"but only if you want to"
WTF?!
In reality the installer installs adware without asking.
Beside that, it misconfigures all of my browsers and installs browser plugins without any permission at all.
Google Chrome is now stuck on something you call "Sweet Page".
Did you know it's completely against the law to do so? At least, against the European law, I don't know/care about the American law.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
David, the installer doesn't install anything without permission ... because it's against the law to do so ...
You have to either opt-in/opt-out (depending on the software being
promoted) ...
I don't have specific control over the offers shown by the installer (as
that's handled by a 3rd party company) but, if a promoted software app has
installed something else that wasn't part of the original offer, then
give me all the info and I'll investigate.
"but only if you want to"
WTF?!
In reality the installer installs adware without asking.
Beside that, it misconfigures all of my browsers and installs browser
plugins without any permission at all.
Google Chrome is now stuck on something you call "Sweet Page".
Did you know it's completely against the law to do so? At least, against
the European law, I don't know/care about the American law.
Stop being a dick Dick Smith. You are 100% aware of what is happening. It is still infected and spreading with 30000 weekly downloads. You still haven't taken it down...you sorry piece of....
Everybody, he is earning buckloads of money on this. Report him to the authorities (since sourceforge is doing jack nothing) and stay away from Sourceforge - marketplace of evil.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The software may not be a virus itself but it does contain a Trojan and malware installs that are not turned off by deselecting them during the install process. This is the case as of Feb. 15/2015, so don't bother citing the supposed hack of your site as the cause. You said that was corrected and clearly it isn't if that was ever the issue.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For all who have the idea that the latest versions delivers more than expected;-)
There is also an older pre-ad's version available on sourceforge.
Disadvantage is that one could occur some small bugs that are solved in the newer but ad supported version:
I ran the file and saw it myself, it unpacked 4 instances of WebBrowserPassView.exe files to the tmp folder and made .txt files that it tried to send over the net
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the link, I'm investigating this now and will post and update
here to this thread.
Can you give me any more information? How was the software triggered?
Was it the install of an optional software that had been offered?
Please email me directly at support@camstudio.org with any additional
info/log files etc you have so I can pass them over to the advertising
company. Obviously this is one that slipped under the radar ...
Thanks and I apologize for the incident - I can assure you it is NOT of my
doing ...
I ran the file and saw it myself, it unpacked 4 instances of
WebBrowserPassView.exe files to the tmp folder and made .txt files that it
tried to send over the net
Stop being a dick Dick Smith. You are 100% aware of what is happening. It is still infected and spreading with 30000 weekly downloads. You still haven't taken it down...you sorry piece of....
Everybody, he is earning buckloads of money on this. Report him to the authorities (since sourceforge is doing jack nothing) and stay away from Sourceforge - marketplace of evil.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just downloaded and ran the .exe file, and was puzzled as to why it seemed like nothing whas happening on my screen.
then I went into the windows temp folder and found those WebBrowserPassView.exe files and empty .txt files created the exact same time the camstudio .exe file was run
I dont know if it sucessfully sent anything over the net on my computer, but
just to be sure I changed all the passwords that my browsers had saved.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi guys. Please tell if is it safe to download and install Camstudio from AmazonS3 link https://s3.amazonaws.com/csg7f89g7f9/CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
>sigcheck "CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"
Verified: Signed
Signing date: 14:18 29.01.2014
Publisher: WorldSetup
MD5:0062580edda7e80516482ea00539c9f9
SHA1:250db9e37c980365ff38ebbca5715b356b672c76
It downloads a trojan into icreinstall_camstudio_setup_v2.7.2_r326_(build_19oct2013).exe file of the same hash (so it downloads itself again) right after start even before Next is pressed in installer window https://www.virustotal.com/ru/file/2166cf784596f9e620c65dedd3ee20a4f9058a9beb1a8e882843bbbecc0ab44a/analysis/
This is scaring, because you've said on 2014-01-13 that the installer is clean. Why the file was signed later on 2014-01-29?
Do you own or have control upon WorldSetup certificate (Thumbprint:dd 36 a7 d7 66 eb ed 9c 98 0d c5 c0 b9 1a 80 1b 97 1f 95 e0) which is used to sign the installer with?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
sigcheck "CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"
Verified: Signed
Signing date: 14:18 29.01.2014
Publisher: WorldSetup
MD5:0062580edda7e80516482ea00539c9f9
SHA1:250db9e37c980365ff38ebbca5715b356b672c76
It downloads a trojan into
icreinstall_camstudio_setup_v2.7.2_r326_(build_19oct2013).exe file of the
same hash (so it downloads itself again) right after start even before Next
is pressed in installer window
OK, thank you, Nick. I've reported false alarm to my AV vendor.
Could you please elaborate why the installer was re-signed on 2014-01-29 after its re-release on 2014-01-13?
I'm not sure, but it might be a sign of re-infection and re-signing of the file, if you for whatever reason didn't re-signed the file yourself. This tactics is used when private key of your signing certificate is stolen.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sorry but this is still source of Malware and other kind of viruses.
First of all pleas throw out "Official Site" or throw out additional software(malware) because this website(sourceforge) is website with open source software. And Why this software Camstudio has 3 sites
2 suspect: http://camstudio.org/ https://sourceforge.net/projects/camstudio27/?source=directory
I think that is the same file that I found here, but I have not run a diff.
Beware when installing, and READ EVERY SCREEN CAREFULLY. The crapware installations are very sneaky, especially the first and last one. There is no obvious indication that the first one is not actually for CamStudio. Then, when you get to the next-to-last screen, you are given the definite impression that you are actually finished, but there is one more... It is made to look like it's just a confirmation, but it's actually one more crapware installation.
There is a special place in Hell for people who do this sort of deception. I think the providers of CamStudio (or maybe it's SF?) are not doing themselves any real favor by pissing people off this way. It would be fine to have explicit and obvious affiliate offers -- and CamStudio is a good enough program that I would probably have gladly examined and maybe even purchased other products that they had for sale.
But now that they have thoroughly pissed me off, that's not likely to happen. This experience has left a bitter taste in my mouth.
BTW, the Chrome browser refuses to download the 2.7.2 file (probably with good reason). I had to use the Microsoft virus magnet (IE) to get it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Chrome refused to download the file off your website (camstudio.org) so I stupidly opened the link in IE instead.
What a mistake!
Every time I open a new window in any of my browsers, I get at least three adverts pop up on my screen. I also get a new window opening that claims to be a "free survey" from whatever site I was just visiting.
My virus checker also pops up with a warning every few minutes. I refuse to believe that it is a false alarm when my browsers are behaving in this way.
Nick, can you please explain how to remove this malware from my computer?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Guys
I need help urgently. I download CamStudio from http://camstudio.org/ ten minutes ago and immediately removed it as adware popped up all over my browser.
I've done everything I can to remove it but there is still a lot of malicious adware on my machine.
I've message alert popups in bottom left & right of screen for crap adds, and also my Google search results have been manipulated with false results.
Can anyone urgently advise on getting my machine clean?
Thanks,
Michelle:(
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This software is still infected, as I just downloaded it, and it installed several adwares and a trojan on my computer. I wish I had read this forum first.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Apparently it has been filled with trojans and 1 virus and adware. My 3 antiviruses all bonged out, Malware Bytes, AVG and Windows essentials. Even though you uncheck OR press decline to the offer, you will get infected. I've had to reformat my PC after Malwarebytes told me no anti-virus is able to get exactly this trojan out of the system since it evolves every time it is tried to be removed.
Stay away from this program! It hijacks your bank accounts and passwords aswell.
The author, who is the responsible, have been reported to the authorities.
And besides, sourceforge has not even removed it yet even though there have been so many reports. Stay away from Sourceforge and download only from official sites for the programs you need. Sourceforge is not how it used to be, this is not first time Sourceforge acts as a "Silk Road 3.0" or worse, a marketplace easy for hackers and evil minded people to infest your computer.
No governments or any serious company uses sourceorge anymore. Get away from it.
The program and the author has been reported to the authorities.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I downloaded camstudio yesterday and immediately my antivirus quarantined something. Then I had trojans installed, a couple programs I didn't agree to like Binkiland and Strong Signal. These started overtaking my computer, logging my activities on browsers, reset the home page on my browsers and projecting adware. They likely also tried to steal passwords!!! Using uninstall for these programs did not work. I had to manually go through registries and files to remove all the components they installed and I hope I got them all!!! I have uninstalled camstudio as a result. I don't appreciate having viruses installed on my computer. I hope you will fix that so more people aren't infected, but based on the dialogue in forums for this software, you have been aware of the many viruses for at least a couple years and you claim there are none, yet more people are infected every download. DO NOT DOWNLOAD- HAS VIRUSES. Beyond that, I couldn't even get camstudio to work.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just downloaded this today and it's still laden with Trojans and malware/adware. So what's the story? Is your site still under attack? I have reported you as well both here and to the authorities.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since there seems to be no answers from either the author or owner/manager Nick Smith since early 2014 I can only assue that this project is dead. Really it should be removed from Sourceforge.
Now this is quite a dilemma. I had this on my Windows 8.1 machine some time ago and remember the virus "scare" (was it just a scare?) back then, and having been convinced that it was just wrapper pushes that needed to be avoided, and that the file on sourceforge had not been compromised, where others had been. After installing, I never had any visible problems, but only ran it a few times. I certainly did not have it take over browsers.
Now I recently had to reinstall Windows 8.1, and ready to reinstall camstudio-- but here reading so many people (AGAIN) saying things about filled with adware/trojans. Were you people saying this using the file downloaded from here on sourceforge, or did you get the one from camstudio.org?
If it is just additional OPTIONAL stuff offered during install, I can deal with that. If it installs stuff surreptitiously, then it ought to be removed from sourceforge.
Sure would be nice if someone used Camstudio and made a youtube video of the installation, showing the places to avoid the extras--or are those different every time?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Virustotal results on file in my downloads folder that I got 8-12-14...
SHA256: 89fa3371206f7d21ffdf0caaf7107532b24838db3ea2d62c287a6f8dab21cba5
File name: CamStudio_2.7_r316_setup.exe
Detection ratio: 0 / 56
Analysis date: 2015-03-04 00:50:56 UTC
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I installed CamStudio today. I downloaded the installer file from camstudio.org. It was just named camstudio.exe. I'm using Windows 10. When I ran the installer, the first screen just said it was going to install CamStudio. The only button to click was Next. I'm usually reasonably careful about not just clicking through installers as quickly as possible, but today I was guilty of not reading the second screen. It was a licence agreement that I just agreed to, but on reflection, I cannot say if it was a licence agreement for CamStudio or for a third-party piece of software. As soon as the next screen appeared, my Avast Free antivirus binged at me that it had intercepted something malicious. It was at that point that I thought maybe I should have read the previous screen properly, but there was no option to go back. This screen was another licence agreement, that stated pretty clearly what it was for - some browser toolbar or something. I clicked Decline. Then the next screen was another licence agreement for Chromium browser, or something like that, which I also declined. And that was the end of the installation. At this point, feeling suspicious, I decided to just uninstall CamStudio again. My computer doesn't seem to have suffered any ill effects, and there was nothing else listed in the 'Programs and Features' window for today. I have my fingers crossed that my antivirus software did its job and that nothing nefarious slipped through the net. I'm running a full system virus scan now just to be sure.
I would certainly not recommend CamStudio to anyone after today.
I found a video on YouTube where a guy steps through the install process. The steps that he is presented with are not the same as I saw, but the "look and feel" is similar enough. Not the standard steps that you see with the likes of Nullsoft Scriptable Install System. https://www.youtube.com/watch?v=mNiPTIEBcTQ
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This garbage software is packed full of viruses. The people earlier in this thread saying it is not are liars. I have a work laptop that's rendered useless by this and I've been unable to get rid of the viruses using Symantec and Malware Bytes. My company even recommended people use this software so they don't have to pay for Camtasia, although they didn't seem to know about the little virus issue! Sourceforge needs to remove this junk now! Why is this still here after being reported for months??
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
CamStudio does indeed contain adware. I have been using camstudio a lot years and even donated. Now I needed to record a small video to show a bug in some software but now I will be busy cleaning my system. Thanks for this.
Indeed there is software offered but you can decline it. But when the install is finished your home and search page will be altered, my AV is alerting me of a couple of files. This software should be flagged. And I will be thinking twice before I donate to a lone developer.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The executables on camstudio.org are still infected by this date. Malwarebytes AntiMalware has found more that 100 different PUPs (potentially unwanted software). I strongly recommend the author and owner of the website to close downloads right away to prevent more people being infected.
I've already reported this to Microsoft, hopefully they will add virus signatures to their Security Essentials.
Last edit: Konstantin Komelin 2015-10-02
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
camstudio.org is installing an ad virus an all your browser links (Chrome, ...) on desktop task bar, menus, .... (manifest = replace all your pages in the browser and other features :-( ...)
the links are invisible but you can find them like that - at each link there are 80 blank spaces that you should deleted so only the "c:....chrome.exe" should remain - no blanks at the end
uninstall the most recent 5 software in Control Panel / add remove programs (sort by date and uninstall anything that is more recend than CamStudio)
Until now was the simple part
Now is after restart trick that may put them back from the Windows registry where you should find them and delete them. Find also your startup tasks in Windows for suprises
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For those hesitate to install an adware/trojan version, try portableapps version, which packaged by original sources and passed all but one virus scanning from VirusTotal (score: 1/56).
I had to do a windows reinstalltion after installing CamStudio. There is a great differnce between offering a piece of software and infecting someone's computer with unremovable crap, you fucking bastard!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
lol y'all need to chill, I've been using camstudio for years and have never run into such problems with viruses or any other "catastrophic" incidents. Nick Smith was obviously right in one thing he said, which was the false positive results in most of your antivirus software. I know for a fact that most of these antivirus scans are biased, and sometimes say that the file is infected when it is not. Also note that I'm mostly reffering to viruses such as trojans or malware, but adware is another story, and I'm afraid that the antivirus software may be correct this time if it points out that the file is infected with adware.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry for my English.
I've downloaded CamStudio from camstudio.org and it seems that it's a virus.
Virustotal link: https://www.virustotal.com/ru/file/15611846820c3eb828a7e1ec837f4747b3190e18bc84c45edddf3ac8d8145be9/analysis/1389568052/
Note that files on sourceforge.net seems OK (no virus).
Hi Anton
No, it's not a virus. It is an installer that is advertising supported
offering additional software to install (but only if you want to)
The AV companies don't like them and so class them as a virus or malware,
but I can assure you it is neither.
Thanks
Nick :)
On Sun, Jan 12, 2014 at 11:10 PM, Anton superhacker@users.sf.net wrote:
"but only if you want to"
WTF?!
In reality the installer installs adware without asking.
Beside that, it misconfigures all of my browsers and installs browser plugins without any permission at all.
Google Chrome is now stuck on something you call "Sweet Page".
Did you know it's completely against the law to do so? At least, against the European law, I don't know/care about the American law.
David, the installer doesn't install anything without permission ...
because it's against the law to do so ...
You have to either opt-in/opt-out (depending on the software being
promoted) ...
I don't have specific control over the offers shown by the installer (as
that's handled by a 3rd party company) but, if a promoted software app has
installed something else that wasn't part of the original offer, then
give me all the info and I'll investigate.
On Tue, Jan 21, 2014 at 10:22 PM, David Blaszyk blaveloper@users.sf.netwrote:
Stop being a dick Dick Smith. You are 100% aware of what is happening. It is still infected and spreading with 30000 weekly downloads. You still haven't taken it down...you sorry piece of....
Everybody, he is earning buckloads of money on this. Report him to the authorities (since sourceforge is doing jack nothing) and stay away from Sourceforge - marketplace of evil.
The software may not be a virus itself but it does contain a Trojan and malware installs that are not turned off by deselecting them during the install process. This is the case as of Feb. 15/2015, so don't bother citing the supposed hack of your site as the cause. You said that was corrected and clearly it isn't if that was ever the issue.
For all who have the idea that the latest versions delivers more than expected;-)
There is also an older pre-ad's version available on sourceforge.
Disadvantage is that one could occur some small bugs that are solved in the newer but ad supported version:
http://sourceforge.net/projects/camstudio/files/stable/CamStudio_Setup_v2.6b_r294_%28build_24Oct2010%29.exe/download
If in doubt about 3.16 one can always download the previous version 2.94.
There were no adwares on this one.
http://sourceforge.net/projects/camstudio/files/stable/CamStudio_Setup_v2.6b_r294_%28build_24Oct2010%29.exe/download
There was definitely a trojan on the camstudio.org yesterday named CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
The trojan tried to steal website login/passwords from all browsers using webbrowserpassview and send it over the net
just check here =
https://www.virustotal.com/en/file/15611846820c3eb828a7e1ec837f4747b3190e18bc84c45edddf3ac8d8145be9/analysis/
I ran the file and saw it myself, it unpacked 4 instances of WebBrowserPassView.exe files to the tmp folder and made .txt files that it tried to send over the net
Thanks for the link, I'm investigating this now and will post and update
here to this thread.
Can you give me any more information? How was the software triggered?
Was it the install of an optional software that had been offered?
Please email me directly at support@camstudio.org with any additional
info/log files etc you have so I can pass them over to the advertising
company. Obviously this is one that slipped under the radar ...
Thanks and I apologize for the incident - I can assure you it is NOT of my
doing ...
Nick
On Mon, Jan 13, 2014 at 4:10 PM, fnukyguy d flukyguy@users.sf.net wrote:
need more proof? look at that virustotal link.
DrWeb describes the virus as Trojan.PWS.Stealer.1856
look at http://www.drwebhk.com/en/virus_techinfo/Trojan.PWS.Stealer.1856.html to see what this virus does
Last edit: fnukyguy d 2014-01-13
Why it is changed and so small? It is only 133 KiB now. (Was 561 KiB yesterday, note that 2.7 r316 setup from sourceforge is 3.0 MiB in size)
https://www.virustotal.com/en/file/65239623250f8028772312126369539d279e2bc28eeaad2756a21ae7f0d0927c/analysis/1389630493/
Detection ratio: 30 / 46
seem like someone replaced it with another virus today, also a password stealer
http://www.drwebhk.com/en/virus_techinfo/Trojan.PWS.Stealer.1932.html
Hi Guys
Indeed CamStudio was hacked via an exploit on my forum software.
The exploit has been patched, passwords changed and the correct software
uploaded and linked.
Apologies for this - steps are being taken to lock the site down even more
than before and I really appreciate the comms about this issue.
Cheers
Nick
On Mon, Jan 13, 2014 at 4:58 PM, fnukyguy d flukyguy@users.sf.net wrote:
Stop being a dick Dick Smith. You are 100% aware of what is happening. It is still infected and spreading with 30000 weekly downloads. You still haven't taken it down...you sorry piece of....
Everybody, he is earning buckloads of money on this. Report him to the authorities (since sourceforge is doing jack nothing) and stay away from Sourceforge - marketplace of evil.
Seems that somebody hacked camstudio.org and uploaded a virus instead of normal setup.
I just downloaded and ran the .exe file, and was puzzled as to why it seemed like nothing whas happening on my screen.
then I went into the windows temp folder and found those WebBrowserPassView.exe files and empty .txt files created the exact same time the camstudio .exe file was run
I dont know if it sucessfully sent anything over the net on my computer, but
just to be sure I changed all the passwords that my browsers had saved.
Hi guys. Please tell if is it safe to download and install Camstudio from AmazonS3 link https://s3.amazonaws.com/csg7f89g7f9/CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
>sigcheck "CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe"
Verified: Signed
Signing date: 14:18 29.01.2014
Publisher: WorldSetup
MD5:0062580edda7e80516482ea00539c9f9
SHA1:250db9e37c980365ff38ebbca5715b356b672c76
It downloads a trojan into icreinstall_camstudio_setup_v2.7.2_r326_(build_19oct2013).exe file of the same hash (so it downloads itself again) right after start even before Next is pressed in installer window
https://www.virustotal.com/ru/file/2166cf784596f9e620c65dedd3ee20a4f9058a9beb1a8e882843bbbecc0ab44a/analysis/
This is scaring, because you've said on 2014-01-13 that the installer is clean. Why the file was signed later on 2014-01-29?
Do you own or have control upon WorldSetup certificate (Thumbprint:dd 36 a7 d7 66 eb ed 9c 98 0d c5 c0 b9 1a 80 1b 97 1f 95 e0) which is used to sign the installer with?
Yes it is safe - it is mistakenly flagged by some AVs as malware - it isn't.
Cheers
Nick :o)
On Wed, Feb 12, 2014 at 10:04 AM, Ilya S astrocourier@users.sf.net wrote:
OK, thank you, Nick. I've reported false alarm to my AV vendor.
Could you please elaborate why the installer was re-signed on 2014-01-29 after its re-release on 2014-01-13?
I'm not sure, but it might be a sign of re-infection and re-signing of the file, if you for whatever reason didn't re-signed the file yourself. This tactics is used when private key of your signing certificate is stolen.
No Dick Smith, it is not.
I'm sorry but this is still source of Malware and other kind of viruses.
First of all pleas throw out "Official Site" or throw out additional software(malware) because this website(sourceforge) is website with open source software. And Why this software Camstudio has 3 sites
2 suspect:
http://camstudio.org/
https://sourceforge.net/projects/camstudio27/?source=directory
and this site(Ok)
https://sourceforge.net/projects/camstudio/
Apparently CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe is not anywhere on the official camstudio.org site, but I found it at http://downloads.ddigest.com/software/download.php?sid=183&ssid=0&did=3
I think that is the same file that I found here, but I have not run a diff.
Beware when installing, and READ EVERY SCREEN CAREFULLY. The crapware installations are very sneaky, especially the first and last one. There is no obvious indication that the first one is not actually for CamStudio. Then, when you get to the next-to-last screen, you are given the definite impression that you are actually finished, but there is one more... It is made to look like it's just a confirmation, but it's actually one more crapware installation.
There is a special place in Hell for people who do this sort of deception. I think the providers of CamStudio (or maybe it's SF?) are not doing themselves any real favor by pissing people off this way. It would be fine to have explicit and obvious affiliate offers -- and CamStudio is a good enough program that I would probably have gladly examined and maybe even purchased other products that they had for sale.
But now that they have thoroughly pissed me off, that's not likely to happen. This experience has left a bitter taste in my mouth.
BTW, the Chrome browser refuses to download the 2.7.2 file (probably with good reason). I had to use the Microsoft virus magnet (IE) to get it.
Chrome refused to download the file off your website (camstudio.org) so I stupidly opened the link in IE instead.
What a mistake!
Every time I open a new window in any of my browsers, I get at least three adverts pop up on my screen. I also get a new window opening that claims to be a "free survey" from whatever site I was just visiting.
My virus checker also pops up with a warning every few minutes. I refuse to believe that it is a false alarm when my browsers are behaving in this way.
Nick, can you please explain how to remove this malware from my computer?
Guys
I need help urgently. I download CamStudio from http://camstudio.org/ ten minutes ago and immediately removed it as adware popped up all over my browser.
I've done everything I can to remove it but there is still a lot of malicious adware on my machine.
I've message alert popups in bottom left & right of screen for crap adds, and also my Google search results have been manipulated with false results.
Can anyone urgently advise on getting my machine clean?
Thanks,
Michelle:(
This software is still infected, as I just downloaded it, and it installed several adwares and a trojan on my computer. I wish I had read this forum first.
This is filled with virus.
Apparently it has been filled with trojans and 1 virus and adware. My 3 antiviruses all bonged out, Malware Bytes, AVG and Windows essentials. Even though you uncheck OR press decline to the offer, you will get infected. I've had to reformat my PC after Malwarebytes told me no anti-virus is able to get exactly this trojan out of the system since it evolves every time it is tried to be removed.
Stay away from this program! It hijacks your bank accounts and passwords aswell.
The author, who is the responsible, have been reported to the authorities.
And besides, sourceforge has not even removed it yet even though there have been so many reports. Stay away from Sourceforge and download only from official sites for the programs you need. Sourceforge is not how it used to be, this is not first time Sourceforge acts as a "Silk Road 3.0" or worse, a marketplace easy for hackers and evil minded people to infest your computer.
No governments or any serious company uses sourceorge anymore. Get away from it.
The program and the author has been reported to the authorities.
I downloaded camstudio yesterday and immediately my antivirus quarantined something. Then I had trojans installed, a couple programs I didn't agree to like Binkiland and Strong Signal. These started overtaking my computer, logging my activities on browsers, reset the home page on my browsers and projecting adware. They likely also tried to steal passwords!!! Using uninstall for these programs did not work. I had to manually go through registries and files to remove all the components they installed and I hope I got them all!!! I have uninstalled camstudio as a result. I don't appreciate having viruses installed on my computer. I hope you will fix that so more people aren't infected, but based on the dialogue in forums for this software, you have been aware of the many viruses for at least a couple years and you claim there are none, yet more people are infected every download. DO NOT DOWNLOAD- HAS VIRUSES. Beyond that, I couldn't even get camstudio to work.
I just downloaded this today and it's still laden with Trojans and malware/adware. So what's the story? Is your site still under attack? I have reported you as well both here and to the authorities.
Since there seems to be no answers from either the author or owner/manager Nick Smith since early 2014 I can only assue that this project is dead. Really it should be removed from Sourceforge.
Last edit: VBT 2015-02-17
Now this is quite a dilemma. I had this on my Windows 8.1 machine some time ago and remember the virus "scare" (was it just a scare?) back then, and having been convinced that it was just wrapper pushes that needed to be avoided, and that the file on sourceforge had not been compromised, where others had been. After installing, I never had any visible problems, but only ran it a few times. I certainly did not have it take over browsers.
Now I recently had to reinstall Windows 8.1, and ready to reinstall camstudio-- but here reading so many people (AGAIN) saying things about filled with adware/trojans. Were you people saying this using the file downloaded from here on sourceforge, or did you get the one from camstudio.org?
If it is just additional OPTIONAL stuff offered during install, I can deal with that. If it installs stuff surreptitiously, then it ought to be removed from sourceforge.
Sure would be nice if someone used Camstudio and made a youtube video of the installation, showing the places to avoid the extras--or are those different every time?
Virustotal results on file in my downloads folder that I got 8-12-14...
SHA256: 89fa3371206f7d21ffdf0caaf7107532b24838db3ea2d62c287a6f8dab21cba5
File name: CamStudio_2.7_r316_setup.exe
Detection ratio: 0 / 56
Analysis date: 2015-03-04 00:50:56 UTC
I installed CamStudio today. I downloaded the installer file from camstudio.org. It was just named camstudio.exe. I'm using Windows 10. When I ran the installer, the first screen just said it was going to install CamStudio. The only button to click was Next. I'm usually reasonably careful about not just clicking through installers as quickly as possible, but today I was guilty of not reading the second screen. It was a licence agreement that I just agreed to, but on reflection, I cannot say if it was a licence agreement for CamStudio or for a third-party piece of software. As soon as the next screen appeared, my Avast Free antivirus binged at me that it had intercepted something malicious. It was at that point that I thought maybe I should have read the previous screen properly, but there was no option to go back. This screen was another licence agreement, that stated pretty clearly what it was for - some browser toolbar or something. I clicked Decline. Then the next screen was another licence agreement for Chromium browser, or something like that, which I also declined. And that was the end of the installation. At this point, feeling suspicious, I decided to just uninstall CamStudio again. My computer doesn't seem to have suffered any ill effects, and there was nothing else listed in the 'Programs and Features' window for today. I have my fingers crossed that my antivirus software did its job and that nothing nefarious slipped through the net. I'm running a full system virus scan now just to be sure.
I would certainly not recommend CamStudio to anyone after today.
I found a video on YouTube where a guy steps through the install process. The steps that he is presented with are not the same as I saw, but the "look and feel" is similar enough. Not the standard steps that you see with the likes of Nullsoft Scriptable Install System.
https://www.youtube.com/watch?v=mNiPTIEBcTQ
This garbage software is packed full of viruses. The people earlier in this thread saying it is not are liars. I have a work laptop that's rendered useless by this and I've been unable to get rid of the viruses using Symantec and Malware Bytes. My company even recommended people use this software so they don't have to pay for Camtasia, although they didn't seem to know about the little virus issue! Sourceforge needs to remove this junk now! Why is this still here after being reported for months??
CamStudio does indeed contain adware. I have been using camstudio a lot years and even donated. Now I needed to record a small video to show a bug in some software but now I will be busy cleaning my system. Thanks for this.
Indeed there is software offered but you can decline it. But when the install is finished your home and search page will be altered, my AV is alerting me of a couple of files. This software should be flagged. And I will be thinking twice before I donate to a lone developer.
The executables on camstudio.org are still infected by this date. Malwarebytes AntiMalware has found more that 100 different PUPs (potentially unwanted software). I strongly recommend the author and owner of the website to close downloads right away to prevent more people being infected.
I've already reported this to Microsoft, hopefully they will add virus signatures to their Security Essentials.
Last edit: Konstantin Komelin 2015-10-02
camstudio.org is installing an ad virus an all your browser links (Chrome, ...) on desktop task bar, menus, .... (manifest = replace all your pages in the browser and other features :-( ...)
the links are invisible but you can find them like that - at each link there are 80 blank spaces that you should deleted so only the "c:....chrome.exe" should remain - no blanks at the end
uninstall the most recent 5 software in Control Panel / add remove programs (sort by date and uninstall anything that is more recend than CamStudio)
Until now was the simple part
Now is after restart trick that may put them back from the Windows registry where you should find them and delete them. Find also your startup tasks in Windows for suprises
Yeah it's a shame I wanted to try this but now I just can't trust it.
Welp, I don't trust this anymore
Try Active presenter. It works for me.
http://atomisystems.com/activepresenter/
For those hesitate to install an adware/trojan version, try portableapps version, which packaged by original sources and passed all but one virus scanning from VirusTotal (score: 1/56).
VirusTotal result:
https://www.virustotal.com/en/file/264742e8aafae210df1ecd3adfe32f15ee52c367b5263d5f8aaa9c621270910c/analysis/
PortableApps of CamStudio download:
https://sourceforge.net/projects/portableapps/?source=typ_redirect
PortableApps information of CamStudio:
http://portableapps.com/node/54613
I had to do a windows reinstalltion after installing CamStudio. There is a great differnce between offering a piece of software and infecting someone's computer with unremovable crap, you fucking bastard!
Download an older version: v2.6b_r294_build_24Oct2010
https://sourceforge.net/projects/camstudio/files/stable/CamStudio_Setup_v2.6b_r294_%28build_24Oct2010%29.exe/download
lol y'all need to chill, I've been using camstudio for years and have never run into such problems with viruses or any other "catastrophic" incidents. Nick Smith was obviously right in one thing he said, which was the false positive results in most of your antivirus software. I know for a fact that most of these antivirus scans are biased, and sometimes say that the file is infected when it is not. Also note that I'm mostly reffering to viruses such as trojans or malware, but adware is another story, and I'm afraid that the antivirus software may be correct this time if it points out that the file is infected with adware.