Hello everyone,I just want to warn everybody against what you download at Majorgeeks.com,yesterday an update for the Pale Moon browser(64-bit)was ready download,but the file was infected with ransomware,but Bitdefender saved my *** and restored my files,I do not know the variant,I just know what Bitdefender reported back to me,so please be careful. Regards assersegsten. PS. it is the first time I ever encountered any problems with files from Majorgeeks.com.
That's scary. Are you sure it wasn't a false positive? BD can be a little over enthusiastic at times.
Please keep us updated. If your experience was authentic then Houston we have a problem. Majorgeeks is generally been safe as far as I know but on a recent visit of my own, and it's been well over a year since I D/L'ed anything from the site, I was properly annoyed when an in-your-face slide in showed up. Ticked me off and away I went.
@assersegsten Did you download it from one of links you can see on the right side of the following image? The reason I ask, is that you'll often find ads with download links on MajorGeeks, which can lead to downloading the program advertised, rather than the software you wanted to download. The downloads you can see in the image are direct links to the author's site. I just downloaded the 64 bit version and it was not detected, when I scanned it at VirusTotal. I can see that the current version was released only about a day ago.
Sometimes Majorgeeks is hosting downloads "Download@MajorGeeks" , sometimes the link of the download is redirected to the Author's site: "Download@Authors Site" In the case of Palemoon the installer is downladed from the Author's Site ("Download@Authors Site"): Code: http://relmirror.palemoon.org/release/palemoon-28.0.0.1.win32.installer.exe http://relmirror.palemoon.org/release/palemoon-28.0.0.1.win64.installer.exe Nethertheless it is always a good idea to check the hashsum before launching of downloadeded installers [sadly not all are providing hashes on their website]. Hashsums (and GPG Signatures) are available on the website of PaleMoon.
Someone that already use a VM - for example - could repeat the download and send the file to Virus Total.
I already did that and the file was not detected. I don't use a VM, but there was no need, as I was just scanning the file, not running it.
Kaspersky says it's clean. I'd assume a false positive. I've never had an infected file from MajorGeeks. I've visited their site daily form many years.
I have never had issues from MajorGeeks either and is the only site I recommend if you can't get it from the Authors site.
I usually download my programs from the author's site, but Majorgeeks is the only place where I also download programs every now and then. I absolutely trust them; one of my daily go-to websites.
Mirror 7 is an installer bundled with InstallCore (PUP) Without OpenCandy = for example Mirror 4 [free-codecs] or Mirror 6 [Majorgeeks] (3.101.913 bytes - SHA256: 49AA06EAFFE431F05687109FEE25F66781ABBE1108F3F8CA78C79BDEC8753420)
That's the one! kind of what I figured after scanning it via VirusTotal, at least in terms of it being laced with crapware. My question was sort of a rhetorical one, although I wasn't sure if there was a way to download the file without the wrapper crap attached to it from ImgBurn dot com. I also noticed the checksum of the tainted download matched the checksum when I used Code: certUtil -hashfile pathToFileToCheck run from a command line. Thank you for checking!
It is using InstallCore, not OpenCandy. But, that doesn't matter, as they both work the same way. It's safe to run the installer, because if you pay attention when installing and decline the offer to install third party software, then only ImgBurn will be installed. Alternatively, you can use the installer from MajorGeeks, as it does not use InstallCore and as a result, does not come bundled with any extras.
I would be interested to know what scanners detected it and what it was detected as, because, it quite possibly was a false positive.
It used to come bundled with OpenCandy from the dev site and there was no way to opt out. Good to see there has been a change, not that I use ImgBurn these days.
Fair enough, and I remember you pointing this sort of thing out in a different thread a while back, so I kind of figured the option to avoid the crapware was available in this download, but that makes it no more appealing to me. All I ever want out of any download is the exact file I'm after, without the song and dance of having to opt out of the crapware during the installation. There's no question in my mind the creator of these wrapper downloads is to trick the individual into installing all the garbage that comes with them. Their intentions are nefarious in nature. Even though one can opt out, it would be very easy for the unaware to miss it and unintentionally install the included garbage. This is clearly a case where downloading from the developer's website, even where the checksum matches, does not actually result in a safe download. I used to be a proponent of this approach and even preached about it in these forums, but recently I realized it doesn't guarantee a clean and safe download.
You should always be able to opt out of OpenCandy. If you couldn't opt out, then something must have gone wrong. OpenCandy and InstallCore are essentially the same.
If you pay attention during the install, then it's easy to opt out. These days, you need to pay close attention when installing any software. Yes, they make money from the installs of unwanted software and that is why it is installed by default.
Roger, it was written in the EULA that if you wanted to install ImgBurn you had to accept the PUP. There was no box to uncheck. I had MBAM 2.x at the time and it removed OpenCandy.
