Freeripmp3 from Cnet/Downloads.com

[DADSGETNDOWN]

Hello, I got this "Freeripmp3" from Cnets Downloads.com,
Avast says it's "Win32:Trojan-gen {Other}".
So I uploaded it to this "VirusTotal" below are the results, which I find troubling
Why ?, I use Trendmicro online scan, Windows Live online, Bitdefender,
Spybot Search and Destroy, Windows defender, I know about Kaspersky,
Authentium and others but hardly use them, none of these say anything
about the file, but look at the resluts from VirusTotal, and Looking at those
IF it isn't a Virus, it sure looks like a Spyware, Malware, toolbar, search sort
of thing.
What gives ?

File freeripmp3.exe received on 04.12.2008 15:29:48 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.4.12.0 2008.04.11 -
AntiVir 7.6.0.85 2008.04.11 DR/MyWebSearch.1793776
Authentium 4.93.8 2008.04.11 -
Avast 4.8.1169.0 2008.04.12 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.04.12 -
BitDefender 7.2 2008.04.12 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.12 -
DrWeb 4.44.0.09170 2008.04.12 Adware.MyWay
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5692 2008.04.11 -
Ewido 4.0 2008.04.12 -
F-Prot 4.4.2.54 2008.04.11 -
F-Secure 6.70.13260.0 2008.04.11 -
FileAdvisor 1 2008.04.12 -
Fortinet 3.14.0.0 2008.04.12 Adware/MyWebSearch
Ikarus T3.1.1.26 2008.04.12 not-a-virus:AdTool.Win32.MyWebSearch.br
Kaspersky 7.0.0.125 2008.04.12 not-a-virus:AdTool.Win32.MyWebSearch.br
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.12 -
NOD32v2 3020 2008.04.11 -
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.12 -
Prevx1 V2 2008.04.12 Heuristic: Suspicious File With Bad Parent Associations
Rising 20.39.52.00 2008.04.12 -
Sophos 4.28.0 2008.04.12 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.12 -
TheHacker 6.2.92.275 2008.04.12 -
VBA32 3.12.6.4 2008.04.06 -
VirusBuster 4.3.26:9 2008.04.12 -
Webwasher-Gateway 6.6.2 2008.04.11 Trojan.Dropper.MyWebSearch.1793776

[DADSGETNDOWN]

And here are Jotti Results.

File:  freeripmp3.exe 
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5:  022adf9bd30913deec6809c09b19f58d 
Packers detected:  UPX
Bit9 reports:  Not analyzed yet (more info)


Scan taken on 19 Apr 2008 22:05:55 (GMT) 
A-Squared  Found Infected 
AntiVir  Found DR/MyWebSearch.1793776 
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found AdTool.W32.MyWebSearch.br 
Dr.Web  Found Adware.MyWay 
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found not-a-virus:AdTool.Win32.MyWebSearch.br (6, 2, 615) 
Fortinet  Found Adware/MyWebSearch 
Ikarus  Found not-a-virus:AdTool.Win32.MyWebSearch.br 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

[lee16]

Myway/Mywebsearch is a form of very old spyware (its been well known for years), but some traditional scanners stick to just viruses/Trojans rather then all forms of malware.

I suggest you go to control panel>Add/Remove programs, then remove all instances of Mysearch/mywebsearch.
Then go to C:>program files, and delete all instances from there aswell.

Then run this program from tend micro called cwshreader

After this you may consider posting a hijackthis log to so we can comfirm your clean.

--lee

[DADSGETNDOWN]

Hi there Lee19 Thanks for the reply.
I have only downloaded it, From Cnets Download.com
I have not ran it in anyway shape or form.
So there will be no instances of anything.
I'm guessing I should delete this hunk of junk.
OH BTW yes, thanks for mentioning CWShredder,
I do Use that, have for years. forgot to mention it.
It does find CWS.msconfig, I edit my own, so it's a false positive.

[lee16]

Ahh ok if you haven't install it then there is no problem, so its safe to just delete yes, i noticed thought a little research before my first post that you made a post on the cnet website which is good, helping to spread the work helps to lessen the spread of infection, bad reviews on download sites help more then most people would think.

--lee

[Spyros]

FreeRip Mp3 has an optional "MyWebSearch" installer. You are clearly asked during installation whether you wish to install it or not. I always use the latest version of Free Rip and can asure you that you will not have any problem with it, as long as you do not install "MyWebSearch".

[DADSGETNDOWN]

Ahh ok if you haven't install it then there is no problem, so its safe to just delete yes, i noticed thought a little research before my first post that you made a post on the cnet website which is good, helping to spread the work helps to lessen the spread of infection, bad reviews on download sites help more then most people would think.
--lee

Hi again Lee,
I had a few reasons to post at CNET "too" or "also".
And you bring up a good point about spreading the word. I wanted other or second
opinions but the moderator didn't see it any of those ways, he/she said.

AS I have been doing this sort of this a while now (years), and I try to have common
sense, respect and thoughtfullness and such, The post has a does point, BUT to me
a very small point, and one that does not override (so to speak) ALL the reason I
posted there too.
I think he/she confused, what my post was about or why I posted it like, because I
mentioned where I got it.
The very first reply from the MOD, was.

"This forum can't help you"
"with anything to do with download.com. We here have nothing to do with that BUT you could post it in their section here
http://forums.cnet.com/5204-12543_102-0.html?forumID=141&tag=dir.forum

or you could fill out the form on the link below and someone that works for CNET would be able to help you.
http://cnet.custhelp.com/cgi-bin/cnet.cfg/php/enduser/ask.php"

I may have gotten to reporting to Download.com after the findings.

Each of the replies were not very nice or good.
If you read my posts and replies.
The forum says.

""CNET's Forum on viruses and spyware is the best source for finding the latest news, help, and troubleshooting
advice from a community of experts. Discussions cover how to detect, fix, and remove viruses, spyware, adware,
malware, and other vulnerabilities on Windows, Mac OS X, and Linux."

You can read all the posts and replies with the  link below, but to try and keep it
short "to late, Lol."
The MOD SAYS.

"Posting it here would just be a duplicate and is frowned on at ALL the security forums to post the same thing at more than one forum" 

Some of what he/she said had valid points for what he/she was trying to say, BUT
wasn't the subject or reasons I posted there. So to me it was off topic.
Almost like this post here now! Huh! (:
 

The Thread.
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=292043&messageID=2755234#2755234

[DADSGETNDOWN]

FreeRip Mp3 has an optional "MyWebSearch" installer. You are clearly asked during installation whether you wish to install it or not. I always use the latest version of Free Rip and can asure you that you will not have any problem with it, as long as you do not install "MyWebSearch".

I don't even chance things like this.

[DADSGETNDOWN]

So Mr. Lee, Mr. Lee
The question is,
To propely get rid of it and the Avast! knowledge of it,
Delete using Avast or delete the file itself then delete the Avast! knowledge
or log ?