ANSWER: (apologies for shouting below, but in this case it's appropriate so as not to get lost in the long winding posts in this thread

ON A NON-HOST-RESTRICTED MACHINE AND BROWSER THE EXTRA LINKS DO APPEAR.

My first load of the page, I did not get the same misleading advertisements that the original poster did I was able to confirm the makeup of the adverts, which I had noticed in the OP screenshot (thank you that provided much help).

All of the adverts shown in the screenshot and my browser have two symbols in the top left corner a sideways triangle (like a play button) and an x. The former doesn't seem to have a function, while the latter brings up a limited report button (see my screenshot)

In the original post's screenshot one can see what the ads are for, if one is paying attention (as I stated in my previous post). The large top left is for "browsersafe" whilst the smaller trickier one below the proper download button is for a site that WoT barely trusts. the index(homepage) of this site automatically transfers you to a download button similar looking to the OP's screenshot for a sketchy flash player bundled with a delta-based-porentially-unsafe-toolbar (see my second screenshot)

I reloaded the page and got at least one misleading looking ones (my 1st screenshot).

Yes this all points to the filehippo advertising platform. 1 and 2 in my screenshot are ads 3 is the real download. While I can understand filehippo's need for revenue, these advertisements lull a normal user into a false sense that ccleaner (and other hosted software) in malicious. Most people don't notice the aspects I noticed in the original post that shows they are ads and most who do notice such things block ads and semi-malicious injection type banners via HOSTS or their security softwares.

We should not fault those who don't use these precautions though, and sadly some posters in this thread (perhaps even myself initially, though I tried to mitigate that in post) seem to have done that to the original poster; for our entire community I apologize for that, and hang my head in shame that some of us "nerds" can be so judgemental and shortsighted.

Screen 1

Screen 2

I informed other mods about these links just after this thread first started and provided screenshots of the web addresses involved. I even went to the same site the Original Poster went to and tried to download the that file (my security software blocked it)

I had no doubt GuitarSmokr was telling the truth as to what had happened to him. The wrappers and software involved are in a grey area of legality. Software writers of PuPs (Potentially unwanted programs) can sue antivirus programs if they are blocked automatically unless the user has ticked a box in the settings of the av saying they want them removed.

Their argument is that some people actually want the software they provide. Problem is they often bring 'friends' along with them.

I am sure Piriform is aware of this thread.

All of the adverts shown in the screenshot and my browser have two symbols in the top left corner a sideways triangle (like a play button) and an x. The former doesn't seem to have a function, while the latter brings up a limited report button (see my screenshot)

In my browser hovering over the "x" tells me nothing,

but when I click the advert is replaced with a message "It's gone" with a button to "UNDO",

and below that the report options "Inappropriate", "Repetitive", and "Irrelevant".

If I click "Irrelevant" then it offers me the opportunity to update my "ads settings",

which possibly might influence what ads are shown me in the future, and will be taken as explicit consent for anything I fail to negate.

In my browser hovering over the triangle button tells me it is "Adchoices", and when I click a new TAB opens with a lot of information including

We may show you ads based on many factors, including:

• Types of websites you visit, and mobile apps you have on your device
• The DoubleClick cookie on your browser and the settings in your Ads Settings
• Websites and apps you’ve visited that belong to businesses that advertise with Google
• Previous interactions with Google’s ads or advertising services
• Your Google or YouTube profile

@Login

Perhaps you need to get a doubleclick cookie or visit sites that advertise with Google, or visit YouTube,

and when you get on Google's Radar you may get to see the adverts that others see

I did think post #1 contained a malware link.

And until Augeas "inerted" it it sort of did.

No apologies here, although it looks like GuitarSmokr had good intentions.

Also no hard feelings here, hope its the same on GuitarSmokr's end.

All that customization would have been a good way to hide another link.

Edit: Just tried it again with Firefox Portable . . . No HOSTS. No HIPS. No Adblock. Only an AV and a firewall.

Same thing happened. Links 1 thru 3 OK all the way thru to the download.

Only an AV and a firewall.

Depends upon the AV and firewall, some can silently block stuff without ever bothering you.

Their argument is that some people actually want the software they provide. Problem is they often bring 'friends' along with them.

Many bring along other malware, doesn't take long to get a system badly infected.

Hi, GuitarSmokr.

Thanks for pointing out this situation.

What I did here was try all the links in post #1, all work normally here.

I downloaded every one of the available files twice, they check out OK here.

The page for Filehippo here to doesn't look like your screenshot.

That last link, now inert, led me to some sort of download manager junkware.

That is why I posted as I did, didn't want some unwary person to get junkware by accident.

So I don't know what is different with your computer, but the 1st 3 links are OK here.

So the only conclusion I can draw is something is "wrong" with my PC/Browser/GUI/OperatingSys?????

You were possibly infected by downloading and installing what the advertisement had in it.

You can get your system checked by a malware removal expert:

Scroll down to the #10 item in the forum rules, and choose any one of the forums/sites listed there and they can help determine if your system is clean or if it needs disinfected.

+1 what Andavari said, it won't hurt, might help.

Nergal says in post 21: "ON A NON-HOST-RESTRICTED MACHINE AND BROWSER THE EXTRA LINKS DO APPEAR".

Nergal wouldn't be wrong about that, even though It does not happen on this machine, win xp, no special HOSTS file etc, etc as I stated before..

That may be because this machine starts fresh each time, that is, no leftovers such as cookies, index.dat, internet history, nothing like that.

So A malware checkup might be in order. Don't get too upset yet, it may be trivial or nothing at all. But the only thing a checkup will cost is time.

Oh wow, I was just getting another download off C|net and it clicked and I saw what was happening. It is a rectangular shaped

advertisement but the color pallet for the backdrop has been matched to the background of host site for the advertisement so the buttons on the banner look as if they are hard coded into the host website.

*FireWorks*

Don't download from CNET, they wrap some installers in an adware package. I know it will be impossible to download some software in saying that though since some publishers still use CNET exclusively.

i don't have any problem listing Filehippo as alternative download(for older version listing) but i prefer to remove cnet and maybe replace it with Majorgeeks

maybe its just me but i don't see any "Download" ads there

hope piriform can do this changes

CNet is horrible. MajorGeeks is more acceptable. Somewhat.

Softpedia is also good - but this can also change.

Softonics is VERY high in the Google etc. results when looking for any software,

but is MOST UNTRUSTWORTHY.

I recognised that that size of the package was wrong so chose to refrain from installing,

but some how they sneaked in a "manifest" which caused repeated "Side-by-Side" errors,

and the only solution was to restore a partition image backup that I created a few days earlier.

Softpedia is also good - but this can also change.

When Softonic was born it was okay. Now it's Adware Heaven.

I'm a complete newbie to this forum (or any forum for that matter), but after having an experience with filehippo while updating my ccleaner (which I've used forever) I felt compelled to post. I came across this forum and this particular thread after having been duped while completing an update. Turns out a misclick from my fingerpad (wish I had an old school mouse now) bit me after a little detective work on my part. It seems to "click" at times when I don't actually click anything. Anyway, I'm usually paranoid about downloading anything, but since I was sure I had clicked on the correct button to update ccleaner (the get the latest version button) I downloaded and ran the Setup.exe file that was referenced in the original post in this thread. ....and yes, I did feel especially stupid after reading that post lol. Reading the rest of the messages I figured out that you guys know what the heck you're talking about so I figured I'd look for some help/reassurance here. For one, I now have adblocker plus (why did I not know about that little gem before?).

What worries me is that (in my sleep deprived state) since I downloaded and then ok'd the setup.exe to "change my computer" (or whatever the typical windows user warning says) and do its' thing that I've done something terrible to my computer or security. Norton symantec said setup.exe was "safe" and subsequent scans have been clean. I also downloaded and scanned with lavasoft adaware AV and malwarebytes antimalware which both came back clean with no issues. I still had concern though not knowing if "accepting changes to my computer" during that download would make it impossible for those programs to catch anything. I know, that's probably stupid but again I'm a complete novice.

The button that was accidentally hit was immediately below the "real" one (with adblocker off of course) and is from "downloadnex.com". Thinking originally that I had hit the correct button and that this was just now how ccleaner had to be updated, I went through the steps for this "free download manager." Through more detective work I've now found that I think this "fusion install" is just bundleware?? It did ultimately get me to the ccsetup file that I was accustomed to and I didn't download any of the additional freeware that was offered by the program.

Thanks guys for any reassurance anyone may be able to give. I don't want to have to throw my computer against a wall as the original poster suggested. I've learned for darn sure to just go to piriform.com for future updates!!

Hi Joe, and welcome to the forum.

If you have any doubts as to whether you may still have something unwanted on your computer, the best advice is to visit one of the "Malware Removal" forums listed in post #10 of the forum rules.

All of these sites have properly trained malware removal staff, are extremely helpful and patient, and it's all for free of course ...

http://forum.piriform.com/index.php?showannouncement=15&f=13

You could also bookmark this site and call in now and again. You can probably learn a bit of stuff and we're always happy to help out with anything other than malware removal. Untrained folk can usually do more damage than good in that particular field.

Hope that helps.

If you and your friend had adblock software installed in all of your web browsers (Adblock Plus for Firefox based browsers, or Adblock for Chrome based browsers), along with a HOSTS file like MVPS HOSTS File this maybe would've never happened to begin with - that dubious/trickery advertisement would've been blocked.

Please can you tell me what this Hosts File is, or does? I have Adblock in Firefox but have never done anythig with a hosts file.

Is it OK to put it in my computer regardless what protection software (ESET), connection mothod Normal network or/and (SwissVPN), I have?

Sorry to be so dumb buit I've never even heard of a hosts file and I don't want to have the problems like the subject of this post.

Please can you tell me what this Hosts File is, or does? I have Adblock in Firefox but have never done anythig with a hosts file.

Is it OK to put it in my computer regardless what protection software (ESET), connection mothod Normal network or/and (SwissVPN), I have?

Sorry to be so dumb buit I've never even heard of a hosts file and I don't want to have the problems like the subject of this post.

Perfectly safe. All a host file does is re-address an ad's webpage from where the page is back to your own Computer.

Badically adblock for your whole computer, without using as much processing power.

So usually a webpage goes to

pulls an advertisement from company X; your computer asks the naming server of your network (DNS) where compay X lives (IP address). The DNS replies that company X is at yyy.yyy.yyy.yyy; after which your computer goes there and get the advertisment. With a HOSTS file your computer ignores that the Naming Server and tells the website that the address is 127.0.0.1. This address (called Localhost) is actually just your own computer. The webpage believe the answer and displays whatever exists on the web address of localhost; usually, this is blank so you get nothing and see no advertisement.

It should be noted that this is not set once and done. Advertisers go in and out of business, new ones are found etc; you need to update your host file (we have a thread on this board where members will note an update a post). IMHO it helps to have an editor program (such as hostXpert)