Register | Login
BootSkins XP
Cursor FX
Dream
Icon Packager
LogonStudio XP
LogonStudio
Object Dock
Sound Schemes
Suites
WallPapers
WindowBlinds
All

Search
Forum Home | Login
arno1971
arno1971
Join Date 06/2007
+4

Trojan?

December 29, 2020 11:28:11 AM from WinCustomize ForumsWinCustomize Forums

Hi all,

A while ago (appr. 4 months) when updating CursorFX via Object Desktop Manager, my Malwarebytes (Premium) sais it detected a trojan via the port it got the update from, i.e. cdn.stardock.us (and I believe it was using port: 60).

I asked Sean from cust. support, and he said it is a false-positive.

So I manually added the domain address and port in Malwarebytes as save (and removed it again just to be sure after the update of Cursor FX).

However, since doing this, I suddenly get tenths of spam emails daily, most about Bitcoins, which I didn't get before. A lot of the mails have the .us extension in the sender address. Also, my harddrive (ssd) runs out of free space every appr. 24 hours, while normally I have appr. 65+ Gb free space on that drive. So now, I have to clean my drive every 24 hours, which is very annoying, but the spam mails are more annoying. 

> Do others have simillar experiences?

P.s. my several installed antivirus/ antimalware/- spyware etc. software packages don't detect any infections. However, running HitmanPro.Alert detects it detects tenths of trojans in all kind of executablle files, like f.e. explorer.exe, spotify.exe and all kind of other executables of programs I frequently use (when I chose to remove al detected infections I got a pc which was completely unusable, so I used a TrueImage backup to reset things, however, this was a backup image which already has the supposed trojan.

Best,

Arnoud

Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
basj
Join Date 03/2001
+509 sdemployee
Reply #1 December 29, 2020 9:29:27 PM
from Stardock ForumsStardock Forums

> Do others have simillar experiences?

I have installed CursorFX and I don't have this. I am pretty sure more people would have report in with similar issue if it is not a false positive. And, I am sure you have something else on your system causing all those, but, I am sure it is not from CursorFX.

Thank you,

Basj,
Stardock Community Assistant

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
arno1971
Join Date 06/2007
+4
Reply #2 December 30, 2020 7:25:57 AM
from WinCustomize ForumsWinCustomize Forums

I understand what you are saying Basj, but it really all started with the report of a trojan by Malwarebytes when updating CursorFX via Object Desktop Manager like I wrote, a couple of months ago to (I believe) version 4.04. I never got a similar report before when updating software via Object Desktop Manager, so it is really strange. 

Do you know, is the domain cdn.stardock.us the legit Stardock server?

Thanks,

Arnoud

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
basj
Join Date 03/2001
+509 sdemployee
Reply #3 December 30, 2020 7:47:39 AM
from Stardock ForumsStardock Forums

From what I know, it is legit Stardock server. However, I have forward your problem/question to Stardock Support Team for their assistance. Please keep an eye on this thread for any updates. We appreciate your feedback and patience.

Basj,
Stardock Community Assistant

Reason for Karma (Optional)
Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

arno1971
arno1971
Join Date 06/2007
+4
Reply #4 December 30, 2020 9:15:00 AM
from WinCustomize ForumsWinCustomize Forums

Ah nice, thank you Basj, and, I will do that.

Best,

Arnoud

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
RedneckDude
Join Date 04/2009
+1809
Reply #5 December 30, 2020 9:56:17 AM
from WinCustomize ForumsWinCustomize Forums

Any server could be hacked, but I too use the program with no issues. This is an odd one.

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
arno1971
Join Date 06/2007
+4
Reply #6 December 31, 2020 10:48:38 AM
from WinCustomize ForumsWinCustomize Forums

Quoting RedneckDude,
reply 5

Any server could be hacked, but I too use the program with no issues. This is an odd one.

Thanks. The program still works on my pc too, but it is odd indeed.

I am still hoping someone has had as similar experience..

Arnoud

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
sdRohan
Join Date 10/2012
+236 sdsupport
Reply #7 December 31, 2020 4:58:36 PM
from Stardock ForumsStardock Forums

Hello,

Sorry to hear you are having trouble.

When and app is 'new', AV \ Malware apps will often flag them just because it does not know what it is. Like your experience with HitmanPro.Alert, some are more aggressive than others.

I would be surprised if you still needed to whitelist CFX.  Any app downloaded from our site is virus \ trojan free.

Sean Drohan
Stardock Support Manager

+1
Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
Dcrew57
Join Date 09/2007
+70
Reply #8 December 31, 2020 10:22:56 PM
from WinCustomize ForumsWinCustomize Forums

I also use CursorFX and Malwarebytes (free) and have never gotten and messages at all. I update via app versus Object Desktop Manager.

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
benmanns
Join Date 12/2005
+93
Reply #9 January 1, 2021 1:51:35 PM
from WinCustomize ForumsWinCustomize Forums

Mhh i use Malwarebytes myself and can only recommend it besides Sophos...
In my consideration any AV is pretty much useless since the only thing that will actually protect you is updates and more updates ultimately but malwarebytes is one of the very few that actually does a pretty good job detecting malicious activity, it does not extract the files and executes them on #root or C:  with admin priveledges (as many others do), it actually does this in a sandbox and then determines if a file shows (bad behaviour).

CLEANING UP:

BEFORE YOU START:
You should not trust me out of the blue, please make sure that you read about the tools that i listed beforehand make yourself familiar with them before you download them.
Before you enter your email adress somewhere where you are not sure what consequences this might have for you!


I wont provide a link for FRST
since it had adverstisment in it and therefore got flaged by defender a couple of months ago:
You should read about it and then make the call for yourself:
If you make the decision to download it you should do so via bleepingcomputer

But you could just proceed to MBAM0:

What you should do is create an FRST log using Farbar Recovery Scan Tool

Check the log for applications that seem unfamiliar - if you find some your system might be infected.
Use google to get further info of the line thats shows an unknown application in the log 

MBAM0:
Get a to a second computer 
You should download a fresh new setup from the Homepage
https://malwarebytes.com
https://de.malwarebytes.com/
...
MBAM  you can also download a fresh installer from here.

On the target device:

Unplug your WAN/WIFI from the Computer that shows the mentioned strange behaviour.
Uninstall the current Malwarebytes version.
Reboot your system.

Now start the system in safemode
Install the new downloaded version of MBAM...
Make a scan and delete the crap that is found or set it to quarantine for the meantime.
Restart your computer and boot up.
Reconnect to your WAN/WIFI and check for additional updates of MBAM.
If updates are available, download those and make another scan afterwards.

Now download and run MB AdwCleaner
https://malwarebytes.com/adwcleaner/
https://de.malwarebytes.com/adwcleaner/
Clean if it finds something.

To make sure that MBAM + MBAC cleaned up correctly -
RogueKiller 
https://www.adlice.com/roguekiller/
If there are no more positives found you should be good.

Note: Check your host file!
https://blog.malwarebytes.com/cybercrime/2016/09/hosts-file-hijacks/

and also check if your email has been compromised.
https://haveibeenpwned.com/
In that case change your password make sure to generate a strong one.

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
arno1971
Join Date 06/2007
+4
Reply #10 January 2, 2021 5:06:22 AM
from WinCustomize ForumsWinCustomize Forums

Quoting sdRohan,
reply 7

Hello,

Sorry to hear you are having trouble.

When and app is 'new', AV \ Malware apps will often flag them just because it does not know what it is. Like your experience with HitmanPro.Alert, some are more aggressive than others.

I would be surprised if you still needed to whitelist CFX.  Any app downloaded from our site is virus \ trojan free.

Sean Drohan
Stardock Support Manager

 

Hi Sean, I understand what you are saying, and thanks for your answer, but I use CursorFX for a long time (many years) so it isn't new for my pc and/or AV software, that's what is the strange thing, I didn't install new AV software recently, all have been on my pc for years. And never before did I get such a Trojan warning, when updating software via Object Desktop Manager. 

Best,

Arnoud

Reason for Karma (Optional)
Successfully updated karma reason!
arno1971
arno1971
Join Date 06/2007
+4
Reply #11 January 2, 2021 5:15:02 AM
from WinCustomize ForumsWinCustomize Forums

Quoting benmanns,
reply 9

Mhh i use Malwarebytes myself and can only recommend it besides Sophos...
In my consideration any AV is pretty much useless since the only thing that will actually protect you is updates and more updates ultimately but malwarebytes is one of the very few that actually does a pretty good job detecting malicious activity, it does not extract the files and executes them on #root or C:  with admin priveledges (as many others do), it actually does this in a sandbox and then determines if a file shows (bad behaviour).

CLEANING UP:

BEFORE YOU START:
You should not trust me out of the blue, please make sure that you read about the tools that i listed beforehand make yourself familiar with them before you download them.
Before you enter your email adress somewhere where you are not sure what consequences this might have for you!


I wont provide a link for FRST
since it had adverstisment in it and therefore got flaged by defender a couple of months ago:
You should read about it and then make the call for yourself:
If you make the decision to download it you should do so via bleepingcomputer

But you could just proceed to MBAM0:

What you should do is create an FRST log using Farbar Recovery Scan Tool


Check the log for applications that seem unfamiliar - if you find some your system might be infected.
Use google to get further info of the line thats shows an unknown application in the log 

MBAM0:
Get a to a second computer 
You should download a fresh new setup from the Homepage
https://malwarebytes.com
https://de.malwarebytes.com/
...
MBAM  you can also download a fresh installer from here.

On the target device:

Unplug your WAN/WIFI from the Computer that shows the mentioned strange behaviour.
Uninstall the current Malwarebytes version.
Reboot your system.

Now start the system in safemode
Install the new downloaded version of MBAM...
Make a scan and delete the crap that is found or set it to quarantine for the meantime.
Restart your computer and boot up.
Reconnect to your WAN/WIFI and check for additional updates of MBAM.
If updates are available, download those and make another scan afterwards.

Now download and run MB AdwCleaner
https://malwarebytes.com/adwcleaner/
https://de.malwarebytes.com/adwcleaner/
Clean if it finds something.

To make sure that MBAM + MBAC cleaned up correctly -
RogueKiller 
https://www.adlice.com/roguekiller/
If there are no more positives found you should be good.

Note: Check your host file!
https://blog.malwarebytes.com/cybercrime/2016/09/hosts-file-hijacks/

and also check if your email has been compromised.
https://haveibeenpwned.com/
In that case change your password make sure to generate a strong one.

 

Thanks for your comprehensive answer.

I have already made a log some time ago with the Farbar Tool, it didn't seem to show strange things.

And about Malwarebytes, I already use Malwarebytes Premium (for a long time), it was this software that warned me for 'the trojan' when updating CursorFX... (for the first time ever, I use Object Desktop (and OD manager) for a long time, and never got a red flag before when using it to update OD components like now with CursorFX)

I am still contemplating your other instructions, but thanks anyway!

Best,

Arnoud

Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v1.0.0.0   #108499   web02  Server Load Time: 00:00:00.0000141  Page Render Time:


Top Skin Authors

Yesterday  |   Last 30 Days  |   All Time
View More

Latest News

View Homepage

Return to the WinCustomize homepage.
CursorFX

CursorFX is a utility which allows you to have much more flexibility in the cursors you use to interact with Windows. CursorFX users can create and use cursors that look and feel far superior to anything you've ever seen before! Best of all, it's really easy to create your own super-charged cursors!

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Stardock Curtains

Customize Windows with additional styles beyond light and dark mode

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
DeskScapes

Stardock DeskScapes extends Windows 10 with the ability to run spectacular animated wallpapers (Dreams) on your desktop. Choose your Dream from our extensive library to personalize your pc.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
IconPackager

IconPackager is a program that allows users to change nearly all of their Windows icons at once by applying "packages" of icons. A package of icons contains icons to replace most of the common icons on your Windows PC.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase

Icons

Icons for applications and folders.

Rainmeter

Rainmeter allows you to display customizable skins on your desktop, from hardware usage meters to fully functional audio visualizers. You are only limited by your imagination and creativity.

Rainmeter is open source software distributed free of charge under the terms of the GNU GPL v2 license.

Website | Download
Screenshots

Show off your favorite desktop configuration by uploading a screenshot of your desktop!

SoundPackager

SoundPackager brings customization of your auditory experience to Object Desktop! Users can now choose from "sound packages" to enhance their Windows desktop experience. Over 30 different system sounds are supported; unique new Stardock Design sound packages are included with the package.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Start8 Themes

Microsoft Windows® 8 is shipped without the "Start" menu. Stardock heard the cries from Windows 8 users. We put the "Start" menu back in Windows 8. We accurately recreated the most used desktop feature billions of users depend on every day and packed it with additional functionality.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Wallpapers

The finest collection of desktop backgrounds on the Internet!

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
WindowBlinds

WindowBlinds changes the look and feel of your Windows desktop by applying visual styles to your entire Windows environment. When a visual style is applied, they change nearly every elements of the Windows GUI such as title bars, push buttons, the Start bar, menu and more.

Publisher: Stardock Corporation
Developer: Stardock Corporation
Genre: Object Desktop
Website | Download | Purchase
Winstep Software Technologies

Winstep Extreme is a powerful suite of applications that merge incredible usability and performance with breathtaking eye candy. Add your own Menus, Docks, Tabbed Docks, Taskbar and Widgets with this Windows User Interface Replacement!

Website | Download

View Gallery List

View a list of all of the different galleries available in WinCustomize, which you can then browse individually.

Explore All

Explore all available galleries on WinCustomize.

Customize This Menu

This option is only available for subscribers of WinCustomize. If you are a subscriber it will allow you to select which categories you would like to see in this menu from a list of all galleries available on the site. This information will be stored on your account for all your future visits.

Subscribe
Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2021 Stardock. All Rights Reserved.