Possible bad site please help rate accordingly

Post Reply
jeff134
Posts: 171
Joined: Fri Nov 05, 2010 12:42 am

Possible bad site please help rate accordingly

Post by jeff134 » Mon Jan 03, 2011 6:08 pm

Hey Guys,

Just went to this site from clicking on a Google ad,

hXXp://performersoft.com/drsearch2.php?brand=Siemens&driver=driver&tid=21402&KEYWORD_K=siemens%20driver&TRACKING_ID_K=21402&CHANNEL_K=google&CAMPAIGN_K=RadarSync&AdGROUP_K=Siemens

and tried to download the Siemens driver needed for my phone to work. Turns out I downloaded something called zugo ltd as identified by VIPRE on VirusTotal:

http://www.virustotal.com/file-scan/report.html?id=00e4cb818e85709e7c0a78635b0361c569df663918222c20e2fe6a7ae103cd16-1293766623

Please look over the website and let me know what you guys think.

Guest

RE: Possible bad site please help rate accordingly

Post by Guest » Mon Jan 03, 2011 9:22 pm

@ jeff134 = Welcome!
From I gather you may have installed Bing tool bar , just remove it [ add /remove ] that should do it
Hopefully in this link you may find better information
http://www.sunbeltsecurity.com/ThreatDisplay.aspx?name=Zugo%20Ltd%20%28v%29&tid=4722231&cs=A59EA3009AA7F37C0A115EE1805EAF1E
This only information , I am not recommending this one in particular , since I am not familiar with it -
Best wishes !

eindustries
Posts: 115
Joined: Thu Jun 17, 2010 12:28 am

RE: Possible bad site please help rate accordingly

Post by eindustries » Mon Jan 03, 2011 9:28 pm

I agree.

jeff134
Posts: 171
Joined: Fri Nov 05, 2010 12:42 am

RE: Possible bad site please help rate accordingly

Post by jeff134 » Tue Jan 04, 2011 4:12 am

Thanks for the welcome.

It did not actually install the toolbar which was very weird. I downloaded it then double clicked like an idiot with complete faith in what the ad was saying to me.

I guess I was just bringing it up as to more of a warning and reminder that no matter what you were told it might not be in fact what is downloaded.

Warxas
Posts: 1152
Joined: Sun Nov 16, 2008 11:07 pm

RE: Possible bad site please help rate accordingly

Post by Warxas » Tue Jan 04, 2011 5:21 am

I haven't checked this, but remember, only 1/43 scanners detecting something is very, very low. It could indicate a false positive. (But not always!)

Guest

RE: Possible bad site please help rate accordingly

Post by Guest » Tue Jan 04, 2011 5:26 am

@ jeff134

why do not you try to upload that file to http://www.threatexpert.com/submit.aspx ? They will analyze for you into a protected environment, then they will send you back their analisys.

It seems more a driver than a malware

[edit]
Threat Expert report

http://www.threatexpert.com/report.aspx?md5=824a5f98d60619774973b9762a5aec9d


What's been found Severity Level
Downloads/requests other files from Internet.


[url=https://www.mywot.com'http://img545.imageshack.us/i/senzanomefr.png/' t='_blank']Image[/url]

Uploaded with [url=https://www.mywot.com'http://imageshack.us' t='_blank']ImageShack.us[/url]

jeff134
Posts: 171
Joined: Fri Nov 05, 2010 12:42 am

RE: Possible bad site please help rate accordingly

Post by jeff134 » Tue Jan 04, 2011 5:38 am

@leoflix

I did do a virus total review and it was only 1/43 but this comes back to my expectation of what I was downloading. i got to that page via an ad specifically advising it would give me a siemens driver. It did not, and your report did show me something else I did not notice before with the changes, It seems that the file changes are more related to conduit toolbar installation or something of that nature vs, the actual driver.

Thank you for the screen shot of the page, and I fully understand what it is saying, I am simply stating again that I went to that page, tried to follow their instructions and was instead given a different program file.

@warxas

Yes I agree that it is very low it just seems odd that this page does not do what it explicitly states that it will do, and their FaceBook "Like" group is in no way at all related to this apparent program.

After you click like you get to see that you now like "Smileys for your FB, click here!" ???

I just wanted other people to take a look at it and let me know what they thought as I thought something was a little fishy with it so thank you both for your time.

Guest

RE: Possible bad site please help rate accordingly

Post by Guest » Tue Jan 04, 2011 5:57 am

@ jeff134
you are welcome

indeed there are traces of Conduit (which is not malware even if it is an undesiderable toolbar)

# HKEY_CURRENT_USER\Software\Conduit
# HKEY_CURRENT_USER\Software\Conduit\AppPaths
# HKEY_CURRENT_USER\Software\Conduit\Ap

It smells of scam.

Who need driver for siemens should go to the official siemens support webpage to download them.
And for who is looking for siemens drivers do not need a conduit toolbar for sure

Tell me, please, was that toolbar prechecked during setup or it has been downloaded and installed without user notice?

tellonem
Posts: 579
Joined: Mon Jul 12, 2010 4:19 pm

RE: Possible bad site please help rate accordingly

Post by tellonem » Tue Jan 04, 2011 5:59 am

You have a reason to be concerned. Norton safeweb says OK. WOT has no rating at the time, and I assume you already did the URLvoid check. I am particularly leery of driver downloads and usually use the computer manufacturers site to download drivers. I don't have the knowledge to rate it, and I'm afraid to visit the site, until I get VMware.

jeff134
Posts: 171
Joined: Fri Nov 05, 2010 12:42 am

RE: Possible bad site please help rate accordingly

Post by jeff134 » Tue Jan 04, 2011 6:08 am

@leoflix

I am aware of conduit and can agree and somewhat disagree that they are not malware. They continually push installs and allow their affiliates/partners to use deceiving methods to push their installs.

With this situation I was actually on a driver site that had some drivers then I saw a Google ad advising that it would install the Siemens driver for free and automatically for me. So I went to the site and without thinking downloaded and double clicked the file that I had downloaded labeled SiemensDrivers. But nothing happened so I got a bit wary and realized I had ignored common sense and just opened who knows what so I went to virus total and it gave me the one description that I put up here.

I put my rating up and left a comment but it had no impact on it and I was thinking that if I could help out someone who might be in my situation avoid the fear that came along with just trying to get a driver but getting the more seasoned WOT community to look at it that would be great. On the flip side it would also have been good if everyone told me not to worry and that I was just being a good.

I just think that this is a scam that people should know about, and there was no installation or anything as I do notice the prechecked or opt out upsells/installs that conduit loves so much.

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 4 guests