25 replies to this topic

[Andavari]

Thanks to Hazelnut for cluing me into RelevantKnowledge not to long ago as that bit of info was just useful, and here's why:

I was looking for a replacement to FormatFactory since it now shows ad's in the program and happened upon a GPL licensed program called xFast Video Convert v1.2.0 which everywhere claimed to be "100% clean" including Softpedia.com. Well they are all dead wrong!

The software contains a particular pain in the backside for most end-users to remove called RelevantKnowledge (Google search link that leads to sites showing removal instructions). Neither Avast Antivirus nor Malwarebytes' Anti-Malware detected anything wrong with the setup file. I DECLINED during the installation and wouldn't you know it two processes of rkverify.exe were running in the background so I end tasked the badware. If you run across this bit of badware you'll know it immediately when your system starts acting instantly sluggish.

Nothing is more worse than when an app publisher states on their website that their software doesn't contain any third-party program, and then during installation you see otherwise, and I find it rather disgusting for an application licensed under GPL. We can't even trust Open Source or Free software anymore!

Luckily I had zero difficultly in removing it because I tracked the installation with Total Uninstall and used an ERUNT backup to restore the registry.

[Andavari]

Now that I've unpacked the setup.exe file Malwarebytes' Anti-Malware does find the nasty, which makes me wonder why it doesn't scan inside of such files. I may have to reevaluate my usage of it.

[Corona]

Re-evaluate what? MBAM? What would you replace it with?

As far as Open Source...the name alone implies mistrust.

[kmillerusaf]

Andavari,

Try uploading the setup executable to Jotti to see if it finds anything...

[DennisD]

I'm probably as surprised as you that you got something like that via Open Source, and with Softpedias "clean" stamp on it.

I haven't actually reinstalled Format Factory since restoring an Image recently, and that's a shame with that program, as it's a real "Jack Of All Trades" with converting.

So I'm looking for a replacement now. There's always Super and Mediacoder, but there's a couple of issues I have with both those apps, so I'll keep them as a last resort.

[Andavari]

Corona, on May 20 2009, 08:28 AM, said:

As far as Open Source...the name alone implies mistrust.

Open Source does NOT imply mistrust it's the developers packing in the third-party badware that are to blame because they don't have to go that route, therefore we'll have to disagree on that.

kmillerusaf, on May 20 2009, 11:45 AM, said:

Try uploading the setup executable to Jotti to see if it finds anything...

Did that a long time ago, I uploaded it to Jotti, virScan.org, and Virus-Total all found the malware however many anti-malware scanners miss it including Avast.

DennisD, on May 20 2009, 01:10 PM, said:

I haven't actually reinstalled Format Factory since restoring an Image recently, and that's a shame with that program, as it's a real "Jack Of All Trades" with converting.

Note that currently Format Factory would be considered non-intrusive adware meaning it won't mess your system up or slow it down, and won't be detected by most anti-malware programs for that very reason. Even some Microsoft software is considered non-intrusive adware, yet tons of people use it. The ad's it shows are like what Foxit Reader did, they're just images that can be clicked to generate revenue to help pay for development. Still though I don't like the ideal of seeing them and wish they'd release a pro version minus the ad's for a remedial price because it would be worth it.

Edit: Found out that Format Factory has internal ad links to the xFAST website, so be careful if using it as following those links to downloads is a sure fire way of getting infected.

Edited by Andavari, 23 May 2009 - 08:16 PM.

[Softpedia]

Andavari, on May 20 2009, 04:13 PM, said:

I was looking for a replacement to FormatFactory since it now shows ad's in the program and happened upon a GPL licensed program called xFast Video Convert v1.2.0 which everywhere claimed to be "100% clean" including Softpedia.com. Well they are all dead wrong!

We're very sorry about that. You should have reported it...
The program does include Adware, therefore we've changed the license (the award is gone of course).

[fireryone]

How did Softpedia see this post, awesome that they take notice of the community

[hazelnut]

Hopefully they will check Sumo software updater out then as the latest update to it also contains RelevantKnowledge I've been told.

[Softpedia]

hazelnut, on May 22 2009, 03:57 PM, said:

Hopefully they will check Sumo software updater out then as the latest update to it also contains RelevantKnowledge I've been told.

The version we're listing does not contain RK

[hazelnut]

Softpedia, on May 22 2009, 03:13 PM, said:

The version we're listing does not contain RK

Glad to hear it. I take it you must be hosting the lite version then?

http://kcsoftwares.c...opic.php?id=244

By the way welcome to the forum

[Andavari]

DennisD, on May 20 2009, 01:10 PM, said:

There's always Super and Mediacoder

Mediacoder also has RelevantKnowledge spyware so you don't want it either! Rather surprising for something hosted by SourceForge.net. I found out by unpacking the setup file with 7-Zip, scanned with MBAM and bam there it was.

Version that has it:
MediaCoder Full Edition v0.7.0.4399 (32-bit Edition, Released May 16, 2009)

Proof:

Malwarebytes' Anti-Malware 1.36
Database version: 2168
Windows 5.1.2600 Service Pack 3

05/23/2009 3:37:40 AM
mbam-log-2009-05-23 (03-37-40).txt

Scan type: Quick Scan
Objects scanned: 282
Time elapsed: 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\my download files\Software\mediacoder full edition v0.7.0.4399 (winxp)\temp\$COMMONFILES\MediaCoder\$TEMP\rkverify.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
d:\my download files\Software\mediacoder full edition v0.7.0.4399 (winxp)\temp\$TEMP\$TEMP\rkinstall.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

I wonder if running any setup files than can't be unpacked by say 7-Zip in a Sandbox would allow for such infections to disappear once the Sandbox is deleted?

[Softpedia]

hazelnut, on May 22 2009, 04:32 PM, said:

Glad to hear it. I take it you must be hosting the lite version then?

http://kcsoftwares.c...opic.php?id=244

By the way welcome to the forum

Of course.
Thank you

Andavari, on May 23 2009, 10:44 AM, said:

Mediacoder also has RelevantKnowledge spyware so you don't want it either!

True, MC includes adware components, but during the installation it does not make any attempts to install them. You can click your way through the installer without ending up with unwanted software on your computer. This type of behavior is not that criticized.

[DennisD]

That's a nice spot Andavari.

This really makes me wonder about Mediacoders insistence on phoning home just about every time you opened it to check for updates.

I always found that a huge pain in the a**e, and now I'm wondering even more about that particular facet of it's behaviour.

And how many other seemingly reliable and steadfast programs are gonna have to be taken apart before installing them?

The term "don't believe everything you read" springs to mind here.

[hazelnut]

It really is quite a problem now about things phoning home. We all deal with it in different ways. Some folks don't know or care.

I tend to look at all the settings on install and see if there is a 'check for updates' tickbox anywhere (which I quickly untick)

Also I have my Online Armor firewall set to ask me when a program wants to access the internet. If I don't consider that it should, I block it so it cannot ever do it without my say so.

We rely on info from others, such as this thread is giving, to keep us up to date with what is trying to, or is being installed inside our software downloads.

[Andavari]

Softpedia, on May 22 2009, 04:30 AM, said:

We're very sorry about that. You should have reported it...
The program does include Adware, therefore we've changed the license (the award is gone of course).

It's not really Softpedia.com's fault so you have nothing to really apologize about. I found the program, and as always I check out what Softpedia.com has to say about the program such as if it's adware, clean, screenshots, or any reviews you kind folk provide.

[annoynimouse]

Softpedia, on May 23 2009, 01:37 PM, said:

True, MC includes adware components, but during the installation it does not make any attempts to install them. You can click your way through the installer without ending up with unwanted software on your computer. This type of behavior is not that criticized.

O'RLY ?

http://www.mediacoderhq.com/dlfull.htm

Quote

0.7.0.4399
Last Updated: May. 16, 2009

When started instaler, Avira alerted about %Temp%\rkv.dat
Then about %Temp%\rkverify.exe
Only then installer appeared on screen and in its wizard once i was able to either accept rkv. However, would i deny it, MC just would not install.Either both installed, or both rejected. However at the time of this choice, rkverify.exe was already dropped and lanuched.

[Andavari]

annoynimouse, on May 27 2009, 06:07 PM, said:

However at the time of this choice, rkverify.exe was already dropped and lanuched.

Exactly, it's forced upon you even if you choose to not install it. I personally see MediaCoder Full as malware now.

[Anomaly]

I use this and it works well http://www.any-video...for_video_free/

[Icedrake]

That's what I use too, it works great!