AVG forum

General discussion

CNET download of AVG Free Version then got malware

by eckahn / July 9, 2010 2:45 AM PDT

We downloaded the free version of AVG from CNET. We left the computer downloading. The next time someone logged on, we had AV Security Suite running - this is a very nasty piece of malware that acts like a Trojan virus and has infected all kinds of things including the registry. I have been working on getting rid of it.

However, I do believe the malware came with this download. The .exe file was created the first time someone logged on right after the download.

I am not asking for Tech help, just reporting the problem. It is very troubling that we downloaded a well known piece of software from what we consider to be a safe site and ended up with malware taking over the computer.

Post a reply
Discussion is locked
You are posting a reply to: CNET download of AVG Free Version then got malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: CNET download of AVG Free Version then got malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Download link
by Dusan_AVG / July 10, 2010 10:03 PM PDT

Hello,

The infection described certainly does not come from file downloaded at CNET.
It is possible that you were redirected to another page when searching for AVG download.
If the computer is working now, could you please check browsing history from the day of infection for any suspicious links.

Should you need help removing the infection please provide us with GMER outputs:
http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=85119

Upload both outputs as described here:
http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=85865

Thank you

Collapse -
Download info
by eckahn / July 12, 2010 5:48 AM PDT
In reply to: Download link

Hi again,
I did not find that we visited any questionable sites. The following is the browsing info for the AVG download (stated the second time in a different format). Other than the Google search, is this the correct CNET download site?

Thanks very much.

avg_free_stb_all_9_114_cnet.exe redir Thank you for downloading AVG Anti-Virus Free Edition from Download.com AVG Anti-Virus Free Edition - Reviews and free AVG Anti-Virus Free Edition downloads at Download.com AVG Free - Download Free Antivirus | Recommended software download AVG Free - Download Free Antivirus Software free.avg.com AVG Free - Free Antivirus Download | Antivirus Software for Windows 7, Vista and XP homepage AVG - Google Search

avg_free_stb_all_9_114_cnet.exe http://software-files-l.cnet.com/s/software/11/11/95/11/avg_free_stb_all_9_114_cnet.exe?e=1277707758&h=32060ceac669e7502dee5c13ba775f07&lop=link&ptype=1901&ontid=2239&siteId=4&edId=3&spi=67e1ebcc0d0a75c0ae7d1bda641927eb&pid=11119511&psid=10320142&fileName=avg_free_stb_all_9_114_cnet.exe
redir http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2239_4-10320142&ontId=2239_4&spi=67e1ebcc0d0a75c0ae7d1bda641927eb&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11119511&mfgId=10044820&merId=10044820&pguid=fqir-goPjAIAADt2IRQAAAC@&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-2239_4-10320142.html%3Fspi%3D67e1ebcc0d0a75c0ae7d1bda641927eb%26part%3Ddl-10044820
Thank you for downloading AVG Anti-Virus Free Edition from Download.com
http://download.cnet.com/3001-2239_4-10320142.html?spi=67e1ebcc0d0a75c0ae7d1bda641927eb&part=dl-10044820
AVG Anti-Virus Free Edition - Reviews and free AVG Anti-Virus Free Edition downloads at Download.com
http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801
AVG Free - Download Free Antivirus | Recommended software download
http://free.avg.com/us-en/download-free-antivirus
AVG Free - Download Free Antivirus Software http://free.avg.com/us-en/download-avg-anti-virus-free
free.avg.com http://free.avg.com/
AVG Free - Free Antivirus Download | Antivirus Software for Windows 7, Vista and XP
http://free.avg.com/us-en/226284?cmpid=fs_hp_testa_226284
homepage http://free.avg.com/us-en/homepage
AVG - Google Search http://www.google.com/search?q=AVG&ie=utf-8&oe=utf-8&aq=t&rls=com.yahoo:en-US:official&client=firefox

Collapse -
Re: Download info
by Ondrej_AVG / July 12, 2010 4:06 PM PDT
In reply to: Download info

Hello eckahn,

provided information does not point to anything suspicious from my knowledge of CNET download process. I have downloaded the AVG file (AVG Anti-Virus 9 Free) from CNET website and it is digitally signed from April 2010, we have no other reports from AVG users about similar situations since its release (4/26/2010).

How often is mentioned user account (which met fake AV Security Suite) logged in? As is possible the infection was waiting/running only with this account (I have seen previously many infections running from user's temp folder, so it cannot be run by other accounts due access rights).

Thank you

Collapse -
AV Security Suite infection... continued posting
by eckahn / July 16, 2010 5:38 AM PDT
In reply to: Re: Download info

Hi,
The person who logged in and found this problem was the administrator. His computer usage varies, but I think he was logged in recently before this and I did not see anything odd about the web log since then. Once it was a problem, it was a problem for all users.

The reason I believe it came with this download is that this was the only unusual thing we did recently.

Is is possible for these things to attach themselves to any download without the sender knowing it? I know the receiver will not know it and I know that it will run the exec file and mess things up before you know it's there.

Thanks again,
eckahn

Collapse -
AV Security Suite infection
by Dusan_AVG / July 18, 2010 3:44 AM PDT

Hello,

If the computer was not already infected it is not possible to hijack download from Cnet or AVG.

There are many different ways how to get infected. Infection could be already on computer before installing AVG and was waiting for computer restart as already described. It is also possible to get infected just by browsing malicious fake websites while searching for actual antivirus program.

Thanks

Collapse -
Not AVG? Not cnet? Who?
by oldradiojock / July 14, 2011 9:32 AM PDT

I posted a reply to, "eckahn," who suffered the same fate that I did,, after d-loading AVG Free 2011 Edition. The poster that I am referring to, posted on July 9/2010.
I will not go into details here. My posting is the 7th(seventh) one,dated,July 14/2011, as a reply to the 1st (first) posting on this topic.Note that my problem is almost exactly one year after his was.
Can you shed some lght on this? Have you/AVG been tagged/infected with a time-based infection?
I have been a cnet follower for years & have not encountered a problem as severe as this is.
It would not be fair to slander the good names of cnet & AVG, for you are both usually stellar performers, so I expect that you already have found the solution to this malady. Please share any info that can help. Thanks.

Collapse -
Re: Not AVG? Not cnet? Who?
by Ondrej_AVG / July 14, 2011 6:04 PM PDT

Hello oldradiojock,

Collapse -
Same thing here almost EXACTLY ONE YEAR LATER
by oldradiojock / July 14, 2011 7:50 AM PDT

I d-loaded AVG Free 2011 Edition, July 10/2011 FROM cnet, via the MANUFACTURER'S FORUM. The 6(six) ROOTKITS I received at the same time either originated from cnet or from AVG. It did not come from thin air. Only 2(two) of the 6 rootkits could be removed.
Did I imagine this, as the Moderator would have us believe. This is apparently a time-regulated infection. Were you able to remove the infection or like me, is your system junk now?
ps. I would love to provide system info, history,time-line,etc,as the Moderator believes that we can extract. BUT, I cannot & will not use my computor on-line, because it is infected.

Collapse -
CNET AVG Download Virus
by eckahn / July 14, 2011 3:03 PM PDT

Hi oldradiojock, I'm sorry to hear this happened to you also. Our system is junk. We had to purchase a new computer. I tried several things to get rid of the infection as did someone else. We were able to save files but not the computer. So as is turns out, this was the most expensive download ever.

FYI - From then on I have been using ZoneAlarm Extreme Security. This is really the best company / software for the job. They were the first company to come up with firewall software and now provide security for most of the Fortune 100 companies. Well worth the money. --Good luck!

Collapse -
Re: Same thing here almost EXACTLY ONE YEAR LATER
by Ondrej_AVG / July 14, 2011 6:18 PM PDT

Hello oldradiojock,

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.