OMG MAJOR Spyware infection from downloading Trillian from Download.com

I'm scared Spybot is coming up with a lot of stuff. Superantispyware, Spyware Terminator and Avast came up with jack squat. Boclean found one thing and got rid of it when Trillian was installing. I then uninstalled Trillian. WTF I thought Trillian was safe

 

Isn't the free version of Trillian ad-supported?
I'd redownload the installer from various sources and check if they have identical checksums. Then, upload them to Virustotal.

 

I went to the Trillian site to download it and it took me to download.com where I got it.

 

Well cheater, just try to remain more calm than the last time you thought you had some sort of spyware infection. I thought we may have to convene the world chieftains for some sort of emergency global summit to remedy your situation.

 

Softpedia lists it as adware. http://www.softpedia.com/get/Internet/Chat/Instant-Messaging/Trillian.shtml

edit: the free version. Lucas is right.

 

I got rid of what Spybot found. What else can I do?

 

Does adware steal personal info Or is that spyware Or both

 

Adware tracks you so that they can display ads on your computer.
Times have changed,I remember using Trillian free 4 years ago and it was clean back then.

 

Did you install the Ask toolbar and/or weather channel desktop thing? When I had trillian I did not notice anything unusual in outbound connections as it checked for updates at reboot and checked email with yahoo. There wasn't anything going to some weird IP address or anything like that. Spybot probably flagged it because it may try to be added to the start menu or something? Also, I have noticed from KIS that trillian changes because it auto updates. That's about all the noise I ever got from anything trillian related.

 

http://wiki.castlecops.com/Malware_Threats#Adware

You could run SAS, A-squared and Spyware Terminator. There in your sig.

Also, it's a really good idea to scan with your scanners BEFORE you install anything.

MajorGeeks and Softpedia are also better places to download stuff. Some of the programs are labeled as clean at Softpedia. In your case, it Trillian is labeled adware.

 

Hey Cheater87, I wanted to step in to the conversation because I too have Trillian 3 Basic (maybe that makes a difference?), and I scan everything I download with SpywareTerminator, A2Squared, SAS, and Avast and not one peep out of any of them that anything was wrong. I don't have any ads or anything showing up, so is it at all possible that the file you downloaded was a hacked version on Download.com?

I know that sounds silly, but I have high doubts that it's impossible for such a thing to happen. I don't know what to tell you except mine is clean as a whistle.

Edit: Trillians Website shows 3.1.80 as the newest version. I can't seem to figure out mine as it isn't listed in "About", only 3.1. Maybe the newest version does have adware, which means I won't be updating it from now on.

 

I scanned with them. They all came up clean. I just did a system restore to December 7th.

 

Ok, then all should be well now I'll still be wary of Trillian from here on out now since Softpedia is reporting it as adware.

 

Hi, I went to download.com and did a search for trillian. I then went to this page. http://www.download.com/Trillian/3000-2150_4-10768654.html?tag=lst-1 I then downloaded the file. I uploaded it to VirusTotal and it had already been scanned with 0/32 results. Of course that isn't a guarantee, but possibly a little good news. Spybot and BOClean may have a strict policy when it comes to software like this. A search at their sites may be a good idea.

 

From Softpedia.

 

I did uncheck it.

 

Some AVs have PUPs detection disabled at Virustotal.

 

Well, it may be a FP from Spybot. Check what it's being detected.

 

Lots of stuff. I got rid of them all and then system restored to the 7th of December. I also changed all my passwords and I'm rescanning.

 

Thanks lucas, I didn't know that. I guess it's still a good idea to use my other scanners (which I do) when I download something unfamiliar. You just gave me the reason why I need to .

 

What stuff? Registry keys related to Trillian? Autostart entries? Host file entries? BHOs?

 

I didn't know that either. I discovered it doing some testing. For example, NOD32 doesn't detect some installers bundled with toolbars, which are detected as Win32/AdInstaller using a installed version of NOD32. Detection of grayware varies among vendors. That's why comparing AVs using Virustotal as a reference is useless.

It's always a good idea to keep a full blown scanner when you want to scan something with max. settings.

 

Thanks, maybe it could be to keep their online scanners fast. I still will keep that in mind. ErikAlbert might be interested in this too.

Good advice! FWIW, I scanned the installer I downloaded with SAS, AVIRA PE premium (on high) and A-squared and had 0 results. I guess that doesn't mean much as I didn't go to the trillian site and get re-directed to download.com.

By the way, I'm not an expert, but enjoy exploring these types of things. The more I learn about malware, the better I can protect my machine.

 

Trillian's installer prompts you to install the Weather toolbar, and the Ask toolbar (Which is detected as adware). Both are optional. Trillian is clean.

 

And some AVs have special paranoid heuristics turned on to the max on VT ,settings vary etc..

As you pointed out correctly, using VT to compare AVs might or might not be 100% accurate, but it's good enough for normal use unless you are one of the Av freaks who obsess about tiny percentage differences and switch AVs monthly based on the results of av tests.