Does www.official-drivers.com and DriverTuner serve malicious software?

I had just reinstalled Windows 7 on my computer and immediately opened a browser to download the latest graphics drivers. official-drivers.com got me with a sponsored link using an ati.official-drivers.com sub-domain. I downloaded something called DriverTuner (drivertuner.com) by LionSea software, installed it, and immediately realized my mistake when I recognized the “we’ll find drivers for you” type of software. I promptly uninstalled it and found the official driver.

So now I’m feeling paranoid, wondering if they managed to insert a virus somewhere before I’d installed Avast.

Are there any known culprits among the sites and software mentioned here?

Url reputation can be tested here www.urlvoid.com / www.virustotal.com … Select url scan just below the blue button

Suspicious files can be tested here www.virustotal.com / www.metascan-online.com / www.jotti.org

So now I'm feeling paranoid, wondering if they managed to insert a virus somewhere before I'd installed Avast.
If you want a check, follow guide and attach logs. http://forum.avast.com/index.php?topic=53253.0

Og God jul og et godt nytt år. :wink:

Hi,

It doesn’t appear Malicious, however I am suspuicious. You will always be better getting the drivers from the Official Homepage (Logitech, Dell etc). I’d never trust these sites. The file I tried in Comodo isn’t working. Most likely due to it being corrupt.

Note: the File name should have something to the effect of “DriversForLeogitech Headset XXXX” Type thing, Not setup.exe. I’ll run these files inside my Virtual Machine and upload some results. However, don’t download those files until deemed Safe. (Which I doubt will happen)

Malwr Report: https://malwr.com/analysis/ZGM5YWU0NTI3NDcwNDk1OGJhNzQ1ZDhkY2YwYzcxMDc/#
VirusTotal: https://www.virustotal.com/en/file/4e09d9006a6b4d57933df47e3b586859b8b790e8cade3869e8ed1eee8ca40ce1/analysis/

(Signed by Norton/Symantec + VeriSign)

Looking into it further w/ my Virtual Machine.

Creates a .tmp (Temp) folder called setup.tmp (.tmp being file extension for Temp). No notable to Startup keys to indicate Malware being present.

Possible Adware: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall{520C1D80-935C-42B9-9340-E883849D804F}_is1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall{520C1D80-935C-42B9-9340-E883849D804F}_is1

Uninstall should not be present w/ Drivers.

Recommended not to download these file further on that site.

Emsisoft is blocking the following link when i click on download: hxxp://www.official-drivers.com/setup.exe

Also,

I in order to get drivers, you must Register/Pay @ hxxp://xxx.drivertuner.com/register.php (Don’t go there)

I’ll ask Polonus to do some Site Scans for you…

Avast! does not block it. I’m going to fetch Polonus to do the Site scanning.

Setup.exe and Driver Tuner.exe are trusred by Kaspersky IS 2014

Add-driven site with malware according to Quttera scan and various instances of remote file inclusion shell malware now being closed:
http://support.clean-mx.de/clean-mx/viruses.php?ip=173.192.57.82&sort=firstseen%20desc
http://jsunpack.jeek.org/?report=9dc90b473abdc764cdb4ccc69dabae9653d0fc91
http://www.quttera.com/detailed_report/www.drivertuner.com
Site is not the “real McCoy” you searched for, look for better trustworthy alternatives.
IDS for: “ET RBN Known Russian Business Network IP group 27”.
See: https://www.mywot.com/en/scorecard/official-drivers.com?utm_source=addon&utm_content=popup-donuts

polonus

=Bad News Bear!

http://en.wikipedia.org/wiki/Russian_Business_Network

Hi allan1998,

Right, you are. Well this RBN group is mainly into SEO Spam, clickfraud driven code and other cyber-brigand activities.
An IDS alert like this one via an urlquery dot net scan could therefore be translated as “better stay away”…

polonus

Wow, thanks a bunch for all the informative answers!

F.Y.I. Asus requires you download and use that software to get updates.

It is All BS, you just answered a thread that is nearly 4 months old… The issue has been resolved.

:-[ :-[ :-[ :-[
Worst product I’ve ever wasted my money on!
Downloaded, installed and “fix drivers” CRASHED MY COMPUTER… caused it to go to Partition reboot and wiped my drive losing EVERYTHING.
Now… I’m not a super tech, but I do consider myself knowledgeable, at least for a user.
The software was recommended by ASUA (I have a G75)
Needless. to say… I AM Pissed!
They keep asking me to “give them another try”… REALLY???
They can kiss my @$$

Good luck to you if you use this software… don’t say you weren’t warned.

Hi Michigan guy,

You were a victim of an OutBrowse monitizer bundling product with a very poor reputation: https://www.mywot.com/en/scorecard/outbrowse.com?utm_source=addon&utm_content=popup -
Read about your OutBrowse bundled adware variant: http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OutBrowse%20Revenyou/detailed-analysis.aspx

Thanks for sharing your experiences.
As a general warning to those that consider downloading,
see: http://www.herdprotect.com/setup.exe-3851fc1b1715a7052587bd430aa18b9aadad4b1b.aspx
Software comes bundled with PUP: PUP.Optional.Installer.LionSeaSoftwarecoltd.F → http://www.herdprotect.com/ip-address-72.247.10.24.aspx
See: http://www.herdprotect.com/ip-address-54.235.251.129.aspx and http://www.herdprotect.com/ip-address-23.21.98.30.aspx
Free software to-day comes bundled “at a crap bundled adware price”, see: http://www.herdprotect.com/domain-install.optimum-installer.com.aspx

Always look to download a custom software install from the few remaining upfront downloading sites.
But to-day one often finds oneself between a rock and a hard stone.

polonus

Any chance Slim Drivers, by SlimWare, could also be a suspect product? After downloading and running once, my Windows Update and Windows Online Help features were disabled. So, not only was I not able to download important updates, but I was prevented from effectively troubleshooting the problem.

You may be right, look here what comes bundled: http://www.herdprotect.com/signer-slimware-utilities-inc-396592a759309a28f5d983a5a376da47.aspx
Sality variant, certainly you do not want on your comp or peripherals,

polonus

Ugh. Then maybe it is the cause of my problems.

http://forum.avast.com/index.php?topic=150374.0

I got it from Download.com (Cnet) so assumed it would be safe . . .

I download a Canon_PIXMA_MX348_XPS_536 driver from www.official-drivers.com successfully.
Although it is a little complicated for me to find the wrong place to download.
I know this website also sells driver update tool. It’s much convenient.