Jump to content

Does ARO 2012 get downloaded with MalwareBytes?

Kirbett
 Share

Recommended Posts

Kirbett

Kirbett

Posted
Posted

I've been trying to help a friend in Australia (I'm in the UK) whose computer may have been infected. We have received an email from her which had a suspiciously simple Subject ("Hello"), was copied to 4 other e-addys apparently randomly selected from her address book, and which contained just a link to a web page on the website of an apparently valid Swedish demolition company. I imagine that the target web page has been hacked and contains a Java exploit waiting to be executed. I advised her to run her anti-virus software (MSE) which found nothing, and to download and run Malwarebytes. Malwarebytes found just PUPs relating to two programs - FunWebProducts and MyWebSearch - which seem to me probably to be undesirable but otherwise benign.

However, apparently, after starting Malwarebytes, a pop-up window appeared, purporting to be from ARO 2012 and stating ... "Reminder ... 2260 Registry errors and tweaks were remaining and your junk status was Caution after your last scan. Buy now to repair and have fewer errors on your PC ..." together with two buttons, one "Keep These Errors" and the other "Buy Now"., and a footnote stating "To remove ARO 2012 without fixing errors, please click here".

As far as I am aware, ARO 2012 has not been consciously installed onto this machine. However, comments on this website http://download.cnet...10183947-1.html suggest that some software download sites (including CNet) may be inclined to wrap up a distribution of this software in with other software explicitly requested. From the UK, my Malwarebyte download link at http://www.malwarebytes.org/ (which is what I passed on) directs me to http://www.bleepingcomputer.com . Is it possible that, in other regions, Malwarebyte downloads are being directed to CNet or similar sites, and that the ARO 2012 install has stemmed from this?

Alternatively, could the pop-up window be Ransomware masquerading as ARO 2012?

That apart, the source of the initial email remains a mystery at present ...

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

As you can see in the image below you'll see that ARO 2012 is one of the links to download but is not the correct download.

If you think you're friend is infected or would like assistance from one of the Experts then please follow the advice from here: Available Assistance for Possibly Infected Computers

You can download from one of the following locations but one should always be careful of which link they choose.

Our program is not using an install wrapper from any of the sites to our knowledge. Cnet attempted to before and we told them they could not do so.

As an example of public downloads of our installer the saved file is currently normally named: mbam-setup-1.70.0.1100.exe

mbam_main_download_link_zpsd9fe7921.jpg

mbam_download_link_cnet_zps3dda4df4.jpg

Link to post
Share on other sites
DarkSnakeKobra

DarkSnakeKobra

Posted
Posted

Based upon the number of these kinds of posts, these alternate hosting companies are a "problem" and are devaluating the MBAM product.

{ in my humble opinion }

I agree. I stopped using CNET since the download wrapper. Malwarebytes' needs to start hosting the product on their website and/or other well known support sites such as UNITE affiliates.

Link to post
Share on other sites
Kirbett

Kirbett

Posted
  • Author
Posted

Well, that has confirmed how ARO 2012 came to be on the machine. The user had indeed been directed to the CNet site, and, I have to assume, had accidently clicked the lower Download button. This button seems to me to be designed to mislead users into installing the wrong product. Naive users, which I fear are in the majority, can too easily get phased by pages like this. The "Start Download" button does NOT actually say that it will load something other than Malwarebytes - that is, at best, only IMPLIED by the "small print" "ARO 2012" text in its vicinity.

Hopefully ARO 2012 will uninstall as easily as it installed - although I don't want to disturb the machine just yet, since I am intending to follow through to your advice link first.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.