Author Topic: CNET avast installer bundled with malware?  (Read 4021 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
CNET avast installer bundled with malware?
« on: October 16, 2015, 07:54:38 PM »
So I noticed I had the cnet version of the avast installer this morning and that was the one I was using. Decided to scan it on virustotal alongside with the official avast installer from the forum, here's what I got:

CNET: https://www.virustotal.com/en/file/cf1e4b16335d85acdb9a4c32f5c6917665e7efc935efcae9ad6b4045fed7f3e0/analysis/1445016172/
Avast: https://www.virustotal.com/en/file/001530f750b0fcb2d1648a1c56f8231150d92d11aac2f265654cdedf07cf2368/analysis/1445016228/

Also a few things to note here, i've uninstalled the cnet version now for peace of mind. My computer was running sluggish before and I also noticed some websites weren't functioning properly like thumbnails not loading when they should have been, and software updater wasn't functioning properly either. The avast installation folder was also over 2 gigabytes with the cnet version and 500 mb when installed through here. So why is avast still redirecting their users to cnet? It just seems like a bad idea to me. Theres better options out there like Filehippo which my adblock won't discourage me from going to. https://i.imgur.com/pCp9OXc.png

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37644
  • F-Secure user
Re: CNET avast installer bundled with malware?
« Reply #1 on: October 16, 2015, 08:10:25 PM »
many download sites have PUP in the installers   http://www.howtogeek.com/198622/heres-what-happens-when-you-install-the-top-10-download.com-apps/

PUP = Possible Unwanted Software  https://www.virusbtn.com/resources/glossary/potentially_unwanted.xml

a very good PUP remover is Malwarebytes


REDACTED

  • Guest
Re: CNET avast installer bundled with malware?
« Reply #2 on: October 16, 2015, 08:24:00 PM »
Malwarebytes is what I use, luckily it didn't find anything. Avast should seriously make it easier to find the clean download on the homepage though. I had to dig around the forums to find it. There's something weird going on with the "free download" button on the homepage. Sometimes it'll take you to cnet, sometimes it won't. Not sure what's going on here, is this a bug?
« Last Edit: October 16, 2015, 08:31:15 PM by stamos95 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re: CNET avast installer bundled with malware?
« Reply #3 on: October 16, 2015, 08:40:50 PM »
You have to exercise care in Cnet (a.k.a. download.com) as it has a bit of deception in it suggests using its downloader/installer and this is where the crap ware (not malware) comes from.

There should be a direct download link to get avast and not use their installer/downloader.

Here is a direct download link for the full avast setup file http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: CNET avast installer bundled with malware?
« Reply #4 on: October 16, 2015, 08:55:45 PM »
You have to exercise care in Cnet (a.k.a. download.com) as it has a bit of deception in it suggests using its downloader/installer and this is where the crap ware (not malware) comes from.

There should be a direct download link to get avast and not use their installer/downloader.

Here is a direct download link for the full avast setup file http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe.
There was no installer/downloader that came with that file from cnet. It's being advertised as a secure download on their website so theres no way to 'opt out' of the crapware. My main concern is why avast still hosts the cnet download on the homepage? https://imgur.com/YBhvi5w

« Last Edit: October 16, 2015, 08:58:17 PM by stamos95 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89438
  • No support PMs thanks
Re: CNET avast installer bundled with malware?
« Reply #5 on: October 16, 2015, 11:02:19 PM »
That's the thing it was very difficult to find the setup file without a good deal of hunting. But it looks like they have dispensed with direct download without CNET's download setup file.

Since I'm on the 2016 beta build I can't check against what comes down the pipe from cnet.

Avast is on a number of different download sites, but cnet is still the one pushed by avast. Previous complaints have been made about this behaviour by cnet. And avast had stated there should be a direct download available without any cnet crapware, looks like that has gone by the wayside.

Personally I don't like this download of what is termed an on-line setup file (just over 5MB) when the full off-line installation file is of the order of 140MB or more. It isn't the full installation but a stub installer that then downloads the components required.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6699
  • Trust only what you test yourself!
Re: CNET avast installer bundled with malware?
« Reply #6 on: October 16, 2015, 11:27:27 PM »
I have made it a practice to download software from the vendors website.
I don't remember the last time I used cnet.com/download.com. I don't
like to have some website using "their" software to track downloads.

Another good addition is adwcleaner which can be safely downloaded from http://www.bleepingcomputer.com/download/adwcleaner/
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: CNET avast installer bundled with malware?
« Reply #7 on: October 17, 2015, 12:19:52 AM »
That's the thing it was very difficult to find the setup file without a good deal of hunting. But it looks like they have dispensed with direct download without CNET's download setup file.

The full installs (including the latest betas) are still available via the direct download links(I just downloaded them to verify).  Avast has chosen to not publish the links to the full downloads in the last two beta announcements.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CNET avast installer bundled with malware?
« Reply #8 on: October 17, 2015, 05:38:03 PM »
So I noticed I had the cnet version of the avast installer this morning and that was the one I was using. Decided to scan it on virustotal alongside with the official avast installer from the forum, here's what I got:

CNET: https://www.virustotal.com/en/file/cf1e4b16335d85acdb9a4c32f5c6917665e7efc935efcae9ad6b4045fed7f3e0/analysis/1445016172/
Avast: https://www.virustotal.com/en/file/001530f750b0fcb2d1648a1c56f8231150d92d11aac2f265654cdedf07cf2368/analysis/1445016228/

Also a few things to note here, i've uninstalled the cnet version now for peace of mind. My computer was running sluggish before and I also noticed some websites weren't functioning properly like thumbnails not loading when they should have been, and software updater wasn't functioning properly either. The avast installation folder was also over 2 gigabytes with the cnet version and 500 mb when installed through here. So why is avast still redirecting their users to cnet? It just seems like a bad idea to me. Theres better options out there like Filehippo which my adblock won't discourage me from going to. https://i.imgur.com/pCp9OXc.png
The download you got from Cnet or Download.com was the stub installer. Which means it downloads the actual installer.

Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
Re: CNET avast installer bundled with malware?
« Reply #9 on: October 17, 2015, 06:54:42 PM »
So I noticed I had the cnet version of the avast installer this morning and that was the one I was using. Decided to scan it on virustotal alongside with the official avast installer from the forum, here's what I got:

CNET: https://www.virustotal.com/en/file/cf1e4b16335d85acdb9a4c32f5c6917665e7efc935efcae9ad6b4045fed7f3e0/analysis/1445016172/
Avast: https://www.virustotal.com/en/file/001530f750b0fcb2d1648a1c56f8231150d92d11aac2f265654cdedf07cf2368/analysis/1445016228/

Also a few things to note here, i've uninstalled the cnet version now for peace of mind. My computer was running sluggish before and I also noticed some websites weren't functioning properly like thumbnails not loading when they should have been, and software updater wasn't functioning properly either. The avast installation folder was also over 2 gigabytes with the cnet version and 500 mb when installed through here. So why is avast still redirecting their users to cnet? It just seems like a bad idea to me. Theres better options out there like Filehippo which my adblock won't discourage me from going to. https://i.imgur.com/pCp9OXc.png
The download you got from Cnet or Download.com was the stub installer. Which means it downloads the actual installer.
They are both stub installers I know this. What could cnet be doing to the file to make theirs get detected as malware? They should get the same detections if they are in fact the same untouched stub installer.  Are avast users really getting the same experience downloading from a third party site like that? It's kind of ironic how avast redirects you to a site notorious for its pups and viruses just to install their software which is supposed to protect you from that.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48700
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CNET avast installer bundled with malware?
« Reply #10 on: October 17, 2015, 07:42:40 PM »
So I noticed I had the cnet version of the avast installer this morning and that was the one I was using. Decided to scan it on virustotal alongside with the official avast installer from the forum, here's what I got:

CNET: https://www.virustotal.com/en/file/cf1e4b16335d85acdb9a4c32f5c6917665e7efc935efcae9ad6b4045fed7f3e0/analysis/1445016172/
Avast: https://www.virustotal.com/en/file/001530f750b0fcb2d1648a1c56f8231150d92d11aac2f265654cdedf07cf2368/analysis/1445016228/

Also a few things to note here, i've uninstalled the cnet version now for peace of mind. My computer was running sluggish before and I also noticed some websites weren't functioning properly like thumbnails not loading when they should have been, and software updater wasn't functioning properly either. The avast installation folder was also over 2 gigabytes with the cnet version and 500 mb when installed through here. So why is avast still redirecting their users to cnet? It just seems like a bad idea to me. Theres better options out there like Filehippo which my adblock won't discourage me from going to. https://i.imgur.com/pCp9OXc.png
The download you got from Cnet or Download.com was the stub installer. Which means it downloads the actual installer.
They are both stub installers I know this. What could cnet be doing to the file to make theirs get detected as malware? They should get the same detections if they are in fact the same untouched stub installer.  Are avast users really getting the same experience downloading from a third party site like that? It's kind of ironic how avast redirects you to a site notorious for its pups and viruses just to install their software which is supposed to protect you from that.
Downloading certain software from Cnet may come to you with an installer that adds Pup's. A Pup is not a virus.
Your Avast download from that site doesn't include their installer. it's the same file available directly from Avast.
The links you provided only showed one detection. The company to ask as to what they found according to your link is Rising AV.
That same company showed it as clean on your second link.
I personally see no danger at all but, it's your computer, not mine. (I'm also running the latest beta.)[size=78%] [/size]
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet