Jump to content

schmeffn

Members
  • Content Count

    6
  • Joined

  • Last visited

About schmeffn

  • Rank
    Newbie
  1. Thanks. I looked at some other KBs, but the ones that seemed the most interesting were all broken links. The error message said you had it under control and that you had been notified so I didn't say anything.
  2. Maybe I'm not being clear here. What's with the unnecessary, bizarre, and highly suspect domain names on your main download link? Are you starting a "Central Head Repository"? Selling "Preset Tours Signs"? One would think that your download link would lead to your download site.
  3. Nice to know, thanks! I may have been going on some old information it seems. Is there a command line option during the install, or a registry entry after the install to disable the (auto)update (checking)function?
  4. Why would they ever do that? Why would attackers, after breaking into a site and modifying a popular link to point to suspicious unidentified site continue on and do as they please (attacking those who use the link)? After breaking into a house or bank why does a burglar steal anything before leaving? After forging a check why does a forger try to cash the check rather than just shredding it? I didn't think I would have to explain the motives of cyber bad guys. Mostly their motives are to steal things of value. Compromising a computer by malware download or malware via exploit potentially allows them access to things of value on a computer. So I take it you know why multiple rotating obfuscated URLs are on your download page? Domain names that appear to be randomly generated nonsense. I dug up some closely tied examples: www.bitsapplicationspresent.com www.bundlestoursclear.com www.contenttodaybest.com www.currentdownloadssafe.com www.deliveryapplicationdelivery.com www.downloadbinariesguard.com www.guardbundlesbest.com www.guardbundlevault.com www.guardconceptsshare.com www.nowcapitalmeta.com www.presentfuncontent.com www.quickworldcentral.com www.safecleanapplication.com www.signssharepackage.com www.softwarecentralclear.com www.stocksoftwarebyte.com www.tagbytevaults.com www.tourdlshare.com www.applicationflashbulk.com www.applicationstowercenter.com www.bundlesapplicationsoftware.com www.bundlesbitsfun.com www.bytetagcontent.com www.clearpresenthead.com www.currentfarmheart.com www.headbundlesclean.com www.heartflashcontent.com www.signsdlranch.com www.softwaretoursdownloads.com www.binariessigncapital.com www.binariesvaultcentral.com www.bulkmegaquick.com www.bundlesmegavault.com www.bundletowergift.com www.cleanchucklequick.com www.cleanflashnow.com www.conceptsbundlesstock.com www.conceptsheartshare.com www.conecptcentercontent.com www.downloadsquicksign.com www.farmsoftwaretour.com www.filesheartfiles.com www.gifttowershead.com www.grabmetacycle.com www.headcapitalbundles.com www.heartcleantours.com www.presentheadstock.com www.presenttowerspackage.com www.presentworldcentral.com www.repositoryappvaults.com www.repositorygiftbody.com www.sharedlgift.com www.sharefungift.com www.sharetodaytour.com www.stocktowercity.com www.toursbundlechuckle.com www.towerbulkhosting.com www.towermetafactory.com www.towersmegasafe.com www.vaultsheartgift.com www.worldclearuniverse.com www.applicationfactoryhost.com www.binariessignpresent.com www.bitstodaystock.com www.bodychuckleconcepts.com www.chucklebinariescontent.com www.contentdltoday.com www.currentnowfiles.com www.factorycapitalapp.com www.factorytowersmeta.com www.farmsafelaboratory.com www.filesbundleranch.com www.flashdownloadstock.com www.giftnewtoday.com www.heartcleanapps.com www.heartdownloadsworld.com www.hostingtowertown.com www.laboratoryhostingtower.com www.megaranchheart.com www.nowcapitalcurrent.com www.presentsignsapplications.com www.repositoryuniverseapplication.com www.tourdownloadbinaries.com www.tourssignconcepts.com www.universebitshead.com www.updatebundlesdelivery.com www.besttodaydownloads.com www.binariescontentquick.com www.bitsnowfarm.com www.bodycleanbody.com www.bulkappsclean.com www.bundlemetadownload.com www.bundlepackagegift.com www.bytequickbinaries.com www.byteuniverseapplication.com www.capitalvaultspackage.com www.cyclecapitaltowers.com www.farmvaultscity.com www.headcleargift.com www.hostingsigndownloads.com www.metatourvault.com www.newsafepackage.com www.nowbundlesstock.com www.quickchucklebest.com www.sendmegabinaries.com www.sharebitsbundle.com www.signsgrabbulk.com www.taggrabmeta.com www.todaynewcapital.com www.towerstocksign.com www.towervaultsbest.com www.townfactorymeta.com www.vaultsmetanow.com www.vaulttowerscenter.com www.applicationmegasafe.com www.appsfilescenter.com www.bestsoftwareapplication.com www.binariesapplicationsclear.com
  5. I see it is centralheadrepository.com now. Both of these sites are registered to Communigal Communication Ltd in Israel. Seeing as how this CD/DVD burning site is on a TLD from Sweden, and has nothing to do with "Central Head Repository" nor "Pre Set Tours Signs" (whatever those are). I assume something is seriously wrong. It also doesn't seem to be connected to the ad/junkware from installCore, since they already have their own (unrelated) domain. This seem to be for the sole purpose of (at the control of the attacker) replacing the normal installer download with any other download they want (or taking you to a site to attack your browser with exploits). The randomized domain names seem to be for the purpose of evading virus detection. I have now submitted them for detection, hopefully someone will clean up the this site's download link. Remember to check the digital signature on any software you download! (only trust that software as much as you trust the signer)
  6. One of your installers (4.5.7.6623_x64) was incorrectly detected as malware, I have submitted it to my antivirus vendor to have the detection corrected to a PUA (Potentially Unwanted Application). While I was at it, I have also submitted the other installers to be detected / not detected properly (per their individual nature). I would suggest that everyone else do the same for their antivirus (I didn't have time to contact the other ~5 "decent" AVs), that way you can disable detection for just installCore ad/junkware (if you wanted to for some reason) rather than disabling detection of (many) generic trojans. (this will need repeated for each version update) If you don't have any time to waste (cleaning your computer or talking to your AV vendor) I suggest you download the minimal version. Also, Is it true that the update feature (enabled by default?) in the minimal version downloads the NON-minimal version when updating?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.