Search
On FM Scout you can chat about Football Manager in real time since 2011. Here are 10 reasons to join!

Warning: Genie Scout 14 installer filled with spamware!!

And a nasty backdoor trojan Virus too
Started on 26 December 2013 by La Grande Inter
Latest Reply on 25 July 2014 by giplet
  • POSTS22
  • VIEWS20062
Pages  
Teidicus's avatar Group Teidicus
11 yearsEdited
Sighs...


I got the G version today...installed and after using the Key file that came on the e-mail...i got a trojan and the assorted Spamware.

I installed the free version couple days (didnt worked because of the update) and i got the bundle which i skipped and had no problem. Though i did noticed my adBlock getting "bypassed"...G Key came today and hell broke loose: Couple hours after installing g, out of the blue some installer popped up and instead of "skip" it had obvious social engineering criptic question to trick.

Thankfully i am a bit experienced with this kind spam and i have the right tools to clean it up.

So i hope whoever is in charge checks what really is going on and then double check...before dismissing this as people's fault that can't read.

Added 13 minutes later:
Well..good old Spybot Search & Destroy never fails me and i got browser back to how it was...now is the painful task of checking everything for virus and spam a second time.
Teidicus:
I got the G version today...installed and after using the Key file that came on the e-mail...i got a trojan and the assorted Spamware.
There's no way you can get whatever you're saying you got from the "g" version because there's nothing bundled to its installer. Only the public version has bundled offers which you can choose to decline.

Teidicus:
Couple hours after installing g, out of the blue some installer popped up and instead of "skip" it had obvious social engineering criptic question to trick.
Couple hours after?! Is this some kind of a joke? And why exactly you put the blame on GS? I'm sorry to disappoint you but you must be getting this nasty stuff from something/somewhere else.
2014-03-04 01:32#163857 Stam :
Teidicus:
I got the G version today...installed and after using the Key file that came on the e-mail...i got a trojan and the assorted Spamware.
There's no way you can get whatever you're saying you got from the "g" version because there's nothing bundled to its installer. Only the public version has bundled offers which you can choose to decline.

Teidicus:
Couple hours after installing g, out of the blue some installer popped up and instead of "skip" it had obvious social engineering criptic question to trick.
Couple hours after?! Is this some kind of a joke? And why exactly you put the blame on GS? I'm sorry to disappoint you but you must be getting this nasty stuff from something/somewhere else.


Spybot Search & Destroy detected and cleaned the following:

- Somotos

- ConduitSearch

- Win32.Downloader something like that can't fully recall the full name.

- Yes an installer out of the blue pops up after installing and using g version. Eventhough i choose "NO" it installed something called Free_Aps_of_day and hijacks my browser. When that installer popped up i wasn't using my browser.

- Over the weekend i did installed the public version and i rejected the bundle offer but i did NOT got my browser hijacked...Could it have sneakly installed a downloader that only couple days later tried install malware and by the GREATEST COINCIDENCE of all time hijacked my browser AFTER i got the g??? Yes sure...but it sure had a great timing.

- Finally i am not some newbie that doesnt know about spyware and how to avoid them. So much that i managed to get the malware out without having to format and reinstall windows. So do not try to make it like it is "something i picked from somewhere else" dismissing the possibility of you guys being hijacked and someone trying to screw you guys up.

I am not the enemy here...stop treating me like one
I'll try to make sense of your post and explain what I can.

Teidicus:
Spybot Search & Destroy detected and cleaned the following:
- Somotos
- ConduitSearch
- Win32.Downloader something like that can't fully recall the full name.
Somoto is the name of the ad agency we work with for the bundled offers of the public edition. What Spybot found is most likely a temporary file which was used to alert them whether you installed the offer from the public GS version or not. This is supposed to auto-destroy after a while or when you clear your temporary files.

Conduit Search could be one of the offers you got during installation of public version. Like DotDotCurve explained in his screenshot:
http://i59.tinypic.com/n38cqh.png

Win32.Downloader is not part of the offers, so I don't really know where it's coming from for you.

Teidicus:
Yes an installer out of the blue pops up after installing and using g version. Eventhough i choose "NO" it installed something called Free_Aps_of_day and hijacks my browser. When that installer popped up i wasn't using my browser.
I can't find anything related to Free_Apps_of_day, not in the list of offers we know of nor in Google search. And since your browser wasn't affected after installing the public version, it means no browser-related stuff were installed from that.

Teidicus:
Over the weekend i did installed the public version and i rejected the bundle offer but i did NOT got my browser hijacked...Could it have sneakly installed a downloader that only couple days later tried install malware and by the GREATEST COINCIDENCE of all time hijacked my browser AFTER i got the g???
Not really, no. If you reject the offer, that should be the end of it. Do you remember what was the offer you rejected? I mean it surely must have been something different from the downloader thing you got a few days later. Like I said, there's nothing bundled to the "g" version; it's just GS - no offers, no ads.

Teidicus:
Finally i am not some newbie that doesnt know about spyware and how to avoid them. So do not try to make it like it is "something i picked from somewhere else" dismissing the possibility of you guys being hijacked and someone trying to screw you guys up.
I am not the enemy here...stop treating me like one
Newbie or not, it can happen to everyone. I consider myself a PC expert and I still got a nasty virus in a moment of stupidity when trying to run a supposedly portable program for image restoration. Sadly, I had to format and re-install Windows.
So trust me, I'm familiar with this kind frustration and we wouldn't want to be causing that to people here. I don't treat you as the enemy, I'm just defending your accusations towards GS.
Surely if it DID install an involuntary virus, everyone who installed would have it, not just certain people?
so,if this isnt malware, we should be able to uninstall it right?

If not you intentionally are distbributing malware.

i mean you mean to tell us that after installing your software we have to reformat our pc's? do you take us for idiots? no?

please explain detailed instructions on how to remove these programs.
2014-02-28 23:59#163475 Stam : It's your choice to install or not install 1 offer at the beginning of installation. You should hit the "DECLINE" or the "SKIP" button if you don't want it.
Here are screenshots for both cases:


We don't control the offers shown during installation, but the ad agency we work with (Somoto) to bundle GS14 installer promises and insists there won't be any harmful offers for those who accept to install them.

When we receive a complaint regarding a particular "annoying" offer, we demand its removal from the campaign (we had to do that in 3 occasions since December). So if there's a specific offer you got installed despite declining it, please provide more details on what happened and we'll act on it.

I've personally run the installation multiple times. Then scanned the file and the entire computer with AVG, Malwarebytes, Microsoft Security Essentials and Ad-aware and NO virus or malware/adware was found.

Check the analysis of the exe file (latest version) by a Google owned company:
VirusTotal report for GS14 - You'll notice it's actually clean.

I did not get the dialog boxes you have made screen shots of here when I installed the software.

You are reading "Warning: Genie Scout 14 installer filled with spamware!!".

FMS Chat

Stam
hey, just wanted to let you know that we have a fb style chat for our members. login or sign up to start chatting.