Virus?

Anton
2014-01-12
2016-11-30
1 2 > >> (Page 1 of 2)
  • Anton

    Anton - 2014-01-12

    Sorry for my English.
    I've downloaded CamStudio from camstudio.org and it seems that it's a virus.
    Virustotal link: https://www.virustotal.com/ru/file/15611846820c3eb828a7e1ec837f4747b3190e18bc84c45edddf3ac8d8145be9/analysis/1389568052/
    Note that files on sourceforge.net seems OK (no virus).

     
    • Nick Smith

      Nick Smith - 2014-01-13

      Hi Anton

      No, it's not a virus. It is an installer that is advertising supported
      offering additional software to install (but only if you want to)

      The AV companies don't like them and so class them as a virus or malware,
      but I can assure you it is neither.

      Thanks

      Nick :)

      On Sun, Jan 12, 2014 at 11:10 PM, Anton superhacker@users.sf.net wrote:

      Sorry for my English.
      I've downloaded CamStudio from camstudio.org and it seems that it's a
      virus.
      Virustotal link:
      https://www.virustotal.com/ru/file/15611846820c3eb828a7e1ec837f4747b3190e18bc84c45edddf3ac8d8145be9/analysis/1389568052/
      Note that files on sourceforge.net seems OK (no virus).


      Virus?https://sourceforge.net/p/camstudio/discussion/447910/thread/3aa44d33/?limit=25#8dd7

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/camstudio/discussion/447910/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       
      • David Blaszyk

        David Blaszyk - 2014-01-21

        "but only if you want to"
        WTF?!
        In reality the installer installs adware without asking.
        Beside that, it misconfigures all of my browsers and installs browser plugins without any permission at all.
        Google Chrome is now stuck on something you call "Sweet Page".

        Did you know it's completely against the law to do so? At least, against the European law, I don't know/care about the American law.

         
        • Nick Smith

          Nick Smith - 2014-01-25

          David, the installer doesn't install anything without permission ...
          because it's against the law to do so ...

          You have to either opt-in/opt-out (depending on the software being
          promoted) ...

          I don't have specific control over the offers shown by the installer (as
          that's handled by a 3rd party company) but, if a promoted software app has
          installed something else that wasn't part of the original offer, then
          give me all the info and I'll investigate.

          On Tue, Jan 21, 2014 at 10:22 PM, David Blaszyk blaveloper@users.sf.netwrote:

          "but only if you want to"
          WTF?!
          In reality the installer installs adware without asking.
          Beside that, it misconfigures all of my browsers and installs browser
          plugins without any permission at all.
          Google Chrome is now stuck on something you call "Sweet Page".

          Did you know it's completely against the law to do so? At least, against
          the European law, I don't know/care about the American law.


          Virus?https://sourceforge.net/p/camstudio/discussion/447910/thread/3aa44d33/?limit=25#8dd7/21c3/d647

          Sent from sourceforge.net because you indicated interest in
          https://sourceforge.net/p/camstudio/discussion/447910/

          To unsubscribe from further messages, please visit
          https://sourceforge.net/auth/subscriptions/

           
      • Alexander1234

        Alexander1234 - 2015-01-27

        Stop being a dick Dick Smith. You are 100% aware of what is happening. It is still infected and spreading with 30000 weekly downloads. You still haven't taken it down...you sorry piece of....

        Everybody, he is earning buckloads of money on this. Report him to the authorities (since sourceforge is doing jack nothing) and stay away from Sourceforge - marketplace of evil.

         
      • VBT

        VBT - 2015-02-16

        The software may not be a virus itself but it does contain a Trojan and malware installs that are not turned off by deselecting them during the install process. This is the case as of Feb. 15/2015, so don't bother citing the supposed hack of your site as the cause. You said that was corrected and clearly it isn't if that was ever the issue.

         
    • JanHgm

      JanHgm - 2015-02-14

      For all who have the idea that the latest versions delivers more than expected;-)

      There is also an older pre-ad's version available on sourceforge.
      Disadvantage is that one could occur some small bugs that are solved in the newer but ad supported version:

      http://sourceforge.net/projects/camstudio/files/stable/CamStudio_Setup_v2.6b_r294_%28build_24Oct2010%29.exe/download

       
    • JanHgm

      JanHgm - 2015-03-13

      If in doubt about 3.16 one can always download the previous version 2.94.
      There were no adwares on this one.

      http://sourceforge.net/projects/camstudio/files/stable/CamStudio_Setup_v2.6b_r294_%28build_24Oct2010%29.exe/download

       
  • Anton

    Anton - 2014-01-13

    Seems that somebody hacked camstudio.org and uploaded a virus instead of normal setup.

     
  • fnukyguy d

    fnukyguy d - 2014-01-13

    I just downloaded and ran the .exe file, and was puzzled as to why it seemed like nothing whas happening on my screen.

    then I went into the windows temp folder and found those WebBrowserPassView.exe files and empty .txt files created the exact same time the camstudio .exe file was run

    I dont know if it sucessfully sent anything over the net on my computer, but
    just to be sure I changed all the passwords that my browsers had saved.

     
  • Ilya S

    Ilya S - 2014-02-12

    Hi guys. Please tell if is it safe to download and install Camstudio from AmazonS3 link https://s3.amazonaws.com/csg7f89g7f9/CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
    >sigcheck "CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"
    Verified: Signed
    Signing date: 14:18 29.01.2014
    Publisher: WorldSetup
    MD5:0062580edda7e80516482ea00539c9f9
    SHA1:250db9e37c980365ff38ebbca5715b356b672c76
    It downloads a trojan into icreinstall_camstudio_setup_v2.7.2_r326_(build_19oct2013).exe file of the same hash (so it downloads itself again) right after start even before Next is pressed in installer window
    https://www.virustotal.com/ru/file/2166cf784596f9e620c65dedd3ee20a4f9058a9beb1a8e882843bbbecc0ab44a/analysis/
    This is scaring, because you've said on 2014-01-13 that the installer is clean. Why the file was signed later on 2014-01-29?
    Do you own or have control upon WorldSetup certificate (Thumbprint:dd 36 a7 d7 66 eb ed 9c 98 0d c5 c0 b9 1a 80 1b 97 1f 95 e0) which is used to sign the installer with?

     
    • Nick Smith

      Nick Smith - 2014-02-12

      Yes it is safe - it is mistakenly flagged by some AVs as malware - it isn't.

      Cheers

      Nick :o)

      On Wed, Feb 12, 2014 at 10:04 AM, Ilya S astrocourier@users.sf.net wrote:

      Hi guys. Please tell if is it safe to download and install Camstudio from
      AmazonS3 link
      https://s3.amazonaws.com/csg7f89g7f9/CamStudio_Setup_v2.7.2_r326_
      (build_19Oct2013).exe

      sigcheck "CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"
      Verified: Signed
      Signing date: 14:18 29.01.2014
      Publisher: WorldSetup
      MD5:0062580edda7e80516482ea00539c9f9
      SHA1:250db9e37c980365ff38ebbca5715b356b672c76
      It downloads a trojan into
      icreinstall_camstudio_setup_v2.7.2_r326_(build_19oct2013).exe file of the
      same hash (so it downloads itself again) right after start even before Next
      is pressed in installer window

      https://www.virustotal.com/ru/file/2166cf784596f9e620c65dedd3ee20a4f9058a9beb1a8e882843bbbecc0ab44a/analysis/
      This is scaring, because you've said on 2014-01-13 that the installer is
      clean. Why the file was signed later on 2014-01-29?
      Do you own or have control upon WorldSetup certificate (Thumbprint:dd 36
      a7 d7 66 eb ed 9c 98 0d c5 c0 b9 1a 80 1b 97 1f 95 e0) which is used to
      sign the installer with?


      Virus?https://sourceforge.net/p/camstudio/discussion/447910/thread/3aa44d33/?limit=25#2357

      Sent from sourceforge.net because you indicated interest in
      https://sourceforge.net/p/camstudio/discussion/447910/

      To unsubscribe from further messages, please visit
      https://sourceforge.net/auth/subscriptions/

       
      • Ilya S

        Ilya S - 2014-02-13

        OK, thank you, Nick. I've reported false alarm to my AV vendor.
        Could you please elaborate why the installer was re-signed on 2014-01-29 after its re-release on 2014-01-13?
        I'm not sure, but it might be a sign of re-infection and re-signing of the file, if you for whatever reason didn't re-signed the file yourself. This tactics is used when private key of your signing certificate is stolen.

         
      • Alexander1234

        Alexander1234 - 2015-01-27

        No Dick Smith, it is not.

         
  • Howard Lee Harkness

    Apparently CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe is not anywhere on the official camstudio.org site, but I found it at http://downloads.ddigest.com/software/download.php?sid=183&ssid=0&did=3

    I think that is the same file that I found here, but I have not run a diff.

    Beware when installing, and READ EVERY SCREEN CAREFULLY. The crapware installations are very sneaky, especially the first and last one. There is no obvious indication that the first one is not actually for CamStudio. Then, when you get to the next-to-last screen, you are given the definite impression that you are actually finished, but there is one more... It is made to look like it's just a confirmation, but it's actually one more crapware installation.

    There is a special place in Hell for people who do this sort of deception. I think the providers of CamStudio (or maybe it's SF?) are not doing themselves any real favor by pissing people off this way. It would be fine to have explicit and obvious affiliate offers -- and CamStudio is a good enough program that I would probably have gladly examined and maybe even purchased other products that they had for sale.

    But now that they have thoroughly pissed me off, that's not likely to happen. This experience has left a bitter taste in my mouth.

    BTW, the Chrome browser refuses to download the 2.7.2 file (probably with good reason). I had to use the Microsoft virus magnet (IE) to get it.

     
  • Nerd Fangs

    Nerd Fangs - 2014-12-25

    Chrome refused to download the file off your website (camstudio.org) so I stupidly opened the link in IE instead.

    What a mistake!

    Every time I open a new window in any of my browsers, I get at least three adverts pop up on my screen. I also get a new window opening that claims to be a "free survey" from whatever site I was just visiting.

    My virus checker also pops up with a warning every few minutes. I refuse to believe that it is a false alarm when my browsers are behaving in this way.

    Nick, can you please explain how to remove this malware from my computer?

     
  • michelle

    michelle - 2015-01-01

    Guys
    I need help urgently. I download CamStudio from http://camstudio.org/ ten minutes ago and immediately removed it as adware popped up all over my browser.
    I've done everything I can to remove it but there is still a lot of malicious adware on my machine.
    I've message alert popups in bottom left & right of screen for crap adds, and also my Google search results have been manipulated with false results.

    Can anyone urgently advise on getting my machine clean?
    Thanks,
    Michelle:(

     
1 2 > >> (Page 1 of 2)

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks