Sorry MG, but still!

Discussion in 'Malware Help (A Specialist Will Reply)' started by aeonsbeyond, Apr 15, 2006.

  1. aeonsbeyond

    aeonsbeyond Private E-2

    You closed the thread so fast i never had time to reply.

    Im sorry youre right, its not bundled in there, but it seems the program itself directed me to a site to DL wallpapers and startup screens which I guess I shouldve suspected more, but one or more of them had the mal.

    My bad, but the ware is still responsible. I still think you should pull it but its your choice.
     
    aeonsbeyond, Apr 15, 2006
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Hi,
    Sorry for the abrubtness, it was fishy for 2 in a row. Now, I am not sure, sounds like a website he links to was probably hijacked after a domain takeover, since its not updated in 4 years. I would appreciate your input, do you think a warning not to use extrnal links in the program is sufficent or removal?

    Thanks for your thoughts and patience.
     
    Major Attitude, Apr 15, 2006
    #2
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Sent you a report MA just now with not seeing your reply, the software is fine from Cronosoft, just tested it, however since the software was released or updated last, a link it has to ThemeXP for more themes could now be a not welcome one, as since 2005 ThemeXP have been adding to the majority of downloads of "themes, screensavers etc" some bundled adware.

    I would personally pull the software,

    EDIT: unless the makers can remove the link or a you add a very strong warning, but many will not read the warning I fear!
     
    Last edited: Apr 15, 2006
    DavidGP, Apr 15, 2006
    #3
  4. aeonsbeyond

    aeonsbeyond Private E-2

    Well for one thing....you've got it FEATURED at the top of the page its from...
    [http://www.majorgeeks.com/download.php?id=23]...I cant be the only user who has DL'd it, followed the links through to get More Whatevers and caught some mal...not directly your fault but stilll lame.

    We must remain vigilant. And I think I got most of it off just now fairly easily with the latest SpyBot S&D. ...must backup registry...

    (Meanwhile, Firefox just started screaming for its latest update so I have to go back all that up too now.)
     
    aeonsbeyond, Apr 15, 2006
    #4
  5. aeonsbeyond

    aeonsbeyond Private E-2

    Well its actually still there, so now the question is who wants to help me get rid of it?

    I used RegistrarLite to find the WhenUSave registry keys, can I just delete them? Or is that bad?
     
    aeonsbeyond, Apr 16, 2006
    #5
  6. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    I have emailed the author to inform him. Odds are he is unaware. If he updates it, the listing will remain, if I dont hear from him in a few days it will be removed.

    Your post probably got lost in the shuffle, start up a new thread with your symptoms.
     
    Major Attitude, Apr 16, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    WhenU can normally be found in the Add/Remove programs. Did you just try uninstalling it?

    Follow the steps in the below link to properly download the correct version of HijackThis, install it, and run it:

    Downloading, Installing, and Running HijackThis

    Then attach a HijackThis log. Also do the below so we can see what got installed:

    Let's get an installed programs list from HijackThis!
    • Run HijackThis, click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Click Save List (generates uninstall_list.txt)
    • Click Save, to save it to a file where you can find it.
    • Attach the uninstall_list.txt file to your next message.
     
    chaslang, Apr 16, 2006
    #7
  8. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Got a response from the author:

    Thanks for the info! We have no affiliation with www.themexp.org, but it was the first resources for xp wallpapers, themes and logon/boot screens. Since we don't have such files on our website we'll try to find another website (as clean as possible) to recommend.
     
    Major Attitude, Apr 16, 2006
    #8
  9. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    And again, the author has made the changes for everyone, he was unaware and apologizes, here is his email:

    "OK, i changed the links (which are on the CronoSoft server, no need to change the actual exe) to http://themes.belchfire.net/ which seems to have "clean" downloads. Please let me know if it's ok now."

    I am checking that out now.
     
    Major Attitude, May 2, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds