Alert

DO NOT download amsn-it contains spyware.

A month ago I found amsn messenger on this site in C.Net downloads. amsn is a clone of Microsoft's Windows Live Messenger,but made by an entirely different company. That is the makers of amsn messenger are not connected in any way with Microsoft or Windows Live Messenger.

Discussion is locked

Follow
Reply to: DO NOT download amsn-it contains spyware.
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: DO NOT download amsn-it contains spyware.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
If you only tested it with one program

If you only tested it with one program, how do you know it wasn't a false-positive? It's also not exactly above Microsoft to trigger false warnings about competing programs, but it sounds more like a simple false-positive given that Windows Defender is the laughing stock of the anti-malware community.

- Collapse -
Re-Open Candy-Microsoft spyware warning-

Well,Windows Defender is not intrusive like anti-virus programs are. In that Windows Defender does not give false positives and block programs and take over your computer like many anti-virus programs will. And this was the first time Windows Defender found some thing. I would not have known about the malware if Windows Defender had not told me. So if Windows Defender says there is some thing wrong,then there is.

- Collapse -
Likely a "False Positve".

I've just uploaded this download.com file to http://virusscan.jotti.org/ and had the site scan it. No viruses found and their results page here;
http://virusscan.jotti.org/en-gb/scanresult/1d3af91d8181e8880e1dafe643b141f753ea44f4/b0602aad95e84ac2f6f93db74973953d010803f3

I also updated the file to http://www.virscan.org/, (I might add, a torturous process as the upload was at dial-up speeds for some reason, Happy ), and only one of their scanners found any infection. Page results here;
http://virscan.org/report/6f3b38d9bfcc4df814dd493e94612279.html

However, it does suggest what you found in that it was Microsoft who identified OpenCandy.

Against that, I scanned the downloaded file on my own system with ZoneAlarm Security Suite and with Malwarebye's Anti-malware, and neither found any virus or other malware.

My own impression is that the single positive result in all of these is a "False positive". it happens sometimes.

Mark

- Collapse -
Re-amsn open candy spyware-

Well,Mark,Microsoft have deemed Open Candy to be spyware and have put their definition in all of their spyware and anti-virus products. And if you do have Windows 7 or Windows Vista,you will have Windows Defender on your computer as it is part of Windows. And Windows Defender will give you a warning as soon as you download amsn that it is unsafe download. Unless you have turned off Windows Defender which I do not advise you to do. Or you may have Microsoft Security Essentials (the free Microsoft anti-virus program)in which case Windows Defender is turned off. But Microsoft Security Essentials will also detect and remove open candy because Microsoft have marked it as spyware. And put it into their products as a spyware definition or threat so,that Windows Defender,MRT,or MSE will remove it.

- Collapse -
Sure it does

Sure it does. EVERY virus/malware scanner out there has given a false-positive at some point or another. I'm not sure any come close to Norton's record, but it's happened to every single one of them out there. And Windows Defender has trouble catching a cold, let alone anything else, so you are very ill advised entrusting it solely for your system's protection.It ONLY looks for malware, it doesn't do virus, trojan, or worm scanning, those are all completely different classes of threat. So no matter how intrusive you think AV programs are, it doesn't really matter, that's the price you pay for using Windows. That's not any kind of moral or subjective judgment, it's merely a statement of fact.

And so far you've only tested Microsoft products, that seem to share a definitions file, which hopefully you can see the problem with there from a logical standpoint. Someone else has scanned this file with other programs, which are a bit more effective, and found nothing amiss.

aMSN is an open source program, so it's not really made by a company per se. It's made by a group of people who work on it in their spare time for fun. While it's not out of the question one of them could have loaded some malware in, odds are the other developers would have spotted it, then done a little community policing by stripping it out, reviewing every update that particular developer has made for anything else (or just backing out all the changes they made), then blocking their access to add new code to the program.

If you think this is what happened, one of the developers slipped some malware into the Windows version, then you should contact the aMSN developers about it. CNet is just a distributor in this case, they have no control over the contents of the file. They also claim to do virus and malware checking on everything they distribute. I can't personally vouch for that, but I see no particular reason to doubt it. Odds are when you reported an issue -- and you did more than just post a comment saying it had malware right? -- someone scanned the file, found no issues, and so wrote you off as a crackpot who needs to update their virus scanner. They probably should have responded saying more or less as such, but odds are that person is doing about 3 other people's jobs, and doesn't have time to respond to every nutcase that writes in. Just running a scan on the file probably took them away from more important duties. And while you may think nutcase is a little harsh, you did only test this with one program, and that one program happens to be the poorest performing (by a pretty considerable margin) malware remover out there. Out of all the people who may have downloaded that particular program, you don't think ANY of them had an AV program installed? Maybe also some malware removers. And you're the FIRST one to notice a problem? Seems a bit far fetched don't you think?

- Collapse -
Re-amsn-open candy spyware.

Hello Jimmy,did you scan that software with Windows Defender or Microsoft Security Essentials when you tested it? I think you should do. There is also Malicious Software Removal Tool-MRT for short-also from Microsoft which gets installed during Windows Update. MRT will remove any viruses that it finds,including worms,trojens etc.

- Collapse -
No, I didn't

No, I didn't, because I'm using a Mac right now. My PC was relegated to HTPC duty. So, it's a little difficult for me to run Windows only programs on it.

But from the sound of things below, I was bang on calling it a false-positive. It also seems like you're having some difficulties in grasping exactly what the program is and isn't. I'll leave it to others who have considerably more patience for this kind of thing than I do.

- Collapse -
I scanned it.

But I think you are having a hard time discussing what OpenCandy is and what a false positive is.

I fear that you will not be using the few hundred or more titles that use this installer so why not make your choice here and before you warn others, dig in and learn what this is all about.

I asked in one of these discussions for details about the "malware" the member reported but they fell silent on that.
Bob

- Collapse -
Depends on how you define free

In today's environment the word free no longer means free. lol What you experiencing is how software developers make money by tying their software to another if you want to use it for free. While you might have to pay a dollar sum for the use of the software your asked to install another program. I will give you 2 examples that come to mind.

1. Foxit Reader They require you to install the Ask toolbar if you wish to install the reader for free. You can easily uninstall it after you get the Foxit installed. You get Foxit Reader for FREE. lol

2. Defraggler They ask you if you want to install Chrome. Your not required to install to get defraggler install, but I am sure they get paid by Google for just having that question in the install process, and get even more when the person selects to install it.

Both programs claim to be FREE, one cost you by installing a toolbar you do not want the other gives you a choice. I will let the readers decide which one is free and which is not. When they do not let me choose, I choose not to use the software.

- Collapse -
Are you reading what is and what Open Candy is doing?

It's borderline and given all the apps that are using that installer you may have to choose.

I'm ready to discuss it but will note that it is what it is. It's also in Cnet's own product called TechTracker.
Bob

- Collapse -
FAQ about Open Candy

Here is the link to Open Candy FAQ

http://www.opencandy.com/faqs/#what-is-opencandy

What caught my eye was what happens when I run an installer that's OpenCandy-powered?

While most of this is just another way to push FREE software usage, I always have a problem with a program communicating with their servers after seeing if the top recommended program is installed and are the necessary files needed to install this available program.

- Collapse -
MAKE UP YOUR MIND (on OpenCandy)
- Collapse -
I did

I know how to use my host file to block unwanted communications from by puter. I even have a listing in it named servers I do not like. lol I also have a good firewall that would alert me because the whitelist and blacklist is set manually, I do not allow anything to be auto allowed.

I was just throwing out that information for others and did not mean to offend you.

- Collapse -
I only know I must NOT install Open Candy-

I do not know what Open Candy does exactly only what I read on the Microsoft website. And I only know that I must not install it. But from what Microsoft says it seems, it sends web traffic back to Open Candy servers and installs toolbars without your consent. And a lot of software I have downloaded some times does that to me. Meaning I end up having to uninstall the toolbars that I never wanted in the first place.

- Collapse -
OpenCandy is an installer, not "installed."

The difference is subtle but important.

As to TechTracker, it does NOT have OpenCandy in it but uses this to install the app.

There are now hundreds of apps using this installer.

Where did you read that OpenCandy is "installed?"
Bob

- Collapse -
Re-Open Candy-

R.Proffitt wrote- Quote-

- Collapse -
And now we are having a chat about the details.

There have been a few members that don't want to discuss this and some will just have to avoid any and all products that use this installer.

Again, OpenCandy is not installed. It's the installer for many apps today.

http://www.wecode.biz/2011/02/false-antivirus-alarm.html for example.

False alarm but how this differs from other installers today is going to be an interesting statement. I noted a couple that are actually worse.
Bob

- Collapse -
Re-avoid toolbars and other settings-

But even when you do select custom install,a lot of software will still go ahead and install the unwanted toolbars anyway. As well as changing my home page. So I end up having to uninstall the toolbar and some times the unwanted extensions,that last time was put in my Google chrome browser anyway. Idon't know why many software's do this. Andrea Borman.

- Collapse -
This discussion is about OpenCandy.

I had hopes of drilling down to what this is and more.

But if what it does offends you, why not tell it to the folk that decide to use such installers?

-> http://www.opencandy.com/2011/03/04/the-story-behind-the-opencandy-and-microsoft-adware-debacle/ tells more but this story is going to go on for some time.

And it is used to install a lot of Freeware as noted at http://www.freewarebb.com/topic/60470-the-use-of-opencandy-in-freeware/

If you wish to avoid this, go right ahead but it appears that even when we drill down to what it is, what it does, many will want to avoid this.
Bob

- Collapse -
To avoid toolbars and other things

When installing new software you should always check custom install. It will generally ask you what you want and where you want it. It never ceases to surprises me what things are install on peoples puters when they use standard install and not custom install.

- Collapse -
found trovi search engine virus

Microsoft Security Essentials did not detect it. But It changed my search engine to trovi and I found out trovi is a search engine virus. This is after I downloaded AMSN onto windows 7. It does contain viruses. Trovi is for advertising search engine virus and can lead you to other sites which can be malicious. It automatically installs and changes your search engine. You have to remove it. But it can reappear if not removed properly.

- Collapse -
Microsoft Security Essentials cannot kill it

Yes, My soft also can not kill spyware AMSN

CNET Forums

Forum Info