the .zip compressed file.
Code:
hxtp://www.dvdshrink.org/
 
  • Like
Reactions: Malware1

Nico@FMA

Level 27
May 11, 2013
1,689
Yeah I am always extremely careful not to just keep clicking next, next, next through the dialog boxes and take the time to read if a step contains something I don't want, but I must have somehow missed this in this particular executable. What is funny is that upon trying this executable on a different system that has Avast installed (instead of Norton Security Suite) as well as Malwareybtes Pro, Avast immediately blocked the executable and wouldn't let it run at all. Maybe I will attempt to run the executable again on the other system and see what happens.

Is this comment directed at me for having Norton and Malwarebytes Realtime going together? I was under the impression that Malwarebytes in realtime was a supplemental program to your AV program and could possibly catch things that your AV program misses. Is that not the case and it isn't wise to run them together?

Well yes malwarebytes is a great second opinion next to your AV. But that is without resident shield.
So keep one AV on realtime and the other as on demand passive mode.
Otherwise they might bite each other.
 
I

illumination

Yeah I am always extremely careful not to just keep clicking next, next, next through the dialog boxes and take the time to read if a step contains something I don't want, but I must have somehow missed this in this particular executable. What is funny is that upon trying this executable on a different system that has Avast installed (instead of Norton Security Suite) as well as Malwareybtes Pro, Avast immediately blocked the executable and wouldn't let it run at all. Maybe I will attempt to run the executable again on the other system and see what happens.

Is this comment directed at me for having Norton and Malwarebytes Realtime going together? I was under the impression that Malwarebytes in realtime was a supplemental program to your AV program and could possibly catch things that your AV program misses. Is that not the case and it isn't wise to run them together?

Malwarebyte is designed to run as a companion, as you suggested. Just make sure to add exclusions in Norton and Malwarebytes for each other to avoid any problems.
 

Nico@FMA

Level 27
May 11, 2013
1,689
Malwarebyte is designed to run as a companion, as you suggested. Just make sure to add exclusions in Norton and Malwarebytes for each other to avoid any problems.

Uhhmm that's not entirely true buddy, the website blocking module of Mbam and the web protection by Norton have issues if running next to each other.
On top of that Norton has Tamper protection which does not like Mbam scanning heuristic's.

original


This is a older picture which indicates that Mbam and N-360 do not like each other.
*I could not find a newer one...
But then again Mbam can run next to N-360 IF in passive mode.
Granted some users do have multiple scanners active and sometimes it works without crashing or freezing their system.
So based upon my 15y of exp I can guarantee you both can run on your system, N-360 as active and Mbam as passive.
BUT if you run both on active, it might go well for a week, hell even a month... till you catch that ONE nasty virus.
Then both N-360 and Mbam will get into a clash that will result in losing data...

You have been warned.
 
I

illumination

Uhhmm that's not entirely true buddy, the website blocking module of Mbam and the web protection by Norton have issues if running next to each other.
On top of that Norton has Tamper protection which does not like Mbam scanning heuristic's.

original


This is a older picture which indicates that Mbam and N-360 do not like each other.
*I could not find a newer one...
But then again Mbam can run next to N-360 IF in passive mode.
Granted some users do have multiple scanners active and sometimes it works without crashing or freezing their system.
So based upon my 15y of exp I can guarantee you both can run on your system, N-360 as active and Mbam as passive.
BUT if you run both on active, it might go well for a week, hell even a month... till you catch that ONE nasty virus.
Then both N-360 and Mbam will get into a clash that will result in losing data...

You have been warned.

I have spent my fair share of time over at the Norton Forums myself over last couple years, as one of my "people i do tech work for" likes norton. I have seen discussions of the "potential exists" variety over this matter, but have not seen any evidence to support it.
Over in Malwarebytes forum, you can find conversations on this as well, and a few members that are running Norton and Mbam with no conflicitons, some are even doing so without setting exclusions. So to say my statement is not true, would require a little bit more.

Malwarebytes is not designed to be a standalone product, and does not replace anti-viruses.. It is designed to run along side of.
 

Nico@FMA

Level 27
May 11, 2013
1,689
I have spent my fair share of time over at the Norton Forums myself over last couple years, as one of my "people i do tech work for" likes norton. I have seen discussions of the "potential exists" variety over this matter, but have not seen any evidence to support it.
Over in Malwarebytes forum, you can find conversations on this as well, and a few members that are running Norton and Mbam with no conflicitons, some are even doing so without setting exclusions. So to say my statement is not true, would require a little bit more.

Malwarebytes is not designed to be a standalone product, and does not replace anti-viruses.. It is designed to run along side of.

Again let me repeat myself, Mbam CAN run next to Norton in passive mode (On demand), while Norton runs in Active mode (Realtime mode).
If you want to run Mbam in active mode sure... then lose Norton.
I honestly do not care much what is written on both forums, as most of them do not even know what they are talking about (With all respect)
On a professional level its my job, to educate, advise and so on...
And during my 15y I have seen so many instances where AV is going head to head with a other AV... and guess who is the loser of the fight?
Exactly your OS and your data..

Do not take my word for it, but ask the malware experts here.. they can tell you running multiple AV in active mode will cause trouble.
Its just the way it is, you either accept it or not fact is that its public knowledge.

Also I did not say you where wrong I said you are partially wrong and I explained you why.

Kind regards
 
I

illumination

Again let me repeat myself, Mbam CAN run next to Norton in passive mode (On demand), while Norton runs in Active mode (Realtime mode).
If you want to run Mbam in active mode sure... then lose Norton.
I honestly do not care much what is written on both forums, as most of them do not even know what they are talking about (With all respect)
On a professional level its my job, to educate, advise and so on...
And during my 15y I have seen so many instances where AV is going head to head with a other AV... and guess who is the loser of the fight?
Exactly your OS and your data..

Do not take my word for it, but ask the malware experts here.. they can tell you running multiple AV in active mode will cause trouble.
Its just the way it is, you either accept it or not fact is that its public knowledge.

Also I did not say you where wrong I said you are partially wrong and I explained you why.

Kind regards

This is my point above, Malwarebytes is "NOT" a anti virus, and is designed to do just what you are saying should not be done with it.

https://helpdesk.malwarebytes.org/e...ytes-Anti-Malware-replace-antivirus-software-
 

Nico@FMA

Level 27
May 11, 2013
1,689
This is my point above, Malwarebytes is "NOT" a anti virus, and is designed to do just what you are saying should not be done with it.

https://helpdesk.malwarebytes.org/e...ytes-Anti-Malware-replace-antivirus-software-

Uhhm yes totally correct, I am not disputing this BUT what I am trying to point out is that Norton 360 is a all in one package, and does pretty much the same things as Mbam. Now Mbam might not have a problem with the Symantec family But the Symantec family might have a problem with Mbam.
As shown on the picture.
There are more AV programs out there that where developed in such way that they can run next to a other AV program.
However history shows us that in reality this is not always the case.
So it might not be a case of Mbam not being able to run next to Norton but its more a case of Norton being not able to run next to Mbam as Norton is developed as a standalone all in one package.

And that's the big difference here.
So again you are partly right.
 
  • Like
Reactions: Spawn
I

illumination

Uhhm yes totally correct, I am not disputing this BUT what I am trying to point out is that Norton 360 is a all in one package, and does pretty much the same things as Mbam. Now Mbam might not have a problem with the Symantec family But the Symantec family might have a problem with Mbam.
As shown on the picture.
There are more AV programs out there that where developed in such way that they can run next to a other AV program.
However history shows us that in reality this is not always the case.
So it might not be a case of Mbam not being able to run next to Norton but its more a case of Norton being not able to run next to Mbam as Norton is developed as a standalone all in one package.

And that's the big difference here.
So again you are partly right.

I see people run combinations like this all the time with no problems, please show evidence of conflictions that caused problems.

I myself am running Mbam with windows defender. I have run EAM with CIS, WSA with CIS, still have not seen any issues. Of course this requires setting exclusions.

I have one person "you" telling me it is not possible, while the forums are full of people that are doing it.
 

Nico@FMA

Level 27
May 11, 2013
1,689
If you use the free version of MBAM no conflict. The same for SpyBot, it has an active component that will conflict, disable it and they should all play well together. I run one of the two on demand scanners I keep on my desktop at least weekly. More often if I've been visiting in the 'hood' and want to make sure I'm not bringing more back than I entered with.
Keep us posted
Dick

Posted by Dickevans on Norton community.

Just bear in mind that even if the real time component of another anti VIRUS program is not enabled, the components of that program may still conflict with Norton.
MBAM and SAS are more anti malware and anti spyware programs, and as long as the free versions only are run as passive scanners, that's fine.
4FE

Posted by 4FE on Norton community.

Both senior staff members.

Another topic: Link

Symantec info about other AV

And another 74.800 results about Norton conflict with Mbam.
 
Last edited:
Top