[FileHippo.com] Am I the only one noticing this Spyware/Malware/Bloatware trick?

GuitarSmokr · June 12, 2014

Okay, I wanted to contact Piriform directly to address this issue but they seem to not

want to be contacted unless it be their sales team you are contacting, which I am not going to call to get transferred to somebody who can help MAYBE, because I just don't give that much of a F!#@. However, I have decided to go out of my way tonight to create an account for this forum and waste time ~~valuable~~ I could spend wasting some other way like playing video games or crying in the fetal position because I want to see if I am right or just an idiot n00b, also I don't want to see people screw up their computers trying to get software to fix them.

Please somebody who is checking my work follow the following directions to see if

people are using the links on this [/size]"[/size]Official Ccleaner/Piriform Website" [/size]to get duped into installing a bunch of [/size]~~harmful crap~~ or malware.[/size]

Ok go to the Ccleaner homepage, which I BELIEVE, but am not %100 sure is here: https://www.piriform.com/ccleaner
Now click on the link that is green and has the word"Download" printed across it with an arrow pointing down. Which will take you here https://www.piriform.com/ccleaner/download
Now at this point you can either download the setup file on this page (which should work no problem) or you can choose to download the file through 1 of 3 hosting sites, we will be examining file hippo, please click the file hipp link which will take you here http://www.filehippo.com/download_ccleaner
Now when you arrive here this is where thing are weird, you can click the green link on the right side of the screen and it will download properly (there is a screenshot in .png format attached to this of this screen). However this is what happened when I was putting this software on a friends computer, if you click the green link on the LEFT side of the page it should take you here: http://rubbishsoftwarelink.com/freedownloadmanager?creative_id=b&subid=software&subid2=filehippo.com&source=google_browsersafeguard-display-us-soft32-728x90-25848088132&adprovider=google_softpioneer.com&gclid=CKzchrju874CFdNzMgoddUsAfg

WTF!!?!?!?!?!?

At this point it doesn't matter what you do, the file that you will download is no longer the ccsetup414.exe file it is now A A file called setup.exe Do not download and install this file unless you are an idiot, in which case go ahead, or better yet, take your laptop and throw it against the wall.

Now I was able to catch this but somebody else might not, my question is why would piriform link to a site that has malicious software masquerading about as their very own installer, as you install this the top left corner of the window says "ccleaner installer" as goes installing some stuff that is going to BANG YOUR HARD DRIVE UP.

Obviously they don't know and I can't find a way to get into contact with anybody that might give a care, so please people check and make sure all this info is correct and see if you can't help me send this s**t through the proper channels, thanks!

Edited June 12, 2014 by Augeas
Dodgy software link zapped

mta · June 12, 2014

Anytime you get software that doesn't come off the developers own site you are tempting fate and hoping the 'mirror' site hasn't done some repackaging of the software.

I followed your advice and on FileHippo I only see the right hand side green download box (the correct one as you state).

I see no left hand one, but then I do run NoAdblock and Ghostery which may have removed that 'temptation'.

FileHippo recently went through a redesign and I personally still go there when needed but it has slipped a few notches in the trust level, sort of like CNET. Beware!

Get your downloads from Piriform and you're fine.

It's a good thing you picked it up in time.

This should serve others as a good example of how a layered security approach can save the day, not just having an AV program.

And expect a Mod to remove your email otherwise you'll be an easy target for spam.

And Welcome to the forum.

Augeas · June 12, 2014

It looks like some malicious software has crept into your post, Smokr.

This has been raised before, particularly in late 2013, and has been passed onto Pirform admin, so they are aware of it. Filehippo used to be the trusted repository for software, especially for archived releases. Unfortunately Filehippo has become just like many of the other software repositories, riddled with sneaky - and presumably paying - dubious and deceptive downloads. This applies to all software on Filhippo, not just Piriform's. Perhaps your post should have been directed at Filehippo.

Why is Filhippo rubbish? I dunno, why is the world rubbish? I guess they have to eat, like the rest of us. Why do Piriform still use Filhippo? I dunno either, possibly because a lot of users still go there for their software.

Oh yes, I'll remove your email address. 'Solutions' should be in the open forum.

Andavari · June 12, 2014

To download CCleaner directly from Piriform (I suggest you bookmark that page):

https://www.piriform.com/ccleaner/builds

What FileHippo.com or other 3rd party sites do is out of the control of Piriform.com! It is already a known issue because other people have been posting about getting duped into downloading something off of FileHippo.com that they didn't want, i.e.; not the software they thought they were getting. Basically you clicked an advertisement and didn't realize it.

If you and your friend had adblock software installed in all of your web browsers (Adblock Plus for Firefox based browsers, or Adblock for Chrome based browsers), along with a HOSTS file like MVPS HOSTS File this maybe would've never happened to begin with - that dubious/trickery advertisement would've been blocked.

It's important to manually inspect downloaded setup files by right-clicking them and looking at the properties listed in the Version (tab) which will reveal: Company, Product Name, Product Version. Also it's vital to make sure the Digital Signature is valid if one is available in the setup file (all Piriform installers have a Digital Signature), if the Digital Signature is not valid do NOT install the software, and inquire on the software forum about it by posting a bug report.

Try to follow the same practice when it's possible of getting setup files directly from the developer website. Even if some download site is deemed by the developers as an "official mirror / official download host / official download site".

Edited June 12, 2014 by Andavari
typos

Hav0c · June 12, 2014

Is it just me or does it look like people use more color and bigger fonts in their post when they are mad ?? <_< .

_{(don't think it helps conveying anything)}

Okay back to topic.

This is the 4th or 5th post in the last couple of months people start to complain about this sort of "problems" / "tricks".

It also seems to me and perhaps others that people aren't reading any of the previous posts made regarding this sort of complains.

Moderators, is there a way to consolidate all the previous complains posts about this sort of "problems" / "tricks" into one and pin it ?

hazelnut · June 12, 2014

The problem with putting all posts into a thread doesn't mean anyone will read them before they download.

I mean do you go to a forum before you download software?

Lets wait and see how Piriform respond to this.

Hav0c · June 12, 2014

The problem with putting all posts into a thread doesn't mean anyone will read them before they download.

I mean do you go to a forum before you download software?

Lets wait and see how Piriform respond to this.

Depending on the sort of software I am about to download, yes. I also use 5 FireFox addons to stop fake links and more, MBAM, Spybot and my AV.

I can see your point Hazelnut.

login123 · June 12, 2014

Long story short, post #1 is wrong. If you just download from the Piriform site you'll be OK.

May I suggest that a moderator render that softpioneer link inert?

Edit: Post #1 might be no more than a convoluted and garish link to malware.

Right now I'm running win xp with no adblock, no special hips filtering, am allowing all the popups, etc.

Somewhere between step 2 and step 3 in the post #1 something is wrong.

Link number two does not send me to a site offering "1 of 3 hosting sites", it goes to the correct download site.

That site is

https://www.piriform.com/ccleaner/download

There I am offered links to download 3 versions of CCleaner: free, professional, and professional plus.

If I do go to the filehippo link in post #1, the downloaded "latest version" file is the correct one.

Starting from link #1, I can not get to that "softpioneer" site.

May be, as Augeas suggested above, the computer you were installing to has some sort of redirecting malware.

Or it may be that (as suggested in the edit above) post #1 is no more than a convoluted and garish link to malware .

Or it may be that i have not been awake long enough and have missed the whole point of this topic.

Alan_B · June 12, 2014

Dodgy software downloads are divine retribution from the Gods of Google for searching for such things.

In the image sent with the first post,

immediately below the correct green "Download Latest Version (4.53 MB) button is an advert box by free-download-now.com

and top right of that advert box are two tiny buttons.

The left button of that pair tells you about Adchoices, and the right button closes the advert

To the left of that advert box there is a very wide advert box with two more tiny buttons controlling Adchoices.

This morning I visited and the right hand advert was for a product in the same market as CCleaner,

and the left box was the gadget site TMart from which I have bought a few cheap flashdrives and things,

This evening Tmart is on the right and speedtrust.com is on the left.

Obviously Google know what I have bought and from where I bought it,

so they give me advert for more of the same in one of their boxes,

and the other box is Google's chance to divert the visitor from the reason for his visit to a different but related product.

Half of the spurious adverts are your fault for allowing Google to learn so much about you :rolleyes:

and the other half are what you need ad-blockers for

Andavari · June 12, 2014

Half of the spurious adverts are your fault for allowing Google to learn so much about you

and the other half are what you need ad-blockers for

Tailored ads, they basically have an ID of someone hence the reason I follow three rules and have for over 14 years: 1. Block them. 2. Block them. 3. Block them.

GuitarSmokr · June 13, 2014

Hey guys thanks for all you responses, I was typing this reply that was extreamely detailed (I spent over an hour typing it) then I accidently clicked on another members avatar and my browser jumped and when I press back all the stuff I had typed had not been saved to the cache but was gone forever :angry: OH WELL. Maybe it was for the better. To sum things up though I have 2 questions,

Can somebody please explain to me WHO the culprit behind this malicious pop - up add was in their belief? Was it in fact Filehippo as I had originally thought, or was it a 3rd party that ran the pop up that send me to DL the bad software, OR (This answer unlikely as I got the same link on 2 different computers) was it my web browser or worse, windows infected with some sort of process that runs these pop-ups so that I see them and people with ad-blockers do not? Please help me understand this in full if you can, thank you
And the 2nd thing I wanted to ask, is what pop-up blockers do you all run again? I saw NoAdblock and Ghostery. I know nothing about these programs, how safe they are, and whether or not they are free, what would you all recommend? I must not get fake trick add/links again! Last time I downloaded a pop-up blocker program it was powerful little pain in the @$$ virus, so can you also give me a safe source ti get whatever popup blocker you

Again thanks

eL_PuSHeR · June 13, 2014

AdBlockplus is a must have. It works under most web browsers (even Android now). Ghostery is also nice. Check the Security subforum for more information.

There are also some other options to extend protection. Some antispyware software, etc. It will work in tandem with your AV program.

Winapp2.ini · June 13, 2014

I accidently clicked on another members avatar and my browser jumped and when I press back all the stuff I had typed had not been saved to the cache but was gone forever OH WELL.

Moving from the page and coming back works for me in Fx33.0a1 using the quick reply box.

Also suggesting the use of AdBlock Plus

mta · June 13, 2014

I did a typo, no such thing as NoAdblock, it is as others have stated, AdBlock Plus.

I don't run any browser without at least AdBlock Plus and Ghostery add-ons.

NoScript is also good but a bit too intrusive - but that's what it's suppose to be....

@guitarsmokr, to get them, go to the section of your browser where it allows you to add add-ons and extenions.

In FireFox that is Tools, Add-ons, and in the search box, type in AdBlock and install Adblock Pus, repeat for whatever else you want.

login123 · June 13, 2014

Hi, GuitarSmokr.

Thanks for pointing out this situation.

What I did here was try all the links in post #1, all work normally here.

I downloaded every one of the available files twice, they check out OK here.

The page for Filehippo here to doesn't look like your screenshot.

That last link, now inert, led me to some sort of download manager junkware.

That is why I posted as I did, didn't want some unwary person to get junkware by accident.

So I don't know what is different with your computer, but the 1st 3 links are OK here.

Corona · June 13, 2014

and install Adblock Pus

Mmmm...one of my favorites.

:lol:

Andavari · June 13, 2014

The page for Filehippo here to doesn't look like your screenshot.

If you have a HOSTS file that will block some of it I'd imagine.

Nergal · June 13, 2014

To answer the direct question asked above, in all likelihood the "culprit" is FileHippo. It's how they make revenue, by counting on a user not to notice the small but marked actual download and to click on the clearly marked adverts. to put it another way, they expect you not to notice the big button says it's for downloading something other than what you went to the page for, thus getting them paid.

Andavari · June 14, 2014

To answer the direct question asked above, in all likelihood the "culprit" is FileHippo. It's how they make revenue...

And they probably could care less about their users being tricked -- as long as they get paid for the click.

_____________________

Edit:

Topic pinned since this is a known reoccurring issue it will give us a basis/template so when the next victim posts about it we can point to this topic.