Trojan from a 'SAFE' download :)

Neno · May 5, 2014

Just got infected with trojan and a PUP, from the link that should have been safe.
WSA cought trojan and MBAM dealt with PUP trash.
I downloaded Wise Care 365 pro via the provided link installed it and got my browser page changed trough it instantly.
Shame i didnt made some screenshots

'http://wise-care-365-pro.en.softonic.com/download'

King Alpha · May 5, 2014

You should've downloaded Wise Care 365 in the main website. http://www.wisecleaner.com/wisecare365.html

trainbus120 · May 5, 2014

Neno said:
Just got infected with trojan and a PUP, from the link that should have been safe.
WSA cought trojan and MBAM dealt with PUP trash.
I downloaded Wise Care 365 pro via the provided link installed it and got my browser page changed trough it instantly.
Shame i didnt made some screenshots

'http://wise-care-365-pro.en.softonic.com/download'

Its always advisable to download software from the official website. Since other sources like in your case may pretend to be safe but may not be so.

rupeshkj · May 5, 2014

En.softonic has a bad reputation and I wouldn't download anything for that website.

Ink · May 5, 2014

Avoid using the Green Safe Download button on Softonic.

It will likely download something like this, a web installer less than 400KB. Notice it says "Softonic_Downloader_for..."

Observe the Softonic download page. What you downloaded is highlighted in RED. A Web installer than contains potentially unwanted software, signed by Softonic International.

An alternate download highlighted in GREEN. An offline installer, 8.11MB signed by Lespeed Technology Ltd.
http://www.herdprotect.com/wisecare365.exe-ba95126630b4d737183464feae66a49c517d4074.aspx
You can check WiseCleaner is safe by confirming it's signed by Lespeed Tech. as with their direct download, as seen in the second image.

Downloading from wisecleaner.com (direct download) and mirror site (download.cnet.com) - Not ad-sponsored.

Executing program from Softnotic (highlighted in RED) versus a program downloaded directly from wisecleaner.com or a trusted mirror (highlighted in GREEN).

+1 for visiting to download from the developers site, or a trusted mirror. And check what you're installing is what you want.

http://www.urlvoid.com/scan/softonic.com/
https://www.mywot.com/en/scorecard/softonic.com (See image for some of the recent comments).

Neno · May 5, 2014

I did all that. But the Wise Care was infected not the downloader nor the recommended programs. Their version of Wise 365 was infected only and it was not signed (unknown signature).

King Alpha · May 5, 2014

I downloaded and installed Wise Care today and I haven't encountered any problems. What's your AV?

Ink · May 5, 2014

Do you know what or who it was signed by?

Neno · May 5, 2014

Webroot SA, it was a virus and MBAM found it too, it did change the homepage in IE and it was not signed at all. I intentionally left it trough UAC unsigned relying on my malware protection suites and it was caught by it. As I already told, I only started Wise Care 365 nothing else from the download (by Softsonic downloader). After I got infected I used Virus.Total to check the link just to see their result and found out it is actually a clean download site.
I made this topic only because of it.
Before I uninstalled Wise Care I started it and it was on some kind of Arabic language. It seems virus was the part of installer not a part from actual Wise Care executable.

Ink · May 5, 2014

The site may be clean, but the download is not (referring to the topic title, 'SAFE download' can be seen below too).

If you clicked on

to download Wise Cleaner 365.

This is what you downloaded:
https://www.virustotal.com/en/file/...73e100c50a5249ce90e9f4f1/analysis/1397975346/

Code:

Agnitum - PUA.Softonic!20140419
Baidu-International - Adware.Win32.SoftonicDownloader.F20140419
Comodo - Application.Win32.Agent.SOFE20140414
DrWeb - Adware.Downware.276020140420
ESET-NOD32 - a variant of Win32/SoftonicDownloader.F20140420
Malwarebytes - PUP.Optional.Softonic.A20140420
Rising - PE:Malware.Obscure/Heur!1.9E0320140420
VIPRE - Softonic Downloader (fs)

I've tested Softnotic Downloader before, they use some sneaky tricks to disguise the adware, and to trick the user.

Hope this helps.

Oxygen · May 5, 2014

Softonic bundles unwanted stuff in their installer......

Neno · May 5, 2014

Huracan said:
The site may be clean, but the download is not (referring to the topic title, 'SAFE download' can be seen below too).

If you clicked on

to download Wise Cleaner 365.

This is what you downloaded:
https://www.virustotal.com/en/file/...73e100c50a5249ce90e9f4f1/analysis/1397975346/

Code:

Agnitum - PUA.Softonic!20140419 Baidu-International - Adware.Win32.SoftonicDownloader.F20140419 Comodo - Application.Win32.Agent.SOFE20140414 DrWeb - Adware.Downware.276020140420 ESET-NOD32 - a variant of Win32/SoftonicDownloader.F20140420 Malwarebytes - PUP.Optional.Softonic.A20140420 Rising - PE:Malware.Obscure/Heur!1.9E0320140420 VIPRE - Softonic Downloader (fs)

I've tested Softnotic Downloader before, they use some sneaky tricks to disguise the adware, and to trick the user.

Hope this helps.

True Huracan. I did download it trough that 'button' and I think it is exactly that one (I got rid of it before I even read the name

).
I made this post because it looks like they don't even check the links from their own site which I found ridiculous and harmful.

Littlebits · May 5, 2014

Never use shady download sites:
Get the installer from the official vendor's site or use trusted download sites.
Most popular trusted download sites:
1. Softpedia
2. MajorGeeks
3. FileHippo
4. SnapFiles
5. DownloadCrew or BetaNews Fileform.

Enjoy!!

illumination · May 5, 2014

Huracan said:
The site may be clean, but the download is not (referring to the topic title, 'SAFE download' can be seen below too).

If you clicked on

to download Wise Cleaner 365.

This is what you downloaded:
https://www.virustotal.com/en/file/...73e100c50a5249ce90e9f4f1/analysis/1397975346/

Code:

Agnitum - PUA.Softonic!20140419 Baidu-International - Adware.Win32.SoftonicDownloader.F20140419 Comodo - Application.Win32.Agent.SOFE20140414 DrWeb - Adware.Downware.276020140420 ESET-NOD32 - a variant of Win32/SoftonicDownloader.F20140420 Malwarebytes - PUP.Optional.Softonic.A20140420 Rising - PE:Malware.Obscure/Heur!1.9E0320140420 VIPRE - Softonic Downloader (fs)

I've tested Softnotic Downloader before, they use some sneaky tricks to disguise the adware, and to trick the user.

Hope this helps.

Exactly why i use Virus Total to check all links before downloading

MalwareT · May 30, 2014

Softpedia the best!

Chromatinfish 123 · Jun 13, 2014

illumination said:
Exactly why i use Virus Total to check all links before downloading

If Virus Total actually made their own 2nd scanner option with all the engines and in the cloud, it would be awesome! Then no embarrassing moments with malware and adware.

Search

Trojan from a 'SAFE' download :)

Neno

Level 6

Attachments

King Alpha

Level 25

trainbus120

Level 10

rupeshkj

Level 7

Ink

Administrator

Neno

Level 6

King Alpha

Level 25

Ink

Administrator

Neno

Level 6

Ink

Administrator

Oxygen

Level 44

Neno

Level 6

Littlebits

Retired Staff

illumination

MalwareT

Chromatinfish 123

Level 21

Similar threads