Go Back   Computer Forums > General Computing > Software and Operating Systems
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 12-21-2015, 03:26 PM   #1
Wizard of Wires
setishock's Avatar
Join Date: Feb 2005
Location: Not sure
Posts: 10,031
Default Lastest version of winzip has a payload

I was doing my normal routine of scans when something really odd happened. I ran FindJunkFiles then came back to the desktop to find the CCleaner icon was gone. I checked the remove programs list and sure enough it was not on the list. It had been totally uninstalled.

This was not an accident on my part. I had run the CCleaner expander BK123 had found last night and found when you remove the rules and delete the program it completely guts the CCleaner settings and rules list. The left column is completely blank. I used Wise uninstaller in forced mode to remove what was left of CCleaner. Odd thing was whatever was going on would not let me download the latest version. Tried 3 different places to verify I was being blocked.

Fortunately I keep copies of software on my NAS box so I installed one of those. That put me back one version. But at least it was working.
I was getting just a little concerned so I ran ESET in Threat Scan mode. Sure enough it found 6 nasties from my stint with WinZip. Hold on, it gets better.

I used WinZip to open an Adruino .rar file. For all the trouble I was about to have, the .rar file was crap. There was nothing in it I could use. So it went bye, bye. I never extracted it, just peeked in to the hive. So I feel confident that whatever happened didn't come from that file.

Ok so force remove WinZip and jump forward a few days. I missed my routine Sunday so I got on to it today. Ran FJF and CCleaner bit the dust somehow. Comes the good part.

I ran ESET in Threat Scan mode and it found this:

Not sure if this is related but I'm sure this is not supposed to be there. I have a feeling the CCleaner expansion program has installed some sort of payload that gets vindictive when you remove it.

The threats from WinZip are nothing to be blown off. I'd be real careful with the latest version of WinZip. It installs all sort of crap as part of the software. It doesn't give you any options to not install all the junk. And boy howdy they have gone way out there from just a simple unzip tool. I'd find something else to use. And sorry BK123 little buddy, that program you found is very destructive.

I'm on the hunt to see if any of the last few days adventure has left any other little payloads. I'll let you know.
setishock is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 02:08 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0