Avast WEBforum
Other => General Topics => Topic started by: mchain on February 21, 2014, 11:26:50 PM
-
See attached below:
Second .jpeg is from a routine uninstall of the previous version of Foxit Reader Free using Revo Uninstaller Free.
Scanned the downloaded .exe file gotten from the vendor's site (31.9 MB) with both avast! and Malwarebytes Free before running it. Both reported file as clean. Checked the EULA for evidence of any unwanted extensions or add-ons the user was agreeing to install before executing the file. Found Open Candy present and noted that if the system was not connected to the Internet it would not download the components needed to install and run that, so out went the internet connection.
No-opt out dialog box was ever presented during the new install of Foxit Reader.
Updated definitions for Malwarebytes and ran that after install was complete. Did not allow Foxit Reader to run after installation was completed and the Finish window was open. Scanned new install with Malwarebytes, and it found three instances of malware. Rebooted the system after the Malwarebytes scan was completed and all were removed.
Newest version is 6.1.4.2017
Sneaky. And very irritating.
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
-
I changed to Sumatra about a year ago http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
-
I changed to Sumatra about a year ago http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
Thank you for that. What this really means is that user vigilance must be brought higher and higher levels, even with previously trusted software, when installing anything that is offered as free these days. Free has become not free, as it were.
Got Open Candy? It's your fault, as you did not read the EULA before you installed our free software. ::) >:(
-
Yeah Sumatra is a lot lighter than Foxit and doesn't install any toolbar on your system or you guys can still go back to Adobe because Sumatra had some trouble displaying some pdf pages with Chinese characters.
-
Are you aware PDF-XChange Viewer Free doesn't have Open Candy and it far lighter than Foxit
-
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
I recommend free PDF-XChange Viewer.
-
Sometimes extracting the installer with 7-Zip is the way to get "clean" installer that doesn't install adwares.
It is working with KMPlayer,Advanced Codecs etc.
-
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
I recommend free PDF-XChange Viewer.
Me too :) http://www.tracker-software.com/product/pdf-xchange-viewer
Sumatra is also good but it doesn't allow online editing of forms, I never got it to work for me anyway.
-
There's also NitroPDF (http://www.nitropdf.com/pdf-reader) and CutePDF (http://www.cutepdf.com/) for conversion to a PDF
You can also use the built in PDF reader in Chrome if that's your browser. :)
-
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
I recommend free PDF-XChange Viewer.
Another vote for PDF-XChange Viewer - I changed to this some time ago when Foxit PDF Reader Free got bloated and wanted to install a toolbar, etc.
CutePDF I used for some time, anything from the Cute range is likely to be good.
-
cdburnerxp also installs opencandy, and izarc installs another unwanted program http://forum.hosts-file.net/viewtopic.php?f=11&t=3603&hilit=izarc&start=10
-
Any other alternatives to Foxit Reader Free, now that this vendor, one of many, has now succumbed to this ad-based malware campaign?
I recommend free PDF-XChange Viewer.
Another vote for PDF-XChange Viewer - I changed to this some time ago when Foxit PDF Reader Free got bloated and wanted to install a toolbar, etc.
CutePDF I used for some time, anything from the Cute range is likely to be good.
Been using PDF-XChange for many years now, excellent software.
-
Thanks, everyone.
Will be making the change very soon. Excellent support. Thanks again to all. ;D
-
AdwCleaner does a good job of getting rid of the Open Candy bundled-pest. Not irritating that developers bundle, because I fully understand they also need a decent living, but irritating is that they are not up front about it and won't give you a chance to opt out or opt in even. You get these goodies delivered unwanted and mostly undesired, a classification term for a PUP. In the aftermath a lot of users even wonder where they got such an adware infection? So in this case it was a free reader that had it included.
MBAM also detects this Open Candy undesirable but cannot get rid of it completely and fails to reboot to do the final cleansing boot-bit of this pest.
We are entering days whenever you are not knowledgeable and assertive enough your computer or peripheral is slowly taken out of your hands, where others decide what crap to silently install onto it. Good we have these forums here to at least get some users informed and wake them up to these new developments.
polonus
-
As long as we've got this topic going, add this free tool to the list; formerly clean and good, now not: ImgBurn latest version 2.5.8.0 now also has unwanted adware installs [PUP's] w/o your explicit consent. And this file is direct from the vendor's site.
Next oldest version is clean: 2.5.7.0 Sometimes it doesn't pay to upgrade to a newer version; you can open your system to unknown/unexpected new risks when you do.
-
As long as we've got this topic going, add this free tool to the list; formerly clean and good, now not: ImgBurn latest version 2.5.8.0 now also has unwanted adware installs [PUP's] w/o your explicit consent. And this file is direct from the vendor's site.
Next oldest version is clean: 2.5.7.0 Sometimes it doesn't pay to upgrade to a newer version; you can open your system to unknown/unexpected new risks when you do.
Also mentioned at FileHippo comments 8 months ago http://www.filehippo.com/download_imgburn/comments/
-
Hi mchain,
As the proverbial Mr. Scrooge is now chief of the board in many places and with many developers also - the actual amount of "crap to get money" will just grow.
The fabric is coming loose at the seams, I think. Look at what a sloppy site a big corp like Nividia is being hosted -> http://forum.avast.com/index.php?topic=146812.msg1065958#new
Everybody wants those extra pennies, but at the same time wants to sit in the front row at minimal costs. One way or another you loose customers that way.
And in our example this is translated into dissatisfied users.
pol
-
Off topic
Pol I don't see what an infected webpage has to do with adware included with installers ???
You also know as well as I do that any site can be hacked at any given time so I don't think I would go as far as to call NVidia sloppy, everyone including AV companies are always playing catch up to the malware guys.
-
Hi craigb,
The common denominator here is "trying to burn the candle from both ends". And to have a cheap and insecure hoster and earn additional money from bundled downloads has the same underlying ideology. In that respect the policy is the same and it is wrong. Of course bundling software with crapware to get extra money and sloppy IT managment to save on cost is not the same, but the underlying principle is - that was what I wanted to point out. One is taking a penny on the side and the other one is saving it not having security as a first priority. Apples and pears compared, you are right there, but both "brown and putrid on the interior" ;D,
polonus
P.S. Nividia was not sloppy, those admins that hosted their site were ignoring basic security practices to deliver a secure ASP.site (the very basics were ignored and this led to the compromise, also that more than one domain were being hosted on the same IP and not on a dedicated server.
Sucuri did not see an attacked site because of any site that could be hacked, but this site was insecurely hosted.
D
-
P.S. Nividia was not sloppy, those admins that hosted their site were ignoring basic security practices to deliver a secure ASP.site (the very basics were ignored and this led to the compromise, also that more than one domain were being hosted on the same IP and not on a dedicated server.
Sucuri did not see an attacked site because of any site that could be hacked, but this site was insecurely hosted.
D
Thanks for the enlightenment :)
I liked your apples and pears comparison ;D
-
since cdburnerxp installs opencandy, does someone have another burning software to recommend?
-
Hi maugrimx,
Use the installer that omits OpenCandy.
Read here how to avoid: http://notestoneunturned.blogspot.nl/2012/12/how-to-install-cdburnerxp-and-winscp.html
link article author Tony Austin
polonus
-
thanks, but i will not use any program from that developer anymore.
-
Hi maugrimx,
I can understand your mindset, "once bitten twice shy." That is how they are shooting themselves in the foot bundling what they think is just common innocent adware to earn a few bucks on the side. Later when these developers wake up to the real facts, and they realize they have been taken for a cheap ride, they will never ever even admit this. This crap is like sugar, at first sight it looks good and tastes sweet, but all it really is producing is decay in the aftermath!
polonus
-
Unchecky (http://unchecky.com/) takes care of a lot of these and the program gets better with each update.
It can't uncheck what's never pre checked and simply installed without warning.
-
Opening the installer with 7-Zip and extracting the clean installer worked for me with Advanced Codecs.
Anyway,I don't use codec packs anymore.I install only codecs that I need.
I think we need a topic about "bad" installers where users can report about installers that install crap even if you
uncheck all the checkboxes.
-
Opening the installer with 7-Zip and extracting the clean installer worked for me with Advanced Codecs.
Anyway,I don't use codec packs anymore.I install only codecs that I need.
I think we need a topic about "bad" installers where users can report about installers that install crap even if you
uncheck all the checkboxes.
Agreed. Sort of like the security update thread, eh? ;D
-
Hi mchain,
A posting to my heart, thank you,
Such a list can already be found here: http://discuss.howtogeek.com/t/the-official-htg-list-of-software-that-bundles-crapware/1892
Common Program Offenders, All Offenders, How to commit some crapware
Nice site link for those that do not like crap.junk and foistware: http://ninite.com/ Just pick your apps and click Get Installer.
polonus
-
@maugrimx,
You can still use CDBurnerXP without having OpenCandy all you have to do is just download Default installer (Without OpenCandy) from CDBurnerXP, I've been using CDBurnerXP for years without any issue and I don't have OpenCandy.
When you pick the downloads tab from CDBurnerXP website look for 'More download options' and select this link and it will take to this see screen below just choose the Default installer (Without OpenCandy) from CDBurnerXP.
(http://my.jetscreenshot.com/18514/m_20140226-llzg-63kb.jpg) (http://my.jetscreenshot.com/18514/20140226-llzg-63kb)
-
I use AnyBurn. Very simple to use, no bundled crap. http://www.anyburn.com/
-
have downloaded anyburn, thanks :)
-
You're welcome.
As far as .pdf readers go i really like Sumatra PDF but i keep Adobe Reader installed as i have some .pdf files that are only displayed properly in Adobe Reader. I run both inside Sandboxie.
-
Thank you I switched to PDF-XChange Viewer,guys.
PS:
I scanned Foxit folder in PF with AIS and MBAM and results came out clean,no spyware/viruses.
-
Thank you I switched to PDF-XChange Viewer,guys.
You're welcome. You won't regret it.