Sumo Bundeld with Viruses ?

hey guys

i was just installing sumo

if found lot's of other programs installed with it

Like facesmoosh ,registry Booster

also PCAV detected a virus

and malwarebytes also detected lot of infected stuff

is that a good by for Sumo

 

Where did you get it from, the developers' website? I do know it's bundled with adware (can't think of the name), but not all that. I have high doubts the dev would intentionally put a virus in, perhaps the site is compromised?

Edit: RK is the only thing that users should be aware of http://www.kcsoftwares.com/index.php?rk Nothing else should be in there unless it's gone rogue or the dev just hasn't updated the website.

 

It comes with Adware, not malicious, but still unwanted by most. You really have to pay attention during installation to make sure you don't unintentionally install that crap. There is also a crap/sponsor-free version available: -ftp://ftp2.kcsoftwares.com/kcsoftwa/files/sumo_lite.exe-

Did you get the installer from the official site? Check the logs of PCAV and MBAM for the detection names, if it's PUP(Potentially Unwanted Program) or Adware then you don't have real malicious software installed.

 

pcav

detected a trojan/hupigon.BDH
tojan/vb.aln

Malwarebytes's antimalware detected 9 infections of Adaware

yes it's an installer from the developer site

 

A Google search shows Hupigon to be a backdoor, as far as the 9 detections of adware, I have no idea what you have there. The site could be compromised. I went there (with Noscript and sandboxie), and Avasts' webshield didn't speak up, so I don't know.

Edit: MBAM's website blocker is not saying anything either when I visit the website.

 

thank god i used it on the VM first

saved by luck

 

download SUMo lite version.. im using it
-ftp://ftp2.kcsoftwares.com/kcsoftwa/files/sumo_lite.exe-

 

Interesting... Didn't Malwarebytes buy hpHosts? http://hosts-file.net/?s=kcsoftwares.com

Classification: EMD* (*engaged in malware distribution)

This rating was last updated 31-05-2010.



There is a difference between adware and malware... I wonder what makes hpHosts classify it as such.

hpHosts was always way too much abusive in the way it rated websites. I'd expect that with Malwarebytes being now the owner things would change. Apparently, not.

I looked at the forum (hpHosts forum), and there's no explanation why it's rated as such.

This doesn't give much credibility to hpHosts, IMHO.

 

hmm, interesting.
You might want to contact PCAV support to make sure if these detections are FP or not.

 

Look for the Lite version, which is also on the download page (Free of all sponsors download links).

 

I don't know about MBAM and HpHosts to be honest. I'm not against classifying adware as malware though. I will say that HpHosts is not doing themselves a favor by going that long without re-checking. We're in the days of malware being on a site for an hour and then never being seen again. As far as PCAV, I'd actually say they themselves are a bit overboard in their detections. Consider that hearsay since the system tools I used, and PCAV flagged as trojans, are long gone, but yeah. I even had it take out a file used to restore my OS (A gateway tool).

Back on topic though, maybe one or so of the detections may be an FP, but 9 or 10? That's stretching it even for an FP-happy AV/AM like PCAV, and a usually spot on app like MBAM.

 

Well, according to VT results only Kaspersky and avast flag the sumo.exe installer as being adware, due to the Relevant Knowledge thing.

It's funny, actually. For example, avast suggests to download and install Google Chrome. By definition avast is adware and should be flagged as being malware.

It doesn't bundle it, but it does suggests to download it. It's suggested a third-party application not necessary for the program to function.

I got nothing against it, but if it's to flag other apps as adware, then avast shouldn't include/suggest anything. They need to be coherent with what they flag and then do themselves.

Regarding MBAM flagging 9 entries, MBAM will flag all entries that belong to a given malicious program (malicious according to them). Other antimalware/antivirus may only flag one, but for all the stuff.

 

Now wait a sec, M00n, lol. Adware to me is doing such within the program itself, not suggesting it on a blog. We could argue about whether a security vendor needs to be telling people what browser to use, but that's a bit irrelevant. Of course, we could very easily say all of the programs, including Avast that give the option to install Chrome, can technically be considered adware..but really it isn't as long as it is optional (and doesn't install itself anyway, even when the user opts not to..a lot of that going on).

With regard to MBAM, I wasn't thinking about that. It makes sense that 9 things were found then. It was never made clear that these were different entries or the same detection.

 

You misunderstood... I was just linking to a blog post saying that they do suggest to download Google Chrome on avast! free.

By the way, users do have the option to download a RK-free version. So, it's not like RK is forced upon users. It's a bit like CCleaner. There's a main installer and then there's the slim version.

But, is RK forced to users (for those who download the main installer)? Or, do they have the option to opt-out? Because, if they got no option to opt-out, then yes... massacre the beast.

 

Well now, if RK wasn't forced in the full install, there wouldn't be a need for a lite version, now would there? If you really want an answer, I don't know, but that's my logical guess for why there is a lite version. I'm personally not going anywhere near either one.

 

Doubt it, last time I tried, it was all opt-out. Another example is CCleaner. Now is Chrome forced?

 

No, Google Chrome is not forced to anyone. avast! merely suggests that users download and install it. I do not recall if it such option comes preselected, though.

Anyway, what I tried to do, was create a context. avast! flags Sumo (main installer) as being adware. Sumo is ad-supported. According to you, it's an opt-out. So, it's not an abusive action, IMO. It doesn't really matter whether or not RK comes already bundled or if KC Software would make the installer suggest to download and install it. It's the same thing, as the end goal would be exactly the same.

The same happens with avast! free. It's ad-supported. Nothing against that. I just find it ironic that a security vendor that offers an ad-supported antivirus flags some other application, apparently providing an opt-out, as being adware.

I think security vendors should be more careful. Most people are familiar with one word only: virus.
Their antivirus will protect them against viruses. If the antivirus flags something, then it's a virus. For all they care adware can be just some random name given to the virus.

I just believe that applications should be flagged more careful. If a software developer is being abusive and not giving any option to opt-out, then yes, flag the application, as it would be a malicious action... Not necessarily a malicious application, but a malicious action. It's my opinion, of course.

I doubt that, say, Microsoft EMET was bundled with some third-party application or suggestion to download a third-party application, security vendors would flag it. Just a feeling that I got.

It reminds me Sysinternals. We all know what happens before Microsoft acquired it. Are these tools flagged anymore?

I'm against flagging tools just for the sake of flagging them.

I already gave an example. Malwarebytes bought hpHosts. hpHosts flags www.kcsoftwares.com as being engaded in malware distribution. Malwarebytes should put order in the house.

For example, WOT rates it green. But, hpHosts is a WOT's trusted source. I'd say WOT is fairly used by a lot of people. Not to mention users are rating it red over WOT's page -http://www.mywot.com/en/scorecard/www.kcsoftwares.com

It's just like Megaupload. It's rated as being engaged in malware distribution. Megaupload is a clean service, it just happens bad guys use it. Like Rapidshare, Dropbox, etc. hpHosts should be the domain being blocked... They are way too abusive in how they rate other domains. lol

It reminds me of Ask.com toolbar and Avira's recent story. Do they simply rate something based on what they feel like they should be rated? Then, if they want to make a deal with a the company, they no longer flag it?

I dislike what Relevant Knowledge is, which if I'm not mistaken is to track and study online behavior? Don't take me wrong.
But, in avast!'s example, Google isn't that innocent either. And, Google Chrome's default search engine is Google. Not to mention Google Chrome's default options aren't privacy-friendly either. Still, avast! does suggest it.

Why flag Sumo/Relevant Knowledge? If it's malicious in itself, then flag it... Otherwise, don't. A line needs to be drawn. And, unless some software developer is being abusive by not giving an opt-out... Not only they do give an opt-out option, but they also provide a clean version... But, in that case, the application should be flagged as abusive software and not adware.

 

When installing Avast Free, installing Chrome is pre-selected in the installer
Last time I checked, Sumo comes bundled with a lot more crap than just RK.

 

exist a portable version (is the zip or 7zip file on download page) so .. problem solved
sumo standalone have not crap software or adware

 

The reason it's rated as such, is because of the rubbish that comes with it. This was re-checked last month and is still the same, which is why it's not been updated (no need to update it if nothing has changed).

The EMD classification covers everything from spyware, to adware, to worms/trojans etc etc.

 

The MBAM IPBL can't block it as it's a shared server.

 

The subject of bundling Relevant Knowledge into SuMo has reared its head a few times with its developer Kyle Katarn in the SuMo thread here on Wilders.

Kyle did have this to say last August: [post #201]

It doesn't look like anything's changed there.

 

No one argued that Sumo application doesn't bundle crap. That's beside the point. The real issue is the rating, IMHO.

There should be different rating categories. Malware should be, obviously, in the EMD category. It makes sense.
But, adware should be rated as such, and not malware. One thing is being engaded in adware distribution, another one to be in malware distribution. Or, are we saying that RK is something like, say, SpyEye or like ZeroAccess rootkit? I have my serious doubts about that.

Anyway, it's just an opinion, so don't take it that serious.