Jump to content
CCleaner Community Forums
GuitarSmokr

[FileHippo.com] Am I the only one noticing this Spyware/Malware/Bloatware trick?

Recommended Posts

Okay, I wanted to contact Piriform directly to address this issue but they seem to not

want to be contacted unless it be their sales team you are contacting, which I am not going to call to get transferred to somebody who can help MAYBE, because I just don't give that much of a F!#@. However, I have decided to go out of my way tonight to create an account for this forum and waste time valuable I could spend wasting some other way like playing video games or crying in the fetal position because I want to see if I am right or just an idiot n00b, also I don't want to see people screw up their computers trying to get software to fix them.
 

Please somebody who is checking my work follow the following directions to see if

people are using the links on this [/size]"[/size]Official Ccleaner/Piriform Website" [/size]to get duped into installing a bunch of [/size]harmful crap or malware.[/size]

WTF!!?!?!?!?!?

At this point it doesn't matter what you do, the file that you will download is no longer the ccsetup414.exe  file it is now A A file called setup.exe Do not download and install this file unless you are an idiot, in which case go ahead, or better yet, take your laptop and throw it against the wall. 

Now I was able to catch this but somebody else might not, my question is why would piriform link to a site that has malicious software masquerading about as their very own installer, as you install this the top left corner of the window says "ccleaner installer" as goes installing some stuff that is going to BANG YOUR HARD DRIVE UP.

Obviously they don't know and I can't find a way to get into contact with anybody that might give a care, so please people check and make sure all this info is correct and see if you can't help me send this s**t through the proper channels, thanks!

 
post-69716-0-27105200-1402562869_thumb.png Edited by Augeas
Dodgy software link zapped

Share this post


Link to post
Share on other sites

Anytime you get software that doesn't come off the developers own site you are tempting fate and hoping the 'mirror' site hasn't done some repackaging of the software.

 

I followed your advice and on FileHippo I only see the right hand side green download box (the correct one as you state).

I see no left hand one, but then I do run NoAdblock and Ghostery which may have removed that 'temptation'.

 

FileHippo recently went through a redesign and I personally still go there when needed but it has slipped a few notches in the trust level, sort of like CNET. Beware!

 

Get your downloads from Piriform and you're fine.

It's a good thing you picked it up in time.

 

This should serve others as a good example of how a layered security approach can save the day, not just having an AV program.

 

And expect a Mod to remove your email otherwise you'll be an easy target for spam.

 

And Welcome to the forum.

Share this post


Link to post
Share on other sites

It looks like some malicious software has crept into your post, Smokr.

 

This has been raised before, particularly in late 2013, and has been passed onto Pirform admin, so they are aware of it. Filehippo used to be the trusted repository for software, especially for archived releases. Unfortunately Filehippo has become just like many of the other software repositories, riddled with sneaky - and presumably paying - dubious and deceptive downloads. This applies to all software on Filhippo, not just Piriform's. Perhaps your post should have been directed at Filehippo.

 

Why is Filhippo rubbish? I dunno, why is the world rubbish? I guess they have to eat, like the rest of us. Why do Piriform still use Filhippo? I dunno either, possibly because a lot of users still go there for their software.

 

Oh yes, I'll remove your email address. 'Solutions' should be in the open forum.

Share this post


Link to post
Share on other sites
To download CCleaner directly from Piriform (I suggest you bookmark that page):

What FileHippo.com or other 3rd party sites do is out of the control of Piriform.com! It is already a known issue because other people have been posting about getting duped into downloading something off of FileHippo.com that they didn't want, i.e.; not the software they thought they were getting. Basically you clicked an advertisement and didn't realize it.

 

If you and your friend had adblock software installed in all of your web browsers (Adblock Plus for Firefox based browsers, or Adblock for Chrome based browsers), along with a HOSTS file like MVPS HOSTS File this maybe would've never happened to begin with - that dubious/trickery advertisement would've been blocked.

 

It's important to manually inspect downloaded setup files by right-clicking them and looking at the properties listed in the Version (tab) which will reveal: Company, Product Name, Product Version. Also it's vital to make sure the Digital Signature is valid if one is available in the setup file (all Piriform installers have a Digital Signature), if the Digital Signature is not valid do NOT install the software, and inquire on the software forum about it by posting a bug report.

 

Try to follow the same practice when it's possible of getting setup files directly from the developer website. Even if some download site is deemed by the developers as an "official mirror / official download host / official download site".

Edited by Andavari
typos

Share this post


Link to post
Share on other sites

Is it just me or does it look like people use more color and bigger fonts in their post when they are mad ?? <_< .

(don't think it helps conveying anything)

 

Okay back to topic.

This is the 4th or 5th post in the last couple of months people start to complain about this sort of "problems" / "tricks".

It also seems to me and perhaps others that people aren't reading any of the previous posts made regarding this sort of complains.

 

Moderators, is there a way to consolidate all the previous complains posts about this sort of "problems" / "tricks" into one and pin it ?

Share this post


Link to post
Share on other sites

The problem with putting all posts into a thread doesn't mean anyone will read them before they download. 

 

I mean do you go to a forum before you download software?

 

Lets wait and see how Piriform respond to this.

Share this post


Link to post
Share on other sites

The problem with putting all posts into a thread doesn't mean anyone will read them before they download. 

 

I mean do you go to a forum before you download software?

 

Lets wait and see how Piriform respond to this.

 

Depending on the sort of software I am about to download, yes. I also use 5 FireFox addons to stop fake links and more, MBAM, Spybot and my AV.

 

I can see your point Hazelnut.

Share this post


Link to post
Share on other sites

Long story short, post #1 is wrong.  If you just download from the Piriform site you'll be OK.

 

May I suggest that a moderator render that softpioneer link inert? 

 

Edit:  Post #1 might be no more than a convoluted and garish link to malware. 

 

Right now I'm running win xp with no adblock, no special hips filtering, am allowing all the popups, etc. 

Somewhere between step 2 and step 3 in the post #1 something is wrong. 

Link number two does not send me to a site offering "1 of 3 hosting sites", it goes to the correct download site. 

That site is

https://www.piriform.com/ccleaner/download

There I am offered links to download 3 versions of CCleaner:  free, professional, and professional plus. 

If I do go to the filehippo link in post #1, the downloaded "latest version" file is the correct one.

 

Starting from link #1, I can not get to that "softpioneer" site. 

 

May be, as Augeas suggested above, the computer you were installing to has some sort of redirecting malware.

Or it may be that (as suggested in the edit above) post #1 is no more than a convoluted and garish link to malware . 

Or it may be that i have not been awake long enough and have missed the whole point of this topic.  :P

Share this post


Link to post
Share on other sites

Dodgy software downloads are divine retribution from the Gods of Google for searching for such things.

 

In the image sent with the first post,

immediately below the correct green "Download Latest Version (4.53 MB) button is an advert box by free-download-now.com

and top right of that advert box are two tiny buttons.

The left button of that pair tells you about Adchoices, and the right button closes the advert

To the left of that advert box there is a very wide advert box with two more tiny buttons controlling Adchoices.

 

This morning I visited and the right hand advert was for a product in the same market as CCleaner,

and the left box was the gadget site TMart from which I have bought a few cheap flashdrives and things,

This evening Tmart is on the right and speedtrust.com is on the left.

 

Obviously Google know what I have bought and from where I bought it,

so they give me advert for more of the same in one of their boxes,

and the other box is Google's chance to divert the visitor from the reason for his visit to a different but related product.

 

Half of the spurious adverts are your fault for allowing Google to learn so much about you :rolleyes:

and the other half are what you need ad-blockers for :o

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Half of the spurious adverts are your fault for allowing Google to learn so much about you :rolleyes:

and the other half are what you need ad-blockers for :o

 

Tailored ads, they basically have an ID of someone hence the reason I follow three rules and have for over 14 years: 1. Block them. 2. Block them. 3. Block them.

Share this post


Link to post
Share on other sites

Hey guys thanks for all you responses, I was typing this reply that was extreamely detailed (I spent over an hour typing it) then I accidently clicked on another members avatar and my browser jumped and when I press back all the stuff I had typed had not been saved to the cache but was gone forever  :angry: OH WELL. Maybe it was for the better. To sum things up though I have 2 questions,

 

  • Can somebody please explain to me WHO the culprit behind this malicious pop - up add was in their belief? Was it in fact Filehippo as I had originally thought, or was it a 3rd party that ran the pop up that send me to DL the bad software, OR (This answer unlikely as I got the same link on 2 different computers) was it my web browser or worse, windows infected with some sort of process that runs these pop-ups so that I see them and people with ad-blockers do not? Please help me understand this in full if you can, thank you
  • And the 2nd thing I wanted to ask, is what pop-up blockers do you all run again? I saw NoAdblock and Ghostery. I know nothing about these programs, how safe they are, and whether or not they are free, what would you all recommend? I must not get fake trick add/links again! Last time I downloaded a pop-up blocker program it was powerful little pain in the @$$ virus, so can you also give me a safe source ti get whatever popup blocker you

 

Again thanks  :) 

  •  

Share this post


Link to post
Share on other sites

AdBlockplus is a must have. It works under most web browsers (even Android now). Ghostery is also nice. Check the Security subforum for more information.

 

There are also some other options to extend protection. Some antispyware software, etc. It will work in tandem with your AV program.

Share this post


Link to post
Share on other sites

 

 I accidently clicked on another members avatar and my browser jumped and when I press back all the stuff I had typed had not been saved to the cache but was gone forever  :angry: OH WELL.

Moving from the page and coming back works for me in Fx33.0a1 using the quick reply box.

 

Also suggesting the use of AdBlock Plus

Share this post


Link to post
Share on other sites

I did a typo, no such thing as NoAdblock, it is as others have stated, AdBlock Plus.

I don't run any browser without at least AdBlock Plus and Ghostery add-ons.

NoScript is also good but a bit too intrusive - but that's what it's suppose to be....

 

@guitarsmokr, to get them, go to the section of your browser where it allows you to add add-ons and extenions.

In FireFox that is Tools, Add-ons, and in the search box, type in AdBlock and install Adblock Pus, repeat for whatever else you want.

Share this post


Link to post
Share on other sites

Hi, GuitarSmokr. 

Thanks for pointing out this situation. 

 

What I did here was try all the links in post #1, all work normally here. 

I downloaded every one of the available files twice, they check out OK here. 

 

The page for Filehippo here to doesn't look like your screenshot. 

 

That last link, now inert, led me to some sort of download manager junkware.

That is why I posted as I did, didn't want some unwary person to get junkware by accident. 

 

So I don't know what is different with your computer, but the 1st 3 links are OK here. 

Share this post


Link to post
Share on other sites

The page for Filehippo here to doesn't look like your screenshot. 

 

If you have a HOSTS file that will block some of it I'd imagine.

Share this post


Link to post
Share on other sites

To answer the direct question asked above, in all likelihood the "culprit" is FileHippo. It's how they make revenue, by counting on a user not to notice the small but marked actual download and to click on the clearly marked adverts. to put it another way, they expect you not to notice the big button says it's for downloading something other than what you went to the page for, thus getting them paid.

 

Share this post


Link to post
Share on other sites

To answer the direct question asked above, in all likelihood the "culprit" is FileHippo. It's how they make revenue...

 

And they probably could care less about their users being tricked -- as long as they get paid for the click.

 

_____________________

 

Edit:

Topic pinned since this is a known reoccurring issue it will give us a basis/template so when the next victim posts about it we can point to this topic.

 

Edit 2:

Topic title name slightly changed/updated:

Now: [FileHippo.com] Am I the only one noticing this Spyware/Malware/Bloatware trick?
Before: Am I the only one noticing this Spyware/Malware/Bloatware trick?
Edited by Andavari

Share this post


Link to post
Share on other sites

I must ask, will show my ignorance, but there may be someone else who doesn't know this. 

How is it that none of those links led me to anything like that dodgy site in link 4 (now "inerted" by Augeas)?

I downloaded the CCleaner installer at the end of each link, and from Filehippo, and all the exes were OK?  (Twice)

I clicked on everything in sight :P but the only way I could get to that dodgy site is to click on the 4th link in post #1. 

 

I don't have any HOSTS customizations.

 

I am aware that that URL contained some text about Filehippo, but does that mean it was a redirect from Filehippo?

 

Share this post


Link to post
Share on other sites

ANSWER: (apologies for shouting below, but in this case it's appropriate so as not to get lost in the long winding posts in this thread

 

 

ON A NON-HOST-RESTRICTED MACHINE AND BROWSER THE EXTRA LINKS DO APPEAR.

 

My first load of the page, I did not get the same misleading advertisements that the original poster did I was able to confirm the makeup of the adverts, which I had noticed in the OP screenshot (thank you that provided much help).

 

 

All of the adverts shown in the screenshot and my browser have two symbols in the top left corner a sideways triangle (like a play button) and an x. The former doesn't seem to have a function, while the latter brings up a limited report button (see my screenshot)

 

In the original post's screenshot one can see what the ads are for, if one is paying attention (as I stated in my previous post). The large top left is for "browsersafe" whilst the smaller trickier one below the proper download button is for a site that WoT barely trusts. the index(homepage) of this site automatically transfers you to a download button similar looking to the OP's screenshot for a sketchy flash player bundled with a delta-based-porentially-unsafe-toolbar (see my second screenshot)

 

I reloaded the page and got at least one misleading looking ones (my 1st screenshot).

 

Yes this all points to the filehippo advertising platform. 1 and 2 in my screenshot are ads 3 is the real download. While I can understand filehippo's need for revenue, these advertisements lull a normal user into a false sense that ccleaner (and other hosted software) in malicious. Most people don't notice the aspects I noticed in the original post that shows they are ads and most who do notice such things block ads and semi-malicious injection type banners via HOSTS or their security softwares.

 

We should not fault those who don't use these precautions though, and sadly some posters in this thread (perhaps even myself initially, though I tried to mitigate that in post) seem to have done that to the original poster; for our entire community I apologize for that, and hang my head in shame that some of us "nerds" can be so judgemental and shortsighted.

 

Screen 1

ytejezev.jpg

 

Screen 2

3e9ytaqy.jpg

Share this post


Link to post
Share on other sites

I informed other mods about these links just after this thread first started and provided screenshots of the web addresses involved. I even went to the same site the Original Poster went to and tried to download the that file (my security software blocked it)

 

I had no doubt GuitarSmokr was telling the truth as to what had happened to him. The wrappers and software involved are in a grey area of legality. Software writers of PuPs (Potentially unwanted programs) can sue antivirus programs if they are blocked automatically unless the user has ticked a box in the settings of the av saying they want them removed.

 

Their argument is that some people actually want the software they provide. Problem is they often bring 'friends' along with them.

 

I am sure Piriform is aware of this thread.

Share this post


Link to post
Share on other sites

All of the adverts shown in the screenshot and my browser have two symbols in the top left corner a sideways triangle (like a play button) and an x. The former doesn't seem to have a function, while the latter brings up a limited report button (see my screenshot)

In my browser hovering over the "x" tells me nothing,

but when I click the advert is replaced with a message "It's gone" with a button to "UNDO",

and below that the report options "Inappropriate", "Repetitive", and "Irrelevant".

If I click "Irrelevant" then it offers me the opportunity to update my "ads settings",

which possibly might influence what ads are shown me in the future, and will be taken as explicit consent for anything I fail to negate.

 

In my browser hovering over the triangle button tells me it is "Adchoices", and when I click a new TAB opens with a lot of information including

We may show you ads based on many factors, including:

  • Types of websites you visit, and mobile apps you have on your device
  • The DoubleClick cookie on your browser and the settings in your Ads Settings
  • Websites and apps you’ve visited that belong to businesses that advertise with Google
  • Previous interactions with Google’s ads or advertising services
  • Your Google or YouTube profile

 

@Login

Perhaps you need to get a doubleclick cookie or visit sites that advertise with Google, or visit YouTube,

and when you get on Google's Radar you may get to see the adverts that others see :rolleyes:

Share this post


Link to post
Share on other sites

I did think post #1 contained a malware link. 

And until Augeas "inerted" it it sort of did.

No apologies here, although it looks like GuitarSmokr had good intentions. 

Also no hard feelings here, hope its the same on GuitarSmokr's end.  :)

 

All that customization would have been a good way to hide another link.

 

Edit:  Just tried it again with Firefox Portable . . . No HOSTS.  No HIPS. No Adblock.  Only an AV and a firewall.

 

Same thing happened.  Links 1 thru 3 OK all the way thru to the download. 

Share this post


Link to post
Share on other sites

Only an AV and a firewall.

 

Depends upon the AV and firewall, some can silently block stuff without ever bothering you.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...