Does www.official-drivers.com and DriverTuner serve malicious software?

[erlend_sh]

I had just reinstalled Windows 7 on my computer and immediately opened a browser to download the latest graphics drivers. official-drivers.com got me with a sponsored link using an ati.official-drivers.com sub-domain. I downloaded something called DriverTuner (drivertuner.com) by LionSea software, installed it, and immediately realized my mistake when I recognized the "we'll find drivers for you" type of software. I promptly uninstalled it and found the official driver.

So now I'm feeling paranoid, wondering if they managed to insert a virus somewhere before I'd installed Avast.

Are there any known culprits among the sites and software mentioned here?

[Pondus]

Url reputation can be tested here www.urlvoid.com / www.virustotal.com .... Select url scan just below the blue button

Suspicious files can be tested here www.virustotal.com / www.metascan-online.com / www.jotti.org

So now I'm feeling paranoid, wondering if they managed to insert a virus somewhere before I'd installed Avast.

If you want a check, follow guide and attach logs.   http://forum.avast.com/index.php?topic=53253.0

Og God jul og et godt nytt år.   

[Michael (alan1998)]

Hi,

It doesn't appear Malicious, however I am suspuicious. You will always be better getting the drivers from the Official Homepage (Logitech, Dell etc). I'd never trust these sites. The file I tried in Comodo isn't working. Most likely due to it being corrupt.

[Michael (alan1998)]

Note: the File name should have something to the effect of "DriversForLeogitech Headset XXXX" Type thing, Not setup.exe. I'll run these files inside my Virtual Machine and upload some results. However, don't download those files until deemed Safe. (Which I doubt will happen)

Malwr Report: https://malwr.com/analysis/ZGM5YWU0NTI3NDcwNDk1OGJhNzQ1ZDhkY2YwYzcxMDc/#
VirusTotal: https://www.virustotal.com/en/file/4e09d9006a6b4d57933df47e3b586859b8b790e8cade3869e8ed1eee8ca40ce1/analysis/

(Signed by Norton/Symantec + VeriSign)

Looking into it further w/ my Virtual Machine.

Creates a .tmp (Temp) folder called setup.tmp (.tmp being file extension for Temp). No notable to Startup keys to indicate Malware being present.

Possible Adware: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1

Uninstall should not be present w/ Drivers.

Recommended not to download these file further on that site.

[Secondmineboy]

Emsisoft is blocking the following link when i click on download: hxxp://www.official-drivers.com/setup.exe

[Michael (alan1998)]

Also,

I in order to get drivers, you must Register/Pay @ hxxp://xxx.drivertuner.com/register.php (Don't go there)

I'll ask Polonus to do some Site Scans for you...

[Michael (alan1998)]

Emsisoft is blocking the following link when i click on download: hxxp://www.official-drivers.com/setup.exe

Avast! does not block it. I'm going to fetch Polonus to do the Site scanning.

[Secondmineboy]

Setup.exe and Driver Tuner.exe are trusred by Kaspersky IS 2014

[polonus]

Add-driven site with malware according to Quttera scan and various instances of remote file inclusion shell malware now being closed:
http://support.clean-mx.de/clean-mx/viruses.php?ip=173.192.57.82&sort=firstseen%20desc
http://jsunpack.jeek.org/?report=9dc90b473abdc764cdb4ccc69dabae9653d0fc91
http://www.quttera.com/detailed_report/www.drivertuner.com
Site is not the "real McCoy" you searched for, look for better trustworthy alternatives.
IDS for: "ET RBN Known Russian Business Network IP group 27".
See: https://www.mywot.com/en/scorecard/official-drivers.com?utm_source=addon&utm_content=popup-donuts

polonus

[Michael (alan1998)]

IDS for: "ET RBN Known Russian Business Network IP group 27".

polonus

=Bad News Bear!

http://en.wikipedia.org/wiki/Russian_Business_Network

[polonus]

Hi allan1998,

Right, you are.  Well this RBN group is mainly into SEO Spam, clickfraud driven code and other cyber-brigand activities.
An IDS alert like this one via an urlquery dot net scan could  therefore be translated as "better stay away"....

polonus

[erlend_sh]

Wow, thanks a bunch for all the informative answers!

[It is all BS]

F.Y.I.  Asus requires you download and use that software to get updates.

[Michael (alan1998)]

It is All BS, you just answered a thread that is nearly 4 months old.... The issue has been resolved.

[Michigan guy]

 
Worst product I've ever wasted my money on!
Downloaded, installed and "fix drivers" CRASHED MY COMPUTER.... caused it to go to Partition reboot and wiped my drive losing EVERYTHING.
Now... I'm not a super tech, but I do consider myself knowledgeable, at least for a user.
The software was recommended by ASUA (I have a G75)
Needless. to say.. I AM Pissed!
They keep asking me to "give them another try".. REALLY???!?!?
They can kiss my @$$

Good luck to you if you use this software.. don't say you weren't warned.