Jump to content

[Solved] Kaspersky Pure 3.0 flags wintoolkit a malware


andrum99

Recommended Posts

Further malicious activity has been detected by Kaspersky once I installed WinToolKit and the Kaspersky Security Network now red flags the installer with a more serious warning. DO NOT INSTALL THIS PRODUCT. I am an IT professional with 20 years experience - I know a bad app when I see one. GIve this site and the product as wide a bearth as you can.

 

I expect someone will be along soon to either deny this is the case, or to simply delete this message. Please contact me via my blog (andrum99.blogspot.co.uk) if you have concerns about this notice and to confirm that this message is genuine.

 

You have been warned!

 

Andrew Pattison

FIfe, Scotland.

Link to comment
Share on other sites

Not denying anything there is adware in the installer, however did you notice there is a 7zip package no installer version???

 

Your insinuation that people should avoid this site is very troubling as you (Especially claming to be a "Expert") failed to fully investigate this matter.

 

Posted a reply on your blog.

Link to comment
Share on other sites

I called him out for not investigating the matter fully (The 7z file) and also for defaming WinCert by his posts here to avoid this site. I also said we never denied the adware in the installer.

 

As a "IT Professional" to act like this is quite well, ummm unprofessional.

 

Is was extremely polite and professional in my posts on his blog. He apparently didn't want his blog readers to see how full of crap he was.

Link to comment
Share on other sites

For your record I am over 40, started working on computers in the age of commodore 64 machines, have my own tech website and a freeware open source program that has been actively downloaded tens of thousands of times a month for 10 years (Not some dumb blog) I also get over 12,000 Google hits directly related to my name and works with windows, windows customization and programming.

Link to comment
Share on other sites

As I said on my blog, the fact that there is a non-crapware version of the installer does not necessarily mean that WinToolKit itself does not contain, or itself download malware. I have posted further evidence on my blog. It is telling that as well as your attempted character assassination you have not attempted to post any evidence to contradict my statements, except for stating that there is an adware free installer.

Regards

Andrew Pattison

andrum99@gmail.com

Edited by andrum99
Link to comment
Share on other sites

That is the issue you installed a version your av told you had questionable binaries in it. That is your own dumb fault. Had you used the portable version there is NO malicious software in it at all!!!

 

I am not contradicting your statements only proving you are a idiot (IT Professional huh?) for not listening to your av software.

 

Wintoolkit by itself is completely safe the adware is ONLY contained in the installer.

 

Also you are really a coward by not showing any of this conversation on your blog. Have the balls to show your readers our defense.

Link to comment
Share on other sites

I have contacted your web provider and sent a cease and desist order asking for the removal of your comments on this matter or you blog be shut down since you refuse to allow us to defend ourselves there.

 

Just to prove I am serious your provider is:

 

Sky Broadband

 

And they control the ip range of:

 

2.223.0.0 - 2.223.255.255

 

Plus this is their contact information:

BSkyB Broadband Hostmaster:Sky Network Services1 Brick LaneLondonE1 6PUUK+44 20 7032 7000+44 20 7900 7812

In conclusion = WinToolkit itself does not contain malware! You were a idiot for using the installer version when you were warned by your anti-virus.

Link to comment
Share on other sites

I don't know why I didn't do this before here is a virus total scan of the 7z portable version for more proof:

 

https://www.virustotal.com/en/url/24f811595107aafd391be0a593e10890a9af37190db92d90fdf03e52b80449c9/analysis/1409266024/

 

And this one is of the WinToolkit binary itself

 

https://www.virustotal.com/en/file/f46322069d819529543227131a757adf85f26734595677b2c2f97afa9d6c7360/analysis/

 

According to this virus total only 2 out of 55 av companies report the installer as containing malware AND Kaspersky is NOT one of them either.

 

https://www.virustotal.com/en/file/3d0e327da9047ee7d5def0db462653531ae845d41558ec63c874c8c84fbfca99/analysis/

Link to comment
Share on other sites

The virustotal analysis only proves that the file itself contains no malware. It is easy to create an app that downloads something dodgy without the binary actually containing anything dodgy itself. If you think that the behaviour of the app is benign then please explain its operation and the presence of write.exe in c:\WinToolkit_mount, with permissions designed to prevent its removal.

Link to comment
Share on other sites

You can send as many cease and desist requests as you like. Last time I looked, fair comment was a defence for defamation, I am not required to publish your comments. For example, something is fair comment if it is factually accurate, as is the case with my observations.

Link to comment
Share on other sites

Yet it is not accurate at all. I have already received a ticket number and assurance that it is being looked into and I did further ACTUAL investigation and checking on the installer.

 

(See trusted installer AGAIN) you cannot delete anything in that folder while it is mounted. Wim management 101 (IT Professional again?)

 

Windows by defaut while managing a mounted win protects most of it in the same way as the main system files.

 

Here is another scan and also a screenshot:

 

http://r.virscan.org/report/49b57c175cf3409a270c855d4063b21d

 

The only piece of adware that the installer contains is this and it as you can see is opt out.

 

post-30-0-18087200-1409266970_thumb.png

 

Now if you were to dumb to not skip it we have no control over what it does that is fully your fault NOT wintoolkits!

 

Claiming that is wintoolkits fault is damaging and inflammatory and that's what I reported you for.

Link to comment
Share on other sites

Further more write.exe (Yes the old one with the 3.1 icon!) IS a file inside the wim you mounted with the toolkit it was not downloaded and placed there by the toolkit! It comes in the wim file MS put on the disk!!!

 

Holy crap I thought you were a it pro?

 

Proof for your self look in the Windows folder of a wim (You can open it with 7z) and you'll see it there. And in the system32 folder and in other folders too.

 

LOL its the same damned file you have in your windows folder on your running system too. (I'll wait go look) Now once you find it try to delete that one...

Link to comment
Share on other sites

I have reverted my blog post to draft, as this is the quickest way to blank it just now, while I further investigate this. It seems I may have been mistaken. I did also use another product on my system just before running WinToolkit so perhaps it is to blame. The product I used was called Windows Updates Downloader, but again this is another apparently legitimate application. Apologies if I have gone off half cocked on this one - I did panic slightly. I will run the portable installer in a VM with wireshark running and see what it looks like.

Link to comment
Share on other sites

It was easier to contact them and they would take much quicker action that blogger.

 

WinToolkit, while being freeware does have a good name to protect and WinCert is technically a business that relies on the income from ads and donations.

 

You defamation of the two without the ability to post counterpoints could be damaging.

 

Especially since the readers you have (Albeit probably not that great a number) only got one side of the story and could not or likely would not check for themselves.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...