Download.com Site Feedback forum

Rant

Download.com installed persistent malware into Firefox

by Chevy-SS / August 20, 2013 11:56 PM PDT

Well, I recently spent about 10 hours getting rid of malware, which showed up as an extension (called toparcadehits) in Mozilla Firefox 23. It snuck in piggybacked onto a screen saver from CNET's Download.com.

The malware originally showed on scans (Malwarebytes) but after I deleted the indicated infected files, there was nothing detected. But still the extension was in my browser.

I even used a regedit search for every key that contained anything named 'toparcadehits' and removed a bunch of entries. But still the extension was in my browser.

I also totally removed Firefox using Revo Uninstaller, and again went through the entire system and registry, removing anything that was associated with Mozilla or Firefox. Scans by Malwarebytes, SuperAntiSpyware and Microsoft Security Essentials show my system as clean. And yet, when I reinstalled a fresh Firefox, there was the extension again - it had installed itself immediately.

I finally seemed to get rid of it after turning off System Restore and then booting into Safe Mode and going through the detection/removal processes all over again.

CNET - what happened to you folks? Why are you allowing this type of malware to be piggybacked onto your downloads? CNET was just about the only site I trusted for downloads, but not any more. I'm very disappointed.

Post a reply
Discussion is locked
You are posting a reply to: Download.com installed persistent malware into Firefox
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Download.com installed persistent malware into Firefox
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Thank you for letting us know about this.
by CNETSupport / August 21, 2013 4:30 AM PDT

We sincerely apologize for the inconvenience you experienced, and we have shared your feedback with the appropriate site managers for investigation.

So that we may gather some more information specific to your system and this incident, we have created a support ticket on your behalf. You will receive an email from us shortly, and can respond directly to that to provide the additional information we will be requesting.

It sounds most likely that you inadvertently installed TopArcadeHits through the CNET Download.com Installer, an ad-supported stub installer or "download manager" used for many software titles on our site, which does offer additional, optional third party applications during the installation process.

All offers included in the Installer are tested to make sure that they conform with our security policies prohibiting malware, and to ensure that they may be declined or opted-out of during the download. Per your comments here, we will be taking another look at this one in particular to be sure everything is working properly, and re-testing uninstalling it as well.

In future, you do have a couple of options to download without using the Installer - you can either click the Direct Download Link that is provided for all Installer Enabled items, or, if you have a CNET account, completely disable the Installer for the whole site.

Read more about those options here:

http://t.cnet.com/15t7hv0

For more detailed information on the CNET Download.com Installer, please visit the following resource:

http://t.cnet.com/SB3tiC

Regards,
Jen
Download.com Support

Collapse -
one additional note
by CNETSupport / August 21, 2013 4:43 AM PDT

Per the instructions for removing TopArcadeHits on this page...

http://download.cnet.com/2701-2023_4-2006-55.html

...the add-on for the program must be disabled in Firefox before it can actually be removed, which might have been the cause of the difficulty you had uninstalling it.

However, we have gone ahead and sent you that email requesting additional information so we may re-test this offer under the same conditions.

Thanks,
Jen
Download.com Support

Collapse -
Thank you for the reply, but........
by Chevy-SS / August 21, 2013 5:09 AM PDT
In reply to: one additional note

Hi Jen,

Thank you very much for the reply.

I have utilized and loved CNET for a lot of years now. I use your site for reviews and downloads. I'm on your emailing lists, etc, etc....... CNET was/is like a dear, trusted old friend. That's why I am so saddened to see CNET allowing this type of malware to be furtively installed. I am a fairly adept computer user, and I always look at any download/installation windows to make sure I clear any check boxes that might indicate my permission to install additional programs. But I do not recall seeing any such check boxes for this "toparcadehits" issue.

Additionally, the extension was REMARKABLY difficult to uninstall. In fact, I was ready to trash my whole system and do a complete reformat, as always get very suspicious when a program worms itself into my system (thankfully, a rare occurrence). I initially suspected that "toparcadehits" might be some sort of keylogger.

Bottom line, it appears that I have removed "toparcadehits", but I must admit that I still have some nagging doubts about the security of my computer now.

Thank you for the assurances that the folks at CNET are paying attention to concerns such as mine. CNET has always had a #1 reputation in my opinion. I'd hate to see that reputation ruined by a few over-aggressive advertisers.

Thanks, Dave F. in Rhode Island

Collapse -
Mid November 2013 and still happening
by Someone_stole_my_name / November 17, 2013 3:40 AM PST

I downloaded something today and it came with toparcadehits, cant even uninstall it through add/remove programs. Thanks CNET, I will never download anything from your site again, you will never have my trust. I have a lot of free time though and will be stalking you to ensure that you do not try to cover up your sins by deleting posts informing the public of your disgraceful actions.
Have a nice day!

Collapse -
Re: downlpoaded something
by Kees_B Forum moderator / November 17, 2013 3:51 AM PST

If you want that somebody does something about it, can you tell what that "something" you downloaded exactly is? You certainly don't give enough information to research your issue.

Kees

Collapse -
It doesn't matter what that "something" is
by wpgwpg / November 17, 2013 4:25 AM PST

They do it to everything you d/l, and they've been doing it for months now. Like some of the above posters, I used to trust it explicitly and recommend it to my students. Jen always replies with these politely worded responses, but nothing ever fixes the problem. Moreover, if you try to post with the name of the site, the post mysteriously disappears - this has happened to me 7 or 8 times, so I'm very careful to exclude the name on anything I post about it. Downright sleazy, no two ways about it.

Collapse -
So you say ...
by Kees_B Forum moderator / November 17, 2013 5:00 AM PST

it's the CNET downloader that does it? Not the downloaded application? That's what I read in the post above.

Did you know that - as a member - in your settings here you can choose to default to use a direct download and circumvent the dreaded CNET downloader that way?

I see toparcadehits mentioned a lot as malware. It wouldn't be nice if that came with the CNET downloader indeed.

A suggestion for Jen: put links to proven CNET certified removal instructions for all potentially unwanted programs, malware and whatever else comes with the CNET installer on a prominent place on the download.com homepage
How about that, Jen?

Kees

Collapse -
Kees, it's not just the downloader
by wpgwpg / November 17, 2013 5:18 AM PST
In reply to: So you say ...

Kees, talk to Bob. When it started, I was careful to make sure my profile was set correctly and that I didn't use the downloader. It still happens. I downloaded the Easeus Todo Backup Free without the downloader, and wham-o, I was besieged with the sweetpacks malware. I tried most of the things mentioned above by others to get rid of it, and finally ended up having to restore from a backup to get rid of it. I'd like to think CBS has more integrity than numerous people have reported, but this has been going on since late spring or early summer, and nothing has been done to correct it that I've seen. Check with Bob because I believe he's come to understand the problem.
I understand the delicacy of the situation when you guys are also employees of CBS, but understand that this is a real problem. You, Bob, Grif, and Carol do a such really great job in these forums, I really hate to see you losing so many followers like you have been lately due to this. I'm sure migration to the tablets is part of it, but I've seen dozens of posts from folks reporting the same problem with no fix. You've got to admit that when you post a note and mention the site, having it just disappear with no indication of why is highly suspicious to say the least.
I'm sorry to be among the bearers of this news. I hope you guys can combine your efforts and get this resolved. Good luck!

Collapse -
Not only that wpgwpg
by itsdigger / November 17, 2013 5:31 AM PST

sure, you can opt out of using the Download.com downloader but, you have to stay on top of that too because Download.com is so DESPICABLE that they go behind your back and change your choice and you end up using the "Despised" Download.com downloader and you end up with all of that unwanted junk....Digger Angry

Collapse -
Re: downloaer
by Kees_B Forum moderator / November 17, 2013 3:41 PM PST

Bob, Grif, Carol and I aren't paid employees of CBS. None of the mods are. Just volunteers. All we get from CBS: a Christmas present.

Kees

Collapse -
I tried the settings noted and
by R. Proffitt Forum moderator / November 17, 2013 3:56 PM PST
Collapse -
Hi wpgwpg
by Lee Koo (ADMIN) CNET staff/forum admin / November 19, 2013 8:33 AM PST

I need some clarification as to your statement here:

"Moreover, if you try to post with the name of the site, the post mysteriously disappears - this has happened to me 7 or 8 times, so I'm very careful to exclude the name on anything I post about it. "

Are these CNET forum posts that you are referring to that are being deleted? Unless the post is offensive or breaks one of forum policies, we do not delete the posts.

If you have any examples this will help me investigate the disappearances of your 7-8 posts as long as the post you are referring to are CNET forum posts.

I appreciate any specifics you can provide. Email me through my CNET profile if you'd like to take this offline.

Thanks!
-Lee

Collapse -
Update for wpgwpg...
by Lee Koo (ADMIN) CNET staff/forum admin / November 20, 2013 5:09 AM PST
In reply to: Hi wpgwpg

I'm pretty sure I found the culprit to why your a few of your post went missing or disappeared. I will email you offline to explain. And for the record, no one deleted them, not our mods, not our staff.

Look for an email from me.

Thanks,
-Lee

Collapse -
(NT) Thanks Lee, much appreciated.
by wpgwpg / November 20, 2013 5:54 AM PST
In reply to: Update for wpgwpg...
Collapse -
(NT) You got my email right?
by Lee Koo (ADMIN) CNET staff/forum admin / November 20, 2013 7:08 AM PST
Collapse -
Yes I did Lee. Thanks again.
by wpgwpg / November 20, 2013 12:19 PM PST

I don't suppose you could send an email when an email gets sucked into the bit bucket like that? I understand the problem, and why CNET has to do what it does with these things - thanks for the explanation.

Collapse -
it doesn't matter what it was
by Someone_stole_my_name / November 18, 2013 1:44 AM PST

I downloaded a file converter, but it doesn't matter. Toparcadehits was not part of what I downloaded, it was installed without my knowledge or permission by the downloader. I wouldn't have even known that it happened if I had not decided that what I downloaded was not what I was looking for and gone to uninstall it immediately. This is an issue that has been reported previously and has not been corrected, I will not use a service that installs anything that I did not opt into. I appriciate the responses, that is one of the things that made cnet and download so valuable in the past, but as I said I no longer trust the site for downloads. My hope is that this practice is stopped immediately.

Collapse -
We All Hate It But...
by itsdigger / November 18, 2013 1:53 AM PST

And I am not standing up for Download.com or their Sleezebag Tactics but, if people were to read the CNET Download.com Installer FAQ , it states ->>>
HOW DOES THE DOWNLOAD.COM INSTALLER IMPROVE THE DOWNLOAD EXPERIENCE?

By downloading with the Download.com Installer you are guaranteed that the file you install on your system came directly from Download.com. Only software that is tested spyware-free and hosted on Download.com's secure servers may be delivered via the Installer.

In addition, thanks to the clear steps provided by the Installer, the percentage of users who are able to complete the download process increases significantly when using the Installer for their downloads.

Finally, Download.com is supported primarily by advertising, and we occasionally include offers for additional downloads from advertisers as part of our Installer process. All of the offers in our Installer are carefully screened to ensure compliance with the Download.com Software Policies.

Collapse -
And Just for the heck of it
by itsdigger / November 19, 2013 7:59 AM PST
In reply to: We All Hate It But...

I check my preferences yesterday to see if the Download.com downloader was turned off and of course it was turned on again so I turned it off Again. Just now I checked my preferences and guess what? The Download.com downloader was turned on again. What a bunch of Snakes....Digger

Collapse -
Just checked...
by Dafydd Forum moderator / November 19, 2013 8:19 AM PST

... and the same here. Good job I never use it.

Dafydd.

Collapse -
Are you clearing cookies?
by CNETSupport / November 20, 2013 2:31 AM PST

Please note that in order to ensure that the preference sticks, you do need to have cookies and pop-ups enabled in your browser.

If your browser is set to automatically clear cookies at certain times, or if you regularly clear them manually, your setting may be getting lost that way.

If you do not want to allow your browser to save cookies, unfortunately, you will have to select the "off" option every time you login.

Or, you can simply use the Direct Download Links for any Installer Enabled items you wish to download (this way, you do not need to be logged in at all).

You can find the "Direct Download Link" in small blue text right underneath the green "Download Now" button on the product page for any and all Installer Enabled items.

If you are logged in, have the Installer turned off, *and* the preference is sticking, you will not see Direct Download Links - because in that case, you will not be served the Installer when you click the Download Now button for any product.

Regards,
Jen
Download.com Support

Collapse -
No I'm not clearing cookies
by itsdigger / November 20, 2013 5:57 AM PST

and my browser saves cookies, that way I don't have to keep going through the signing in process. This is just more of Download.com's treachery Jen but you know that....Digger

Collapse -
Yes, they know that
by AMC2002 / December 23, 2013 8:32 AM PST

Disgusting. Download.com used to be a good place to download freeware and shareware. No longer. Providing ways to "get around" having malware installed doesn't make it right that you add it in the first place. Absolutely dispicable.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.