Running Win95 programs on Vista/Win7

Started 9 months ago | Questions
Joe186
Senior MemberPosts: 2,098
Like?
Something in thanks
In reply to Joe186, 9 months ago

Still playing with everything (that doesn't sound right, but anyway), here’s a nice little piece of freeware you guys may like:

RIOT

Portable Version (starts an auto download, just cancel, read page, then use the download button)

-- hide signature --
Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
uses OpenCandy (adware) installer
In reply to Joe186, 9 months ago

Joe186 wrote:

Still playing with everything (that doesn't sound right, but anyway), here’s a nice little piece of freeware you guys may like:

RIOT

Portable Version (starts an auto download, just cancel, read page, then use the download button)

"freeware", huh?

Try scanning it by uploading it to http://www.virustotal.com

Results here:

https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1396140246/

If you've installed it, I'd suggest running adwcleaner and malwarebytes free for starters.  Those two are pretty good for getting rid of some of the nasty adware you see included with programs.

Get adwcleaner here (use it's scan choice, then click the clean button to remove everything it finds)

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Then, run Malwarebytes Free. Make sure you update it first (use the Update Tab and you'll see a link to update it). Do a full scan with it, then click the "Show Results Button to see what it finds. Then, check the boxes by everything it identified and then use the button to Remove the checked items (rebooting if prompted to do so).

Get it here:

https://www.malwarebytes.org/free/

It might have given you a way to "opt opt" of any extras it wanted to install like browser toolbars with adware hooks into your browsers.

But, most of those adware installers require you to use their custom install option (versus the default or express choice), and uncheck the boxes for any extras like that. Some of them can be very confusing and misleading (as they want you to install that crap).

That's how they make money on "free" software (via partnerships with firms that develop custom installers that get paid by the software vendors to include their software, browser search toolbars with adware hooked into them, etc.)

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Joe186
Senior MemberPosts: 2,098
Like?
Re: uses OpenCandy (adware) installer
In reply to Jim Cockfield, 9 months ago

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

-- hide signature --
Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Portable version appears to be clean
In reply to Joe186, 9 months ago

Joe186 wrote:

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

Well, I wouldn't trust any of those to warn you about adware installers like OpenCandy (what the main version of that program is going to use by default to install crap you probably don't want running that can be difficult to detect and remove without using specialized tools like adwcleaner and malwarebytes).

But, the portable version appears to be clean. See scan of the .exe inside of the .zip file for it:

https://www.virustotal.com/en/file/208ff3df3a128326a838f582eb94b98734286ffef62a2c68d9a353e361be00d8/analysis/1396146469/

I only see one AV product that flagged the portable version, and that's likely to be a false positive

But, the installer for the non portable version is something I'd avoid, as it uses OpenCandy in it's installer (and the software that OpenCandy installs if you're not very careful to opt out can sometimes be difficult to get rid of, with the opt out process often confusing and misleading).

https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1396140246/

So, I'd be careful about recommending that type of software to others without warnings (or for that matter, I wouldn't suggest it at all, as I avoid products from developers that resort to including installers like OpenCandy in their so called "free" products, so that I don't end up with an adware infested PC).

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Joe186
Senior MemberPosts: 2,098
Like?
Re: uses OpenCandy (adware) installer
In reply to Joe186, 9 months ago

Joe186 wrote:

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

-- hide signature --

Rebooted, currently doing a full system scan with the same three AVs. I’ll post my results when done, but so far, nothing.

-- hide signature --
Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
P.S. Conduit and more...
In reply to Jim Cockfield, 9 months ago

Jim Cockfield wrote:

Joe186 wrote:

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

Well, I wouldn't trust any of those to warn you about adware installers like OpenCandy (what the main version of that program is going to use by default to install crap you probably don't want running that can be difficult to detect and remove without using specialized tools like adwcleaner and malwarebytes).

Again, those products are not going to be very good about detecting OpenCandy (I'd be very surprised if any of those three products would, as for the most part Windows Defender is horrible at detecting that kind of thing, as is a program like McAfee Stinger; and it doesn't look like ClamAV detects it either from what I can see of VirusTotal results of programs that use it.

Those products would probably be the least likely products I'd use to protect myself against adware installers.

But, the portable version appears to be clean. See scan of the .exe inside of the .zip file for it:

https://www.virustotal.com/en/file/208ff3df3a128326a838f582eb94b98734286ffef62a2c68d9a353e361be00d8/analysis/1396146469/

I only see one AV product that flagged the portable version, and that's likely to be a false positive

Again, the portable version is clean.

But, the installer for the non portable version is something I'd avoid, as it uses OpenCandy in it's installer (and the software that OpenCandy installs if you're not very careful to opt out can sometimes be difficult to get rid of, with the opt out process often confusing and misleading).

https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1396140246/

Again, the non portable version includes OpenCandy. They like to project an image of being a good citizen, etc., stressing that they don't leave anything installed on your PC. That may be right (OpenCandy itself is not left installed after running it's installer).

But, if you look at the type of crap that OpenCandy will install on your PC by default unless you're very careful to "opt out" (which can be confusing and misleading), you can end up with some nasty adware like Conduit. That's one of the products it's going to try and install by default. Note the Sophos analysis of the OpenCandy installer here, where it's grabbing the Conduit search toolbar:

http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OpenCandy/detailed-analysis.aspx

You'll find tons of threads about it in forums posted by users trying to get rid of Conduit, as it hooks into your browsers in a way making it tough to remove without using specialized tools like adwcleaner, which added Conduit to the adware it's capable of removing last August. See it's change log here:

http://general-changelog-team.fr/~xplode/Changelogs/CG_AdwCleaner_EN.txt

A page showing steps needed to remove it in other ways:

http://www.pcinfected.com/remove-conduit-search/

So, I'd be careful about recommending that type of software to others without warnings (or for that matter, I wouldn't suggest it at all, as I avoid products from developers that resort to including installers like OpenCandy in their so called "free" products, so that I don't end up with an adware infested PC).

So, I would not recommend the software you linked to, given that it includes the OpenCandy installer in the standard (versus portable) version.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
ABA DABA
Senior MemberPosts: 2,975
Like?
Re: P.S. Conduit and more...
In reply to Jim Cockfield, 9 months ago

Yes indeed I ended up with conduit and it was a bear to get rid of. But thanks to you Jim I did get rid of it. Now I'm having a fit trying to get rid of Windows32.downloader.gen which Spybot can't delete, keep getting error message fixit denied. But working on it. Still don't know how we got it.

-- hide signature --

ABA DABA

Reply   Reply with quote   Complain
Joe186
Senior MemberPosts: 2,098
Like?
Full system scan results
In reply to Jim Cockfield, 9 months ago

Jim Cockfield wrote:

Jim Cockfield wrote:

Joe186 wrote:

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

But, the portable version appears to be clean. See scan of the .exe inside of the .zip file for it:

https://www.virustotal.com/en/file/208ff3df3a128326a838f582eb94b98734286ffef62a2c68d9a353e361be00d8/analysis/1396146469/

I only see one AV product that flagged the portable version, and that's likely to be a false positive

Again, the portable version is clean.

Full system scan results:

Compressed with RIOT Portable, which was open during scans.

-- hide signature --
Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Re: P.S. Conduit and more...
In reply to ABA DABA, 9 months ago

ABA DABA wrote:

Yes indeed I ended up with conduit and it was a bear to get rid of. But thanks to you Jim I did get rid of it. Now I'm having a fit trying to get rid of Windows32.downloader.gen which Spybot can't delete, keep getting error message fixit denied. But working on it. Still don't know how we got it.

Spybot S&D, huh? It's not as good as it was some years back.

Have you ran both adwcleaner and malwarebytes free (checking the boxes by everything detected and clicking the buttons to clean/remove that that malware)?

See links and instructions in my earlier post to this thread here:

http://www.dpreview.com/forums/post/53404762

Here's a post in the malwarebytes forum that may also be helpful that includes running a junkware removal tool first, then running adwcleaner, followed by malwarebytes.   It was the solution that worked for a user with the same problem as you have (but, the user having the issue had some other software that could have been the cause that you may not have, that he removed as part of the fix).

https://forums.malwarebytes.org/index.php?showtopic=133680#entry732919

So, you may need to remove something else you've got installed (or kill some processes running) to get rid of some problems (and that's probably a generic label that Spybot S&D gives to a variety of different unwanted software), if running those products doesn't fix it (and usually adwcleaner and malwarebytes get rid of most potentially unwanted program type stuff, like the adware you can get with downloaded programs).  Make sure you update Malwarebytes to use the latest definitions when you start it.

In addition to running Malwarebytes from within your normal Windows environment (making sure to use the "Show Results" button when the scan is finished, and making sure to check the boxes by all items found and use it's remove/clean choice to get rid of it, rebooting when prompted), you may also want to try running Malwarebytes from Safe Mode.   Basically, you'd press the F8 key repeatedly (two or 3 times per second), when booting into Windows, and you will see a menu come up that allows you to start Windows in Safe Mode (I'd just use Safe Mode with Networking).

If using those products doesn't solve the problems, then we may want to boot into a few Linux based rescue tools (so that we're not booting into an already infected Operating System to perform the scans), which is pretty easy to do. See one post here about scanning that way:

http://www.dpreview.com/forums/post/53352362

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
ABA DABA
Senior MemberPosts: 2,975
Like?
Re: P.S. Conduit and more...
In reply to Jim Cockfield, 9 months ago

I normally run Avira, Malwarebytes and Spybot S&D every Friday night. Neither Avira or malware found it but Spybot did and listed it as  C:\malware. Sent you a PM with all the particulars. Any help would be appreciated.

-- hide signature --

ABA DABA

Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Re: Full system scan results
In reply to Joe186, 9 months ago

As I've already mentioned more than once, the portable version of that Riot software is clean.

That's not the case with the standard version you linked to first. This is the page you linked to before including a different link to the portable version of it:

http://luci.criosweb.ro/riot/

It's download button goes to a page that links to the executable I scanned with virustotal.com and posted results from (more than once):

https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1396140246/

The OpenCandy installer included in programs like that is going to install crap like Conduit by default unless you're very careful to opt out of the extras.

As already mentioned before, the tools you're using are not very good anyway. None of them are going to detect the adware installer included in that Riot download.

If you have a habit of installing software a lot, and rely on those kinds of tools (McAfee Stinger, ClamAV, Windows Defender) to protect you, then there is no telling how much crap you have installed and running on your computer; and it may not just be adware, but far more malicious infections.

As mentioned, I'd use adwcleaner and malwarebytes for starters to try and get rid of any adware/spyware programs you may have installed over time. See the links to them I already posted in this thread:

http://www.dpreview.com/forums/post/53404762

But, in your case (using products like those to protect you from malware), it would probably be a very good idea to scan your computer using some of the rescue disk type products, too (so that you're not booting into an already compromised operating system to perform the scans). See this post for details on an easy way to do that:

http://www.dpreview.com/forums/post/53352362

Perhaps you'll be lucky and you've avoided any serious infections. But, if you have a habit of downloading a lot of so called freeware from web sites, and you think the products you're using (ClamAV, McAfee Stinger, Windows Defender) are protecting you from infection, then you may find you have a lot of adware and/or malware running that you're unaware of.

The Portable version of Riot appears to be OK. But, even if it were not, the products you're using would not have flagged it as being a problem if it had included an adware installers like OpenCandy (as the standard download of that software does), as you can see from the virustotal scan results (and I tested McAfee Stinger against that download and it doesn't flag it either).

Those are just not very good products to scan with for detecting those types of installers.

As already suggested, scan it with adwcleaner and malwarebytes for starters, use the show results buttons, make sure to check the boxes by all threats they identify, and then click the buttons in those programs to removed those items (rebooting if prompted to do so).   Chances are, you have a lot of adware and unwanted programs running if you've been relying on those types of scanners you mentioned in the past, even though the portable version of Riot appears to be OK and you have a habit of downloading and installing free programs you find on web sites.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Re: P.S. Conduit and more...
In reply to ABA DABA, 9 months ago

ABA DABA wrote:

I normally run Avira, Malwarebytes and Spybot S&D every Friday night. Neither Avira or malware found it but Spybot did and listed it as C:\malware. Sent you a PM with all the particulars. Any help would be appreciated.

I don't see a PM, and it's 1:00AM here and I'm going to bed now. I'll look for a PM again tomorrow.

But, try the instructions in my last post for starters (for example, run adwcleaner, try running Malwarebytes using Safe Mode) There are reasons I suggested running adwcleaner, and there are reasons I suggested running Malwarebytes from Safe Mode)

It could also be a false positive from Spybot S&D. But, it's more likely that your scans are just missing the problem (for one thing, malwarebytes doesn't detect everything and adwcleaner is better for detecting and removing some potentially unwanted software/adware). As for running Malwarebytes from Safe mode, that's because malware can more easily hide from scanners after it's running; whereas booting into safe mode may not give the malware a chance to load yet (so some malware can be detected by scanning in Safe Mode, when it's able to hide from scanners if it's already loaded).

If you still don't find anything, give HitMan Pro a try and see if it identifies any threats:

http://www.surfright.nl/en/hitmanpro

But, in some cases, booting into a linux rescue disk may be needed (so that you're not booting into a comprised operating system to perform the scans), as also mentioned in my last post to you.

Anyway, I do not see a PM from you, and it's way past time for me to be in bed (after 1:00AM here).

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
ABA DABA
Senior MemberPosts: 2,975
Like?
Re: Full system scan results
In reply to Jim Cockfield, 9 months ago

Happy Day's are here again. Just finished running adware, found 2 cleaned it re-ran spybot got the following "congratulations system is clean"

Thank you Jim, I owe you one.

-- hide signature --

ABA DABA

Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Re: Full system scan results
In reply to ABA DABA, 9 months ago

I'm assuming you mean adwcleaner, as I suggested you run.  Yes, it's better at detecting and removing some of the adware you can have infecting your PC compared to many other programs

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Joe186
Senior MemberPosts: 2,098
Like?
feelin’ pretty bad
In reply to Joe186, 9 months ago

My apologies to anyone who was hurt by this. From now on, the only software I’ll ever inform you all about, is going to be run though at least three online uploadable multi-engine virus scanners. If even one alert shows, I just won’t even mention the software. The only ones I’ll mention, will be 100% cleared, with links posted to all results.

http://www.autohdr.co.uk

http://r.virscan.org/report/0407464a4503ac4bcd862db5b9b20c65.html

https://www.virustotal.com/en/file/4fe0d213761815939fa3091dc0a21cc11bfdf5c20807c59739ba2d2328551529/analysis/1396194474/

http://virusscan.jotti.org/en/scanresult/397b3d67df0657cdc6c59f6ba24b4a92e3172eff

https://www.metascan-online.com/en/scanresult/file/2778f7be3cf64e6a85ae265144881cf7

-- hide signature --
Reply   Reply with quote   Complain
Austinian
Senior MemberPosts: 1,748Gear list
Like?
Re: feelin’ pretty bad
In reply to Joe186, 9 months ago

Joe186 wrote:

My apologies to anyone who was hurt by this. From now on, the only software I’ll ever inform you all about, is going to be run though at least three online uploadable multi-engine virus scanners. If even one alert shows, I just won’t even mention the software. The only ones I’ll mention, will be 100% cleared, with links posted to all results.

Your attitude does you credit, but IMO don't feel too bad about this; people all over the Net are constantly posting about various programs and utilities, and seldom mentioning anything about possible adware or malware.

My feeling is that links on the Net are "downloader beware", and it's up to me to read reviews, scan for malware, etc. and keep myself safe in general. Very few people indeed are as careful as you plan to be about posting links.

 Austinian's gear list:Austinian's gear list
Sony a77 II Sigma 10-20mm F4-5.6 EX DC HSM Sony DT 55-300mm F4.5-5.6 SAM Sony DT 35mm F1.8 SAM Sony DT 16-50mm F2.8 SSM +3 more
Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,974
Like?
Lots of software using that tactic, it's not as bad as some
In reply to Joe186, 9 months ago

Well...  Lots of developers are using products like OpenCandy to increase their revenue.

OpenCandy is relatively "mild" compared to most of them, as you usually see a way to "opt out" of any extras it tries to install.

Developers of software like to believe the stuff that OpenCandy tells them in order to justify using it.  For example, the newer versions of OpenCandy don't actually leave any software running on your PC (from OpenCandy itself, not the other stuff you may end up having installed if you don't "opt out").

It scans your PC for other products and then tries to install stuff that's not already running to increase revenue.  For example, Browser Toolbars and adware.  Conduit is frequently one of the adware products it will try to install, and it's got a bad reputation.

Use of products like OpenCandy installers is becoming *very* common, and again, software developers want to believe that it's not harming their customers because there is usually a way to "opt out" of any extras.

They want to believe including those types of products is OK, because they can increase their revenue on their so called "free" products by including something like the OpenCandy installer.

But, again, the problem is that some of the products that OpenCandy will usually try to install are browser hijackers in the form of search toolbars and adware.  Those types of products automatically "hijack" your searches and give you search results filled with adverts that they make extra revenue from.   IOW, you're very likely to have some very nasty adware running on your PC if you're not *VERY* careful to read the fine print and make sure to "opt out" of the default extras like browser search toolbars.

Unfortunately, that's the trend anymore, and OpenCandy is not as bad as some of the others around.  But, if you do suggest a product using that type of installer, I'd at least warn users about it (telling them to be very careful to read the fine print, use a custom install, and uncheck the boxes for any extras that would be installed by default).

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
ABA DABA
Senior MemberPosts: 2,975
Like?
Re: Full system scan results
In reply to Jim Cockfield, 9 months ago

So far so good Jim, again thanks,

have a great day.

-- hide signature --

ABA DABA

Reply   Reply with quote   Complain
Keyboard shortcuts:
FForum MMy threads