Malware going back to the basics...

In a recent webbrowser tabpage hijacker cleansing it was found that the persistent spyware/fraudulent adware also had reset the policy value for the Google Chrome automatic updater in the registry. So when you opened up “About Chrome” you read that this service was disabled by administration.
So malware is back tampering with registry settings. A scan with MBAM would have brought this issue up, but the settings had to be reset manually via regedit, setting it from 0 to 1.
As bundled crapware now even comes with downloaders from respectable sites, we have to expect to see more of this in the coming future,

polonus

Interesting. By installing the bundled crapware? What program was the crapware bundled with? Is the installation of the crapware user initiated?

I suppose this is in relation to what you posted in the viruses and worms section.

It came with this download: htxp://download.cnet.com/AirSnare/3000-2092_4-10255195.htm
Maybe this downloader does not have the added goodies: htxp://www.majorgeeks.com/files/details/airsnare.html
See: http://dottech.org/23420/cnet-crapware/
The only wat to avoid it is to go to the direct download link…
Airsnare also has an issue that it downgrades your existing ethereal version.
So be careful with cnet downloads…

polonus

So, this was not some type of opt out option? It installed behind the scenes without user knowledge? It seems that, in the last couple years, this type of behavior has become more prevalent.

FileHippo and MajorGeeks are the only two I use anymore. Or, directly from the developer.

It’s unfortunate that much freeware is now bundled with crapware. Especially, crapware that likes to take over settings in your browser and is difficult to remove. For instance, Babylon.

The modified CNET installer would have to be approved by the developer of the software, wouldn’t it?

Would Avast’s Browser Cleanup have taken care of the modified registry entry?

Thanks for the info.

Then it should have found this: Microsoft\Internet Explorer\Low Rights\ElevationPolicy{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Some software installation programs register themselves under this key (each with its own subkey GUID) to manage Protected Mode behavior.
On the same hand, if Microsoft determines that an application has a vulnerability and presents a danger to end users, Microsoft reserves the right to remove that application at any time from the elevation policy. N.B. Here that did not happen…
See: http://www.threatexpert.com/report.aspx?md5=a984b488679cf04ec6930b0865d0125a
How to kill it, see: http://www.windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=57316
Sometimes Junkware Removal Tool by Thisisu can be used in the removal routine by a qualified removal expert, together with AdwCleaner.

polonus

A short list of crapware/junkware vendors made up by Ryans Tech

Crawler, LLC - SiteRanker - PC Power Speed - 24x7 Help Crawler.com - Online Vault Omega Partners Ltd - AppGraffiti Musiclab LLC - Bearshare FriendsChecker iMesh Inbox.com -Inbox Toolbar -RebateInformer MyWebSearch APN LLC - Search-Results Toolbar 215 Apps - Shopping Sidekick Plugin Zendeals - ZD Manager Wajam Torch Mindspark - TelevisionFanatic Toolbar Yontoo unFriendChecker Browser Protect Maxwebsearch Gaming Wonderland Wise Convert Speeditup Free Community Smartbar RegCleanPro MyFasterPC FileTypeAssistant Save Path Deals

Xportsoft Technologies
-QuickPC Booster
-PC Optimizer Pro

remove anything from these vendors

polonus

If you download a program from Cnet.com,
simply make sure that you download the actual program not their downloader.
You do have a choice:

http://www.screencast-o-matic.com/screenshots/u/Lh/1373408358318-11515.png

Hi bob3160,

Yep, we are all aware of that now, as some had to learn this the hard way…
Also question is what junkware downloader to detect or what not: http://miekiemoes.blogspot.nl/2013/02/unwanted-or-wanted-toolbars-when-to.html (article author = miekiemoes)
The crapware sells for 40 dollarcents per download for Mexico up to a full buck for the U.S.A., so whenever you have 20.000 downloads a day, the developer can sure buy some extra ice-creams during this hot season :stuck_out_tongue: With this money going around the urge to bundle junkware is very real for some parties. Also the guy who takes the crapware off could earn 99 dollars for a cleanse-all-your-crapware-routine for horrible toolbars etc. you would never choose to install by choice…

polonus