Xvirus' New Website and Product (2014)

Status
Not open for further replies.

MrExplorer

Level 28
Verified
Nov 15, 2012
1,765
Bro WOT & ESET both are blocking the website findmysoft.com

M7YPITX.png
 

amz

Level 4
Verified
Jan 15, 2014
181
Looks good:)
btw, for me eset is not blocking the site
Eset is blocking links to findmysoft.com
 
Last edited:
  • Like
Reactions: Dani Santos
D

Deleted member 21043

Bro WOT & ESET both are blocking the website findmysoft.com

M7YPITX.png
It's certainly a false positive (there is no doubt about it, no matter what they are saying). I see in that image it mentions "Scam", "Spam" and so on. Maybe it's because people have thought it might be in the past? His products aren't fake, the website is not malicious, trust me! And Malware1 has been on there as well.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Not quite...

Seems to be that Findmysoft is using their "download managers" as default download option when you download anything on their site, and it is classified as unwanted content/software or adware (toolbars and stuff)

Same thing with UpdateStar.com

Digital Signature
Authority: COMODO CA Limited
Valid from: 1/2/2013 1:00:00 AM
Valid to: 1/3/2016 12:59:59 AM
Subject: CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE
Issuer: CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number: 009ed227324380b40dde36c8d31a33831f

FINDMYSOFT DETAILS

The domain www.findmysoft.com registered by Internext Media SRL was initially registered in July of 2005 through GODADDY.COM, LLC. The domain hosts various software downloads. The hosted servers are located in San Diego, California within the United States which resides on the CariNet, Inc. network.
sli.png


Registrant: Internext Media SRL
Registrar: GODADDY.COM, LLC
Server location: California, United States (US)
Create date: Thursday, July 14, 2005
Expires date: Tuesday, July 14, 2015
Updated date: Monday, November 04, 2013
ASN: AS10439 CARINET - CariNet, Inc.
Root domain: findmysoft.com
Whois: 1 findmysoft.com record
Analysis Scanner detections:
Detections (100% detected)


Avira AntiVir ADWARE/InstallCore.Gen 100.00%
AhnLab V3 Security Adware/Win32.InstallCore, PUP/Win32.InstallCore 100.00%
Trend Micro House Call TROJ_GEN.F47V0104 50.00%
ESET NOD32 Win32/InstallCore.AZ (variant) 50.00%
AVG Adware InstallCore.ST 50.00%
ESET NOD32 Win32/InstallCore.AZ potentially unwanted application 50.00%
Dr.Web Adware.InstallCore.80 50.00%
VIPRE Antivirus Threat.4788237 50.00%
F-Prot W32/InstallCore.S.gen 50.00%
NANO AntiVirus Riskware.Win32.InstallCore.czbidv 50.00%
Agnitum Outpost Adware.Generic 50.00%
Rising Antivirus PE:Malware.XPACK-LNR/Heur!1.5594 50.00%
Antiy Labs AVL Trojan[Packed]/Win32.InstallCore 50.00%
Kingsoft AntiVirus Win32.Troj.Generic.v.(kcloud) 50.00%


IPs Addresses
The domain www.findmysoft.com has been seen to resolve to the following IP address.
71.6.151.163 findmysoft.com

March 14, 2014
Downloads
File downloads found at URLs served by www.findmysoft.com.
12 / 68 (PUP)
http://www.findmysoft.com/dl/.../sothink-web-video-downloader_1.2-Build-81030_setup.exe (63837efeacd27bdad0be058cceabbe69)
4 / 68 (PUP)
http://www.findmysoft.com/dl/.../wintoflash_0.7.0054-Beta_setup.exe (745bc93acac67f9cd4392669a1db2957)

Website Details
URL: http://www.findmysoft.com/
Google Analytics: UA-193652
Title: “» FindMySoft.com - Fast and free software download directory”
Description: “A fast and free software download directory with a large database containing software for Windows and Macintosh, scripts, mobile software and drivers”
Web server: nginx (PleskLin)
Statistics

Facebook:
Likes: 137
Shares: 41
Comments: 6

Twitter:
Shares: 105

Compete.com:
US visitors: 8,462
Quantcast US:
Rank: 86,567

Statistics are for the previous month.

Capture1.JPG


ENJOY :)
 
D

Deleted member 21043

Not quite...

Seems to be that Findmysoft is using their "download managers" as default download option when you download anything on their site, and it is classified as unwanted content/software or adware (toolbars and stuff)

Same thing with UpdateStar.com

Digital Signature
Authority: COMODO CA Limited
Valid from: 1/2/2013 1:00:00 AM
Valid to: 1/3/2016 12:59:59 AM
Subject: CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE
Issuer: CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number: 009ed227324380b40dde36c8d31a33831f

Analysis


Reason Heuristics PUP.Installer.UpdateStarGmbH.S, Adware.UpdateStarGmbH.Q, 100.00%
VIPRE Antivirus InstallCore.b (fs), Trojan.Win32.Generic!BT, Adware.Win32.InstallCore.ba (v) 82.00%
ESET NOD32 Win32/InstallCore.JE.gen (variant), Win32/InstallCore.ES (variant), Win32/InstallCore.DC, Win32/InstallCore.BL, Win32/InstallCore.GN 82.00%
Avira AntiVir ADWARE/InstallCore.Gen7, APPL/InstallCore.AG.2, APPL/UpdateStar.IE, APPL/InstallCore.AX 80.00%
Rising Antivirus PE:Malware.XPACK-LNR/Heur!1.5594, PE:Malware.InstallCore!6.1B8 76.00%
Dr.Web Adware.InstallCore.113, Trojan.Packed.24524, Trojan.KillProc.30849, Adware.Downware.1283, Adware.InstallCore.133, Trojan.MulDrop5.10078 76.00%
Malwarebytes PUP.Optional.InstallCore.A, PUP.Optional.UpdateStar.A, PUP.Optional.Installcore 72.00%
Trend Micro House Call TROJ_GEN.F47V1230, TROJ_GEN.F47V0927, TROJ_GEN.F47V0131, TROJ_GEN.F47V0114, TROJ_GEN.F47V1208, TROJ_GEN.F47V1028, TROJ_GEN.F47V0306 72.00%
Vba32 AntiVirus Downware.InstallCore 70.00%
McAfee Artemis!31181921FD4E, Artemis!8BF2EB0733E4, Artemis!AD5E8193F922, Artemis!40C599D84F09, Artemis!56B39B26179D, Artemis!8AA7678D5823, Artemis!E4ECCE20BB09 70.00%

Files
19 / 68 (PUP)
7-zip.exe (e4ecce20bb0909eac6cd1d07239caab0)
16 / 68 (PUP)
realtek-high-definition-audio-driver.exe (c6510cc117127fd76ec7c0bff824211e)
16 / 68 (PUP)
minecraft-1-5-01.exe (77d999f952e60b53843fce6e72469ee5)
16 / 68 (PUP)
asus-smartdoctor.exe (94bcc1491cd6a5c113ac49c05544c00e)
16 / 68 (PUP)
icreinstall_skype.exe (c12f50c005f8e6b59bfc10194e216bcc)
16 / 68 (PUP)
7-zipws_en.exe (47bfaf37e413f7444c6589b2629d1f5a)
11 / 68 (PUP)
icreinstall_advanced-archive-password-recovery.exe (1ed96c9a7f63c5cb3d0b852c38db6817)
11 / 68 (PUP)
icreinstall_recover-my-files.exe (ab0fcdb46c383d072a224c395aea1228)
16 / 68 (PUP)
icreinstall_soundtaxi.exe (e9d22f3a0e30485b71c4a985bcf42b73)
11 / 68 (PUP)
web-freer.exe (4ff468b3b4c26ef904895037fc5dc11c)
11 / 68 (PUP)
icreinstall_updatestar.exe (8aa7678d58239c1b1948fbda30fb9aa5)
11 / 68 (PUP)
icreinstall_drivereasy.exe (397b0171cbf55864b9bf889c87bc6ec6)
11 / 68 (PUP)
rockstar-games-social-club.exe (188c39dea623f55623d87a874dd229e4)
16 / 68 (PUP)
skyhook-wireless-wi-fi-service.exe (b747836383ce652bd56d9e29c38bfb84)
13 / 68 (PUP)
icreinstall_acer-crystal-eye-webcam.exe (e0d3b52032b829ebe63b1835c92218a6)
11 / 68 (PUP)
icreinstall_samsung-usb-driver-for-mobile-phones.exe (ad21fa8675ca8be1bb7ff30b0c4c1c1e)
11 / 68 (PUP)
free-wordlist-generator.exe (6bf65ee8f891dce2784515d69bc756c3)
11 / 68 (PUP)
epsonnet-print.exe (f60381d24443299d3bf623a4d39e3345)
15 / 68 (PUP)
icreinstall_realtek-high-definition-audio-driver.exe (b9afe49d353a52455b5f52f936436d4b)
11 / 68 (PUP)
icreinstall_updatestar-drivers.exe (55986ec6d40ca4bf2f54c601a4fa7293)
15 / 68 (PUP)
icreinstall_bluetooth-stack-for-windows-by-toshiba.exe (0e68b65fec7a3d5ea3d1355b4e51c412)
11 / 68 (PUP)
icreinstall_recover-my-files.exe (e7cff4181362dbe9a1e278435f675daf)
12 / 68 (PUP)
mta-sa.exe (ac6aa6077eb381b13c9fd00c737d7ba7)
11 / 68 (PUP)
mcafee-security-scan-plus.exe (f15721349bacfde47ed9be8f8e4536fd)
13 / 68 (PUP)
icreinstall_samsung-usb-driver-for-mobile-phones.exe (ac7d113ef396d6276dfb911b68edf0bd)
1 / 68 (inconclusive)
icreinstall_nvidia-hd-audio-driver.exe (ae3ea930849b095e102ca98e1390ab5f)
11 / 68 (PUP)
icreinstall_wireless-wep-key-password-spy.exe (4caa7614d93b1da3ee8ac97595b5969b)
11 / 68 (PUP)
windows-7-codec-pack.exe (37ce7946cd8f788d2722ebb42197aff3)
11 / 68 (PUP)
updatestar-drivers.exe (a6178dd142bf37a24bcc34ce192ea844)
11 / 68 (PUP)
icreinstall_wifi-hopper.exe (9bf8441d1d6a7d6dcf244d2d3b72f353)



Downloads URLs for files signed by UpdateStar GmbH.
19 / 68 (PUP)
http://www.updatestar.com/.../2078253 (7-zip.exe)
16 / 68 (PUP)
http://www.updatestar.com/.../2074234 (minecraft-1-5-01.exe)
16 / 68 (PUP)
http://www.updatestar.com/.../2006404 (asus-smartdoctor.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2105277 (web-freer.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2093253 (rockstar-games-social-club.exe)
16 / 68 (PUP)
http://www.updatestar.com/.../2047653 (skyhook-wireless-wi-fi-service.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../325247 (free-wordlist-generator.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2051522 (epsonnet-print.exe)
12 / 68 (PUP)
http://www.updatestar.com/.../1836358 (mta-sa.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2036636 (mcafee-security-scan-plus.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../1632609 (windows-7-codec-pack.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../1848042 (updatestar-drivers.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2078253 (7-zip.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../1848042 (updatestar-drivers.exe)
16 / 68 (PUP)
http://www.updatestar.com/.../2079262 (mysql-server.exe)
13 / 68 (PUP)
http://www.updatestar.com/.../1848042 (updatestar-drivers.exe)
11 / 68 (PUP)
http://www.updatestar.com/.../2037068 (realtek-usb-card-reader.exe)
6 / 68 (PUP)
http://www.updatestar.com/.../2053779 (windows-7-codec-pack.exe)
1 / 68 (inconclusive)
http://www.updatestar.com/.../1384284 (manycam-remove-only.exe)
6 / 68 (PUP)
http://www.updatestar.com/.../2051535 (asus-ai-recovery.exe)
Okay, I see now.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Last time I downloaded the files was on June 19, no warnings then
 
D

Deleted member 21043

@Dani Santos If Findmysoft are using their downloaders/installers to download your product, Xvirus, and are packaging potentially unwanted programs (PUP) then I suggest you forget about using Findmysoft. Usually, it wouldn't be "as bad" as it looks now, but considering you are providing security* products, and are meant to be helping getting rid of malware/PUPs/advertisements (well that's with your ad blocker) it looks bad when there's a custom installer by one of the sites your product is hosted on, which is actually generating these problems (PUPs). I highly advise you contact the web master and get it removed, or if you can do it from your account on that website, do so. That's what I would do.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
I have just downloaded Mozilla FireFox from their site (inexperienced user mode activated) and it gave me this installer, when trying to run it, ESET gave me 7 alerts. When I tried to exit the installer, it automatically opens their page saying "download starting again" or something...

That's everything but not a good behavior :p

Capture.JPG
 
  • Like
Reactions: Malware1

Arakasi

Level 4
Verified
Jul 12, 2014
195
Hello,

As i say time and time again, ESET usually has the lowest false positives.
When you get behind a company like that, you know when their prompts come up, ITS NOT A FP.
Potentially unwanted applications are totally separate from the normal virus, trojans, etc.
Every single detection is on a case by case basis, and they research first. Its not heuristics when its in the form of a PUA.
If they are using downloaders, its most likely because they want ads in it.
So this findmysoft will remain on their db, if they are supporting bundles and downloaders. :)
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
I personally think that web pages like findmysoft and hundreds of those fake scammy web pages should be avoided.
What annoys me even more are those robot like sites that fetch download links from other pages and then Host a software based upon harvested links. It makes your software look bad and it adds PUP and downloaders and such.
It is IMO almost a crime. A short while ago i did hire a lawyer to have my software removed from 2 of such sites as i never released the software yet to be listed on ANY site other then my own. My soft was packed with a dozen ad-wares and a download manager that was forcing people to install it with the whole bundle.

That said my advise here is simple: Only host your software or link your software to respectable websites and make sure that the links you post on the web pages are hot link protected while authorized sites are white listed either by .htaccess or either by Admin panel.
Keep track of your software and make sure you got a refer checking script on your site that can see where links come from...

Keep in mind getting a bad rep on the net is easy... getting rid of it is a totally different matter...

I hope this helps.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top