OMG MAJOR Spyware infection from downloading Trillian from Download.com

Discussion in 'malware problems & news' started by cheater87, Dec 9, 2007.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I'm scared Spybot is coming up with a lot of stuff. Superantispyware, Spyware Terminator and Avast came up with jack squat. Boclean found one thing and got rid of it when Trillian was installing. I then uninstalled Trillian. WTF I thought Trillian was safeo_Oo_O
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Isn't the free version of Trillian ad-supported? o_O
    I'd redownload the installer from various sources and check if they have identical checksums. Then, upload them to Virustotal.
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I went to the Trillian site to download it and it took me to download.com where I got it.
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Well cheater, just try to remain more calm than the last time you thought you had some sort of spyware infection. I thought we may have to convene the world chieftains for some sort of emergency global summit to remedy your situation. :)
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I got rid of what Spybot found. What else can I doo_O?
     
  7. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Does adware steal personal infoo_O Or is that spywareo_O Or botho_O
     
  8. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Adware tracks you so that they can display ads on your computer.
    Times have changed,I remember using Trillian free 4 years ago and it was clean back then.
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Did you install the Ask toolbar and/or weather channel desktop thing? When I had trillian I did not notice anything unusual in outbound connections as it checked for updates at reboot and checked email with yahoo. There wasn't anything going to some weird IP address or anything like that. Spybot probably flagged it because it may try to be added to the start menu or something? Also, I have noticed from KIS that trillian changes because it auto updates. That's about all the noise I ever got from anything trillian related.
     
    Last edited: Dec 9, 2007
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    http://wiki.castlecops.com/Malware_Threats#Adware

    You could run SAS, A-squared and Spyware Terminator. There in your sig.

    Also, it's a really good idea to scan with your scanners BEFORE you install anything.

    MajorGeeks and Softpedia are also better places to download stuff. Some of the programs are labeled as clean at Softpedia. In your case, it Trillian is labeled adware.
     
  11. davidw_426

    davidw_426 Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    37
    Hey Cheater87, I wanted to step in to the conversation because I too have Trillian 3 Basic (maybe that makes a difference?), and I scan everything I download with SpywareTerminator, A2Squared, SAS, and Avast and not one peep out of any of them that anything was wrong. I don't have any ads or anything showing up, so is it at all possible that the file you downloaded was a hacked version on Download.com?

    I know that sounds silly, but I have high doubts that it's impossible for such a thing to happen. I don't know what to tell you except mine is clean as a whistle.

    Edit: Trillians Website shows 3.1.80 as the newest version. I can't seem to figure out mine as it isn't listed in "About", only 3.1. Maybe the newest version does have adware, which means I won't be updating it from now on.
     
  12. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I scanned with them. They all came up clean. I just did a system restore to December 7th.
     
  13. davidw_426

    davidw_426 Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    37
    Ok, then all should be well now :) I'll still be wary of Trillian from here on out now since Softpedia is reporting it as adware.
     
  14. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi, I went to download.com and did a search for trillian. I then went to this page. http://www.download.com/Trillian/3000-2150_4-10768654.html?tag=lst-1 I then downloaded the file. I uploaded it to VirusTotal and it had already been scanned with 0/32 results. Of course that isn't a guarantee, but possibly a little good news. Spybot and BOClean may have a strict policy when it comes to software like this. A search at their sites may be a good idea.
     
  15. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    From Softpedia.
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I did uncheck it.
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Some AVs have PUPs detection disabled at Virustotal.
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, it may be a FP from Spybot. Check what it's being detected.
     
  19. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Lots of stuff. I got rid of them all and then system restored to the 7th of December. I also changed all my passwords and I'm rescanning.
     
  20. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks lucas, I didn't know that. I guess it's still a good idea to use my other scanners (which I do) when I download something unfamiliar. You just gave me the reason why I need to :).
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    What stuff? Registry keys related to Trillian? Autostart entries? Host file entries? BHOs?
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I didn't know that either. I discovered it doing some testing. For example, NOD32 doesn't detect some installers bundled with toolbars, which are detected as Win32/AdInstaller using a installed version of NOD32. Detection of grayware varies among vendors. That's why comparing AVs using Virustotal as a reference is useless.
    It's always a good idea to keep a full blown scanner when you want to scan something with max. settings.
     
  23. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thanks, maybe it could be to keep their online scanners fast. I still will keep that in mind. ErikAlbert might be interested in this too.

    Good advice! FWIW, I scanned the installer I downloaded with SAS, AVIRA PE premium (on high) and A-squared and had 0 results. I guess that doesn't mean much as I didn't go to the trillian site and get re-directed to download.com.

    By the way, I'm not an expert, but enjoy exploring these types of things. The more I learn about malware, the better I can protect my machine.
     
  24. Xenophobe

    Xenophobe Registered Member

    Joined:
    May 26, 2007
    Posts:
    174
    Trillian's installer prompts you to install the Weather toolbar, and the Ask toolbar (Which is detected as adware). Both are optional. Trillian is clean.
     
    Last edited: Dec 9, 2007
  25. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    And some AVs have special paranoid heuristics turned on to the max on VT ,settings vary etc..

    As you pointed out correctly, using VT to compare AVs might or might not be 100% accurate, but it's good enough for normal use unless you are one of the Av freaks who obsess about tiny percentage differences and switch AVs monthly based on the results of av tests. :p
     
Loading...
Thread Status:
Not open for further replies.