Malware going back to the basics...

[polonus]

In a recent webbrowser tabpage hijacker cleansing it was found that the persistent spyware/fraudulent adware also had reset the policy value for the Google Chrome automatic updater in the registry. So when you opened up "About Chrome" you read that this service was disabled by administration.
So malware is back tampering with registry settings. A scan with MBAM would have brought this issue up, but the settings had to be reset manually via regedit, setting it from 0 to 1.
As bundled crapware now even comes with downloaders from respectable sites, we have to expect to see more of this in the coming future,

polonus

[Charyb-0]

Interesting. By installing the bundled crapware? What program was the crapware bundled with? Is the installation of the crapware user initiated?

I suppose this is in relation to what you posted in the viruses and worms section.

[polonus]

It came with this download: htxp://download.cnet.com/AirSnare/3000-2092_4-10255195.htm
Maybe this downloader does not have the added goodies: htxp://www.majorgeeks.com/files/details/airsnare.html
See: http://dottech.org/23420/cnet-crapware/
The only wat to avoid it is to go to the direct download link..
Airsnare also has an issue that it downgrades your existing ethereal version.
So be careful with cnet downloads...

polonus

[Charyb-0]

So, this was not some type of opt out option? It installed behind the scenes without user knowledge? It seems that, in the last couple years, this type of behavior has become more prevalent.

FileHippo and MajorGeeks are the only two I use anymore. Or, directly from the developer.

It's unfortunate that much freeware is now bundled with crapware. Especially, crapware that likes to take over settings in your browser and is difficult to remove. For instance, Babylon.

The modified CNET installer would have to be approved by the developer of the software, wouldn't it?

Would Avast's Browser Cleanup have taken care of the modified registry entry?

Thanks for the info.

[polonus]

Then it should have found this: Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Some software installation programs register themselves under this key (each with its own subkey GUID) to manage Protected Mode behavior.
On the same hand, if Microsoft determines that an application has a vulnerability and presents a danger to end users, Microsoft reserves the right to remove that application at any time from the elevation policy. N.B. Here that did not happen...
See: http://www.threatexpert.com/report.aspx?md5=a984b488679cf04ec6930b0865d0125a
How to kill it, see: http://www.windowsvc.com/bbs/board.php?bo_table=windowsvc&wr_id=57316
Sometimes Junkware Removal Tool by Thisisu can be used in the removal routine by a qualified removal expert, together with AdwCleaner.

polonus

[polonus]

A short list of crapware/junkware vendors made up by Ryans Tech

Crawler, LLC
- SiteRanker
- PC Power Speed
- 24x7 Help
Crawler.com
- Online Vault
Omega Partners Ltd
- AppGraffiti
Musiclab LLC
- Bearshare
FriendsChecker
iMesh
Inbox.com
-Inbox Toolbar
-RebateInformer
MyWebSearch
APN LLC
- Search-Results Toolbar
215 Apps
- Shopping Sidekick Plugin
Zendeals
- ZD Manager
Wajam
Torch
Mindspark
 - TelevisionFanatic Toolbar
Yontoo
unFriendChecker
Browser Protect
Maxwebsearch
Gaming Wonderland
Wise Convert
Speeditup Free
Community Smartbar
RegCleanPro
MyFasterPC
FileTypeAssistant
Save Path Deals

Xportsoft Technologies
-QuickPC Booster
-PC Optimizer Pro

remove anything from these vendors

polonus

[bob3160]

If you download a program from Cnet.com,
simply make sure that you download the actual program not their downloader.
You do have a choice:

[polonus]

Hi bob3160,

Yep, we are all aware of that now, as some had to learn this the hard way....
Also question is what junkware downloader to detect or what not: http://miekiemoes.blogspot.nl/2013/02/unwanted-or-wanted-toolbars-when-to.html (article author = miekiemoes)
The crapware sells for 40 dollarcents per download for Mexico up to a full buck for the U.S.A., so whenever you have 20.000 downloads a day, the developer can sure buy some extra ice-creams during this hot season  With this money going around the urge to bundle junkware is very real for some parties. Also the guy who takes the crapware off could earn 99 dollars for a  cleanse-all-your-crapware-routine for horrible toolbars etc. you would never choose to install by choice...

polonus