Spyware, Viruses, & Security forum


Malware Warning from a CNET download

by petabitten / November 18, 2011 4:42 AM PST

A few moments ago, I was downloading Easeus Disk Copy from http://download.cnet.com/Easeus-Todo-Backup-Free/3000-2242_4-10964460.html

ESET Smart Security 4 reported file "cnet2_EASEUS_Disk_Copy_exe.exe" to be a variant of Win32/InstallCore.D

My search on Google for "cnet2_EASEUS_Disk_Copy_exe.exe" and "cnet2_EASEUS_Disk_Copy_exe.exe Win32/InstallCore.D"
found zero results.

In addition, I tried to cancel the download, but it continued on into my machine, and I then received warning from ESET:


a variant of Win32/InstallCore.D petentially unwanted application

Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

Please submit this object to ESET for analysis."

I tried downloading again for more information, and this time, although I pressed the cancel button repeatedly, AND DID NOT PRESS THE SAVE BUTTON, the download would not cancel! Instead, the file barged onto my computer.

To top it off, when I tried to submit my warning in the review boxes for the software, the Submit button would not work.

I guess CNET is hacked.

Discussion is locked
You are posting a reply to: Malware Warning from a CNET download
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Malware Warning from a CNET download
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
That's a strange one.
by MarkFlax Forum moderator / November 18, 2011 4:56 AM PST

The CNET Installer has been introduced to make downloading from CNET's Download.com safer, but in the process the installer offers one 'optional' download and install, often just a toolbar.

It is this installer offer that some anti-virus scanners find and report, but the offer can be refused and then the installer downloads the actual software file you have selected.

What is strange though is this. Members should have the option to directly download the software installer file, bypassing CNET's installer. That option should be a link within the green Download Now button, or just below it. But I don't see that direct download link for this software.

Perhaps you can see it.

Also strange, when I click the Download Now button, I go straight to the tb_free.exe file which is the Easus ToDo Backup installer itself. i don't even get the CNET installer file. The tb_free_exe is virus free.

I will report this anyway.


Collapse -
I believe this publisher optout of having the....
by Lee Koo (ADMIN) CNET staff/forum admin / November 18, 2011 5:32 AM PST
In reply to: That's a strange one.

CNET installer as part of their software download. So when folks download this program it will not include the CNET installer.

Note to petabitten, the download probably finish downloading already and by the time you clicked cancel, the file was in your folder already. If you don't want the program, just delete it from your download folder or where ever you have your download files saved. The program isn't installed until you execute it.

I will report the title to the Download.com team to check on it if it is clean and let you know. Maybe a false positive, but will send it in to double check.

As for submitting a user review on the product, give it a try again. I'm using FF8 and I was able to submit a review with no issues.


Collapse -
UPDATE: The software title is clean
by Lee Koo (ADMIN) CNET staff/forum admin / November 21, 2011 1:36 AM PST

As title of post read, the software is clean--I had the Download.com check.

ESET I believe is flagging the CNET download installer and that is a false postive. CNET is working with ESET to remedy the false positive reporting.

Hope this helps.

Best regards,

Collapse -
I did not notice a different presentation
by petabitten / November 18, 2011 2:46 PM PST
In reply to: That's a strange one.

Hi Mark,

After clicking the green download now box, I was taken to the Thank You page. A message box opened asking if I wanted to save or cancel the download. This is the process I am familiar with when downloading from CNET. And, that is when I received the warning from ESET, saying Firefox had accessed a page containing a potentially unwanted application. I pressed cancel. To my knowledge at that point, no download had occurred.

With the Thank You page open, I read the Download Help FAQ, and to obtain the information needed to report this incident, I went back to the Software Description page and clicked again the green Download button. I did not see a link in the green button; nor do I recall seeing a link below it, although I was not looking for one, either. In addition, my experience was as you described--straight to the download. I don't know what the "CNET installer file" that you refer to, is.

I am glad that my A-V software is detecting these types of anomalies in time to prevent infection/disruption. I had just spent 19 hours re-installing my OS & Windows updates because when I uninstalled VMware, it corrupted my keyboard driver. I thought it would be easier to redo my system than to use the on-screen keyboard to hunt down, download and install a replacement driver. NOT! I'd forgotten about all the service packs & updates I'd have to wade through... On the upside, my new installation takes up less than 40 GB in drivespace, which is less than half it's former size. Lucky for me I was already storing my files on a separate partition!

Thanks for looking into this situation, Mark, and keeping me apprised. This is my first foray onto the forums at CNET, and I must say I am impressed with the quality of posts and your prompt and helpful response.

Thanks much,

PS: The Download Help FAQ instructs users to notify when situations like mine occur, but it doesn't really make clear whom or how to notify. I spent about 15 minutes looking for contact information before deciding to try posting about the incident in the forum; and, I was not sure this was the right procedure. It would be most helpful if there was a link at the end of the malware/virus section of the FAQ that would take the reader directly to the proper forum section--or to the reporting page, if there is one. Time is of the essence when one's computer is being threatened. Having to sign up, fetch the welcome email, and compose a reply takes a lot of time. Too bad there isn't a more expedient way to contact CNET when malware is suspected on the download site.

Collapse -
Try this link
by Edward ODaniel / November 19, 2011 4:46 AM PST
Collapse -
I made an error, looking at another site, now on CNET!! Help
by Briana2006 / November 18, 2011 5:04 AM PST

I apologize for this, I NEVER intended to infect or have anyone intrude on CNET as this has obviously happened. This was recommended by a friend, I went to that site and I need to know how to fix my error. PLEASE, help me. I will not do anything intentional to hurt CNET, not as good as you have been to me so far. I am truly sorry. See what I get for my trying to do the right thing? I only want to know how to stay safe. Briana2006

Collapse -
?? Say again?
by MarkFlax Forum moderator / November 18, 2011 5:09 AM PST

Are you "petabitten" the original poster?

I don't understand your post.


Collapse -
No, I did not post this message
by petabitten / November 18, 2011 2:15 PM PST
In reply to: ?? Say again?


I am petabitten, and I did not post the message from fransmith2005. Perhaps fransmith2005 would explain the previous message... I am interested in reading more.


Collapse -
I think I lost a post!
by MarkFlax Forum moderator / November 18, 2011 7:32 PM PST

I must have posted a link that the filters didn't like and it got lost.

Hi again. I didn't really think that poster was you. I notice they have posted in other threads as well. It annoys me when others hijack members' discussions and I apologise about that.

I think you were right to avoid this particular download as there seems to be something strange about this one.

If you still want to try out this software, (I see it was a trial only), you could go directly to their web site and download it from there. Their web site is shown here;

Good luck with your reinstall and I hope it performs well for you.


Collapse -
I got the same "variant of Win32/InstallCore.D" from Cnet
by johnnyskidmarks / November 28, 2011 1:57 AM PST
In reply to: I think I lost a post!

I downloaded the MOOS-2_5_exe package for Open Open Office Draw shapes.

ESET found the following:

"\Downloads\cnet_MOOS-2_5_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined"

The funny thing about the posts on this board is that the responses from Cnet are talking about the fact that there are other methods of downloading aside from the default Cnet downloader on their site. I'm sorry but am I missing something?

As users it is our responsibility to scan the programs we download to our PCs but we are not able to scan the downloader application (or at least not without some advance heuristics turned on). With this in mind, it is Cnet's absolute responsibility to make sure their downloader is free of malware.

Collapse -
What others are writing about is the "direct download."
by R. Proffitt Forum moderator / November 28, 2011 4:13 AM PST
Collapse -
Missing the point
by johnnyskidmarks / December 13, 2011 4:24 AM PST

That link you posted doesn't really address the issue. Just says more or less -here is what CNET does as a practice. Here is why we do it (money). and nothing about the intrusive activity their program causes their users.
I'm not going to start a crusade, just not going to download anything from here anymore.

Collapse -
This discussion is now outdated.
by R. Proffitt Forum moderator / December 13, 2011 8:42 AM PST
In reply to: Missing the point

Download.com has changed again from what we discussed here.

Start a new post as this one is now closed.

Collapse -
I would be happy to respond.
by Briana2006 / November 28, 2011 1:58 PM PST

I have ha many difficulties and would like to say something about them, and I hope they are not taken the wrong way like when I was disconnected during the middle of a post - then referrred to as a "hijacker" who leaves the site without responding". My computer has been infected for a very long time, and I did not know the exact problem because I was accustomed to CNET taking control, but it was getting out of hand and the person who had control of my computer would not identify themselves,, nor respond to any questions I asked.. This became a very fightening experience because one, I didn't know how they gained access, and it was very difficult to convince anyone around me that I was being manipulated, only to be ridiculed even further, but I needed help in the worst way.

I am afraid I cannot tell you what system I was running, because it became a ritual to change it two or three times a day, and I never knew who I was working with. I started out on Windows XP, then changed to Windows 7, It became urgent when all of my program were changing and I didn't get any response to a request for identification of the person who was in charge of my computer, and I knew I was in trouble then.

First let me say, I have been on CNET for over 5 years now, trust all of you implicitly, and I knew this was out of the realm of your behavior, I have since had the computer taken to a professional who had to completely start over with my operating system and installed Windows XP, which was not my request but the adamant insistance from my partner that I was "hearing voices" and seeing things that just were not there, so I gave in, crumbled like a crushed flower. I was so tired I could hardly function at this time, I had not been able to check my email for over a month because I could not regain control of my computer, and well..........you get the picture. I did not leave the discussion because it was my choice to do so, I had no choice at all, and frankly, was unsure of my next move, so I just sat back for a while to see what would happen. I had no problem the first night after the computer was returned from the shop, the second we were off to the races again. I am still unsure of what was CNET's help, and what was the intruder. Then my sister passed away, and I needed files to access for her and I received no mercy from the intruder.

I am not saying any of this so you will feel sorry for me or excuse me or anything,like that, only realize that I tried, and tried but when I finally replied to this blog, I went to a lot of trouble going into minute details so someone might be able to help me only to have it disappear on the last word of the post.

If you still think I am a direspectful "hijacker", I am sorry for this, but I know I have not been treated fairly, and I want to reiterate, I TRUST CNET, this has been the work of a rogue, who is still yet unknown.

I apologize for any questions or confusion, but perhaps this will help to bring some comments to a rest. Or perhaps you will find that I reallly do not belong here, which is the first comment I receIved while posting the first time, but I need to air the truth, as I know it to date, and ask that you please be patient until I can get this figured out, and am asking for assistance from professionals again. In the meantime, I have found it diffiicult to risk trying to post on this forum.with any certainty that it will appear as I typed it.

Take this however you wish, but I want to say one more time, I know this was not the work of CNET, but an outsider, and I sincerely apologize to anyone who was uncertain of my motives. They have always been to learn, to assist, and to be grateful and I would hope my record would speak for me.

Sincerely and with my very best regards to all posters,

Collapse -
CNET taking control
by MarkFlax Forum moderator / November 28, 2011 8:08 PM PST

CNET does not take control of computers.

If you are having problems you may want to Create Your Own Discussion and give full details.


Collapse -
Malware Warning from CNET
by Briana2006 / December 1, 2011 2:03 AM PST
In reply to: CNET taking control

In respone to your suggestion to "Create Your Own Discuion"

Dear Mark,

I will certainly do that, start a new iscussion, and this has been a very difficult time for me, and very frightening and I thought I needed to make a comment on my statement, and how i happened on this discussion in the first place.


It is self explanatory by reading the post, and I wanted everyone to know that I am well aware that "CNET does not take control of Computers" , which is why I turned to you for help in the first place. I have built a lot of trust for everyone at CNET and CBS. This is why I turned to your site and took the opportunity to chime in when I could, to at least communicate what was happening to me, with those I trusted -- and these opportunities to break away from this "intruder" was very difficult to do. With this in mind, I took the opportunity not afforded me at any other time and I tried to reach out -- and it worked -- until the time "they" broke in and cut my conversation with you. That is the reason I did not reply back when requested, even though I wanted to very badly, but the nature of this situation did not allow me that luxury.

I want to protect my reputation with CNET an CBS and hope you understand that I did what I had to do, "while I had the opportunity". which was rare.

I did not intend to disrupt this discussion in any way, and I hope you now understand the dilemma I was in at that time. I hope the rest of the bloggers will also understand and know that I meant no harm or discontent, nor did I have any intention to disrupt this converation, but It was just a rare opportunity to take advantage of a few moments of peace.

Thank you for all of your help and I will start a new thread about my experience, so if it should happen to anyone else they will know what to do or mainly, what NO to do.

Again, I hope everyone will accept my apologies and my reputation with this group is not irretreivabe, or permanent.

My Best Regards,


Popular Forums
Computer Help 51,912 discussions
Computer Newbies 10,498 discussions
Laptops 20,411 discussions
Security 30,882 discussions
TVs & Home Theaters 21,253 discussions
Windows 10 1,672 discussions
Phones 16,494 discussions
Windows 7 7,855 discussions
Networking & Wireless 15,504 discussions


Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.