Maybe malware site

[boombastik]

I think that i found a malware site with froud downloads.
hxxp://www.uptodown.com/

and from there---> hxxp://avast-home.uptodown.com
Is this site legitame?

[Pondus]

URLVoid

Report   2011-09-07 21:27:58 (GMT 1)
Website   uptodown.com
Domain Hash   76b59d0c53fb780e3984234bcf529194
IP Address   46.105.108.62 [SCAN]
IP Hostname   ns222339.ovh.net
IP Country    -- (--)
AS Number   16276
AS Name   OVH OVH Systems
Detections   2 / 23 (9 %)
Status   SUSPICIOUS

Scanning site with:   hpHosts     DETECTED
Scanning site with:   ParetoLogic URL Clearing House     DETECTED



URLVoid

Report   2011-03-07 01:53:18 (GMT 1)
Website   avast-home.uptodown.com
Domain Hash   0113e3996e92a1cb1c02eee4b9baa414
IP Address   81.19.96.183 [SCAN]
IP Hostname   eva0600016-vip-media-ingea.eu.verio.net
IP Country    ES (Spain)
AS Number   2914
AS Name   NTT-COMMUNICATIONS-2914 - NTT America, Inc.
Detections   0 / 18 (0 %)
Status   CLEAN

[polonus]

Hi boombastik & Pondus

Well the average scanners do not flag anything but javascript irregularity is being flagged,
maybe that was the reason for the suspicious status, see description below...

So scans lLook fine here: http://urlquery.net/report.php?id=2721
also here: http://siteinspector.comodo.com/public/reports/323138

But a specific JS unpacker scanner flags "maxruntime exceeded",
so 2 suspicious instances found, e.g.:
-www.uptodown.com/ suspicious
[suspicious:2] (ipaddr:46.105.108.62) (var portal) -www.uptodown.com/
here >     status: (referer=-gstatic.uptodown.net/js/es.v10.23.js)saved 50570 bytes f7332d72c7ec545b171964b79e133bc73fd0c20f
     info: [script] -partner dot googleadservices dot com/gampad/service.js

polonus

[Left123]

Anyone remember avastfrance.fr or something like that which would download a Hoax/avast?
Maybe something alternative?

[boombastik]

Well i check some downlods from the site in a test machine with deep freeze.
All the downloads are legitame programmes  witch come with an installer  with a conduit toolbar.
(name:uptodown toolbar)
In the installer u have the option to install or not this crap with the option to change your home page in somthing like google powered by uptodown.
If it ur choise to install the toolbar without the search engine, it will change it. So the option to change your homepage simply dosent work.(it will change it with or without you confirmation).
Also the unistaller dont remove the toolbar.(if u want to remove it ,it comes with an unistaller but it doesnt work).So u need third party tools to remove it from IE.
Also i check the avast from their site, is it legitame to have the avast with the option of the toolbar?
An non experience user will install the avast with that toolbar but the real installer of avast has no toolbar..

[Coolmario88]

An non experience user will install the avast with that toolbar but the real installer of avast has no toolbar..

In Internet Explorer WebRep is a toolbar. So the real avast installer does have a toolbar which is WebRep in IE 

[boombastik]

All the downloads are legitame programmes  witch come with an installer  with a conduit toolbar.
(name:uptodown toolbar)

Well the diference is that u can unistall the webrep if u dont like it. For conduit can we say the same?

[polonus]

Hi boombastik,

Normally it should be like that via "Start", "Control Panel", "Uninstall a programme", Select "Conduit" and click uninstall, Click "Remove Conduit Engine and all your apps" button, click "Remove" button and you done, Conduit extension in Fx can be removed like other extensions, but sometimes help from a qualified remover is necessary to remove remnants/garbage. There are specific removal tools to do this,

polonus