Malware warning Log Out | Topics | Search
Moderators | Register | Edit Profile

Goodsol Forum » General Discussion » Malware warning « Previous Next »

  Thread Last Poster Posts Pages Last Post
  ClosedClosed: New threads not accepted on this page        

Author Message
Glen McDiarmid (Glenmcd)
Intermediate Solitaire Player
Username: Glenmcd

Post Number: 32
Registered: 5-2010
Posted on Friday, August 27, 2010 - 12:51 am:   

I recently downloaded "Freecell Collection 7" from http://www.solitairenow.c o m
I've added spaces above so peeps don't accidently click on it without reading the rest of this.

The file is a trojan / virus. Here's the proof:

1. The first thing the program did when I installed, was bring up a window stating "System files need to be updated, when done, system will restart and then you will be able to complete the install".
2. After the install, Webroot antivirus picked up a "generic" virus and I quarantined it. But the problems continued. I schedule two virus/trojan/spyware scans daily.
3. Pressing control-alt-delete no longer functioned. This is one way to run "task manager", which can be used to identify viruses currently loaded and running
4. Although I could click on "Task Manager" by right clicking on the task bar, nothing happened when I did
5. System Restore from within Windows no longer opened
6. The website above has no links for contact, no email addresses or phone numbers or physical addresses including country
7. A "tracert" on the address does not identify any web host at all, only a list of IP addresses.
8. I had serious startup problems on my first attempt to restart after installing the actual game. I was forced to use "Repair Windows" in order to get Windows to run again. Even after doing this, my system could no longer complete Windows start unless I again went through the same procedure.
9. In Windows 7 Ultimate 64 bit, "System Restore" is now available after booting on the original disc, which of course cannot get a virus on it. System restore to anything later than installing the above game didn't fix the problem, but restoring to moments before the install did competely fix all problems including being able to run Task Manager etc.
10. After "updating system files", restarting and then attempting to install the game itself, it said that my system wasn't compatible and therefore wouldn't install the game itself. Doing so would of course mean that someone had to do the work to write more than just the trojan/virus

I have never before bothered anyone with virus warnings before as to me in most cases it's spam. But as there is a concentration of Solitaire players here and that I've got very solid evidence that this seemingly attractive (free) "game" would eventually be tried by a good percentage of peeps here, I decided it was good enough to do a post.
Mike Butler (Butler77)
Master Solitaire Player
Username: Butler77

Post Number: 1872
Registered: 4-2006
Posted on Friday, August 27, 2010 - 11:33 am:   

Thanks Glen. To some of the readers of this information. The download site Glen shows is in NO way related to PGS or any product Thomas offers.
Now the question is. Glen. Gregg and Thomas. What does one do when you find a site like this?
Kathy Quade (Kathyquade)
Master Solitaire Player
Username: Kathyquade

Post Number: 1356
Registered: 2-2006
Posted on Friday, August 27, 2010 - 2:00 pm:   

Glen, is that new to Windows 7 where the Task Manager will show if a virus is running on your computer? My XP doesn't have that feature.
Thomas Warfield (Support)
Moderator
Username: Support

Post Number: 1371
Registered: 12-2002
Posted on Friday, August 27, 2010 - 4:13 pm:   

There isn't much you can do. There are sites such as siteadvisor.com that scan for this sort of thing, but they are notoriously unreliable, often reporting false positives and missing actual problems. The best protection is a virus checker and a good firewall that warns you when anything tries to do internet access. Of course, these kinds of problems are much rarer on Macs as well.
Mike Butler (Butler77)
Master Solitaire Player
Username: Butler77

Post Number: 1873
Registered: 4-2006
Posted on Friday, August 27, 2010 - 6:29 pm:   

I was wondering more if there was some place to report malware. Kathy. I will take a guess and say that the Task Manager will not list an evil program running as "virus". It will just show a program running that is not suppose to be running. And using up memory.
Glen McDiarmid (Glenmcd)
Intermediate Solitaire Player
Username: Glenmcd

Post Number: 33
Registered: 5-2010
Posted on Friday, August 27, 2010 - 10:29 pm:   

Good point Mike, I should have mentioned in my original post that this was nothing to do with PGS or other goodsol products. Stuff that happens like this is a good reason to stick with sites that you already know, such as goodsol.new which has been around for fifteen years or so.

Viruses continue to be successful to some degree simply because at the time they were created, they were not detected by the current versions of "defensive" software, which includes the thousands of Windows patches, anti-virus, anti-trojan, spy sweeper, firewall (to a point) etc. I was caught again in this case because the malware was so new. In google even now, I can't find a single page that mentions both "FreeCell Collection 7" and "virus warning". Yet do the same for "goodsol" or "Pretty Good Solitaire" and "virus warning" and you'll find seven or ten pages respectively - all false positives of course. The point being that if the virus is so new, you're pretty much on your own unless you are very highly skilled at recognising malware. I'm obviously not!

Webroot anti-virus (my main defensive software) has a thing called "WARN" which automatically sends suspect files back to HQ for examination and this can lead to new anti-virus definitions. In the old version this used to be a manual process so it's likely that this system will lead to faster "arrest" of new viruses.
Kathy Quade (Kathyquade)
Master Solitaire Player
Username: Kathyquade

Post Number: 1357
Registered: 2-2006
Posted on Friday, August 27, 2010 - 11:39 pm:   

Glen, I got hit by a virus once, luckily it didn't damage my computer. Ever since then, every day I run Spybot and use it's update feature. Today when I did it, Spybot found 2 trojan viruses that weren't there yesterday. It's a pain because it takes a while to run the program, but I'd rather be safe than sorry. My regular virus checker by the way didn't catch it.
Markus Reischl (Markus)
Master Solitaire Player
Username: Markus

Post Number: 1598
Registered: 7-2009
Posted on Saturday, August 28, 2010 - 1:51 am:   

Kathy, a normal older Virus-program normally don't find spy-programs as trojans.
That's why you should always look for one (or two programs) which detect viruses and also spyware. My last info for this is that you need mostly 2 programs: one for the viruses and one for the spyware. But i am not up to date. The most popular software which includes both is in Germany AVIRA. But there are a lot of other programs.
Kathy Quade (Kathyquade)
Master Solitaire Player
Username: Kathyquade

Post Number: 1358
Registered: 2-2006
Posted on Saturday, August 28, 2010 - 4:07 am:   

Spybot checks for both viruses and spyware. I also use AVG anti-virus which Richard recommended which is supposed to check for both, but this is the one which didn't pick up the two trojans. The Spybot picked up not only the two viruses but also a lot of spyware. Both are the newest versions. BTW, if you or any other of the players get an email from "Free Fun" don't open it. It froze my computer, but I was finally able to remove it after I rebooted. The AVG I have is supposed to pick up suspicious email, but it didn't pick this one up.

Topics | Last Day | Last Week | Tree View | Search | Help/Instructions | Program Credits Administration