Dear Sir/Madam:
My English is not good,but I will try to describe
the situation in English I encountered in as much detail
as possible(I'm a Taiwanese).
I have run a virus scan (with Avast premium trail) on the software before installing it.
Nothing unusual.
I saw some tick boxes with garbled message during the installation.
About 2 minutes after installation, an unknown software shortcut
appears on the desktop,probably a rogue software download in the background.
I then checked the system logs and found that the following
software had been installed on my computer without permission:
元气壁纸服务 kdeskcore.exe
元气桌面动态壁纸 kwallpaper.exe
元气桌面锁屏 keyemain.exe
元气桌面整理 kdesk64.exe
万能输入法 setup_wnpykb001.exe
I was also forced to install Kingsoft Antivirus, but for unknown reason
the rogue software didn't install Kingsoft Antivius when I was screen recording.
The lock screen of Windows 10 is also bundled, forcing you to add a program that covers the full screen.
These were very difficult to remove and were finally removed using revo uninstaller.
After a second test on my virtual machine (I always reset the virtual machine with snapshots and
all anti-virus software set to maximum sensitivity before testing)
Trand marco,ESET,bitdefender, Avria
These anti-viruses cannot be scanned for viruses before installation,
but rogue background installations are successfully blocked.
Kaspersky and Avast only detect part of the rogue software execution and do not completely
block the background installation of the rogue software.
I have posted the full process of my test on Youtube
at the following link:
(Software used during testing:Windows 10 64bit 20H2 Traditional Chinese, VMWare Workstation Pro 15)
KIS:https://youtu.be/HieXbbzUWZw
Avria Free:https://youtu.be/9YART6QygRE
ESET:https://youtu.be/c_mtWASGTIQ
bitdefender:https://youtu.be/igGfoImkD60
Avast preminum:https://youtu.be/jQc2D_IP90I
Trand marco:https://youtu.be/wwPINejM7ic
All Antivirus scan logs here(password:infected)
htxps://drive.google.com/drive/folders/13TJlfzBXwdci5s49Nm3Mz3pyn7Jx9_kJ?usp=sharing
Infected files here
htxps://drive.google.com/drive/folders/1BU2_YfS0AwYeM3L4It-klVfFKvOuhDHE?usp=sharing
Intected website:
htxp://www.pcgeshi.com/
