Virus and crapware in CNET downloads
by jcunn1ngham - 2/4/13 7:12 AM
Yesterday I downloaded "BatteryCare" from CNET. As it happened, there was a scheduled MSE scan running at the same time. After ticking as few boxes as possible I installed the program but when I subsequently tried to run it nothing happened. On checking the MSE scan I found two viruses had been quarantined with a date and time coincident with the download and installation. I immediately removed the viruses--too hastily for now I don't know what they were--and uninstalled the recently downloaded "BatteryCare."
On restarting IE Explorer, to download virus checkers, I found that it had been hijacked by the "Blekko" search engine which could not be removed or replaced.
I downloaded virus checkers on another computer, restarted the infected computer in safe mode and ran a full MS SafetyScan from a usb key. It found nothing--I would have been happier if it found something.
While the machine was still in safe mode I went about removing the Blekko malware by searching the registry for "Blekko" and exporting and deletiing any entries I found. There was one entry I did not delete because it had a lot of sub-keys and I am not yet sure it can be safely deleted. It was a full day's work and I am not entirely confident the machine is clean. I will have to make further checks.
Either the program or the CNET download site is contaminated and I will not, in the future, be able to download software from CNET with any confidence.