Jump to content

Anyone know what "Zip Extractor Packages" is, if it's brand new malware, and how to remove it?


Recommended Posts

I have malware on my system called "Zip Extractor Packages" but since there are only a few dozen Google hits on this, I'm wondering if it's brand new and how to remove it.  

 

I'm also concerned that the site MalwareTips.com may be perpetuating malware, since they didn't post my post on this

 

Here's what happened: I downloaded two mp3/WMA splitters that came in a zip pack (I think it was from cnet, and it was  "MP3 WMA Cutter" & another, but my PC is in the shop so I'm not sure of the 2nd one). Two days later I noticed that I couldn't update my AVG free, then I closed my Firefox browsers (which had all been open for a couple days) and when I reopened, the homepage was "searchnu.com"

 

I went to MalwareTips.com and followed the removal instructions (I also had "searchqu.com" & "IB Updater" and maybe another" - it removed most from my Uninstall a Program list, but "Windows SearchQu Toolbar" remained. (When I tried to uninstall, it said it may have been removed) and then a NEW program appeared on the list - Sweetpacks)

 

I went back to the site (this time  http://malwaretips.com/blogs/remove-sweetpacks-toolbar/ ) and tried to remove both with all the steps - both stayed - so I went to the link in the site author's comments to download RogueKiller (DO NOT go to this link, listed there as " "RogueKiller Download Link : http://tigzy.geekstogo.com/roguekiller.php")

 

Instead of just the program, it asked me if I wanted to install "Zip Extractor Packages" and I stupidly did. When I clicked on it, it installed that malware & other programs: Sweetpacks, Bitguard, gol search, another gol program, and OpenIt!.

I downloaded Revo uninstaller & tried uninstalling, but Sweetpacks wouldn't uninstall, and I was too scared to use the official & odd-looking "uninstaller" screen that popped up when I tried to uninstall Zip Extractor Packages, especially with so few Google hits about it out there.

 

Right now my pc is with the Geek Squad - they've found my hardware is clean and are now checking my data -- but my concern is that this "Zip Extractor Packages" is so new that there may still be something on the pc, even if they tell me it's ok, since it may still be unknown or unanalyzed.

 

Anyone know about this malware, or can report it to whoever these things get reported to so it can be fixed?

 

And a few related things some of this malware may have affected:

 

--My Geek Squad rep said the AVI, MP3 and Word cocs I dragged to my zip drive after all this happened wouldn't carry the malware or corruption (only if an .exe & another file type I can't remember were dragged over), but a friend who works in IT said it could be dragged over. Anyone know?

 

--my Yahoo email was reset, and the format where you can see multiple tabs of different email on one screen is no longer available, either on the Basic or new updated version. This may just be because I reset Firefox and IE along the way, but I'm wondering if malware can do this? (Changes are still there when I access email from another PC & other browsers)

 

--Also: I never got an emailed reply or post accepted to MalwareTips.com, but i did get an increase in spam to the email address I submitted with my post

 

Thanks!

Jeff

Link to post
Share on other sites

What authority has stated "Zip Extractor Packages" is malware ?

 

What anti virus or anti malware has flagged this as malware or, what is more likely as a potentially Unwanted Program (PUP) ?

 

What I see is a post that may be a "jump to conclusion" on a systemic problem now associated with "freeware".  That is the authors do want some kind of monetary gain from their work and will sign up with software companies that bundle crapware with legitimate software of your intention.  If a anti malware company detects a file as "InstallCore" or OpenCandy"  that's a clue to the software using a wrapper designed to install software NOT intended as a part of the software you want.  One has be cognizant that freeware is now often bundled with crapware.  One just has to be extra cautious in installing "freeware" that non-intended crap doesn't get installed.  If it is assigned a name of PUP then it is the software that is bundled within said wrapper.

Detections such as "InstallCore" and "OpenCandy" are clues to this being the case and they are are the wrapper software for the non-intended crapware.

Link to post
Share on other sites

(I'm assuming it's malware (or maybe just a conduit/shell that someone who wants to distribute malware created?) because I clicked on the RogueKiller download link, was asked to download Zip Extractor Packages, opened it and ended up with several malware program installed... and (including?) a program called Zip Extractor Packages, which had a strange screen pop up when I tried to uninstall it.

This & the fact that there are only 34 Google hits for the name, many from strange Russian and Asian language websites, makes me think it may be, but of course I don't know for sure. I dont know anything else about this thing that installed on my PC alongside other known malware. That's why I'm posting here - to find out - but its not an academic exercise. I know very little about malware, I'm trying to see if its dangerous and may damage my pc, and want to possibly report it if its something that warrants investigation. If it is indeed brand new malware

Any help or info anyone can give would be greatly appreciated

Link to post
Share on other sites

Ps: to answer your question directly, no programs I have flagged it as malware - Im only writing here based in what happened to me as I described it, and I appreciate your warnings about freeware. If this post leads to anything aside from a solution for my pc, hopefully people will know Zip Extrator Packages and that one RogueKiller link I listed (others may be fine) could be dangerous.

Thanks for replying to my post.

Link to post
Share on other sites

If this wasn't the case of bundled software but one of a mis-click, that's another situation and problem.

 

Just like bundling software is all about affiliate revenue sources, web sites are the same.  To recoup cost of hosting or to actually make a profit, web sites load numerous ads and downloads on the page where you intend toi download the objective software.  Through confusion and naivety, they hop that you will hit one of the other items so the web site or sponsor can get download and click related affiliate revenue.

Link to post
Share on other sites

Thanks again for your reply and the info, David - posting it here will help people. I know even less about PUPs than malware, but the fact that Zip Extractor Packages seemed to be some exe that showed up on my Uninstall a Program list, and didnt even contain RogueKiller (just the malware I posted a list of above), still makes me worried that Zip Extractor Packages itself could do some sort of damage or cause corruption. (The malware it contained was all known, and I trust the people fixing my PC to ID and fix those)

Anyone have any further thoughts on how to help with this? Is there some online malware/PUP center where these new, potentially harmful things can be reported and dealt with?

Link to post
Share on other sites

  • Root Admin

Not sure I would agree with the nor potentially harmful portion.  Evidence indicates that certain adware/pups will in fact sooner or later bring your computer into contact with a site that will try to infect your computer.  Had this adware not been on your computer the chances of you ever hitting that site on your own are highly unlikely.

Link to post
Share on other sites

Actually, David, in the link you posted, the root admin Marcin says there are some "harmful and dangerous PUPs we already detect."  So saying all PUPs aren't potentially harmful seems inaccurate - seems some are?

 

So it's entirely possible that Zip Extractor Packages is a harmful PUP, but just not well known or widespread enough yet to be detected or analyzed by Malwarebytes. And I don't want to be the Ground Zero case for this.

 

So if this is a brand new PUP, can anyone suggest a forum to ask about it, or perhaps help here?

Link to post
Share on other sites

I don't agree with the statement.  If it (software) crosses the line and becomes "harmful and dangerous" then it is no longer categorized as a Potentially Unwanted Program (PUP) and is now a malicious software (malware).

 

However we are dancing and jousting based upon supposition, suspicion, opinion and perceptions.  Lets cut that out of the picture.

 

Submit samples of the installed program, files and or installer here;  Newest Malware Threats  then a full determination can be made on actual activity, etc.

 

In that sub-forum are guidelines on how to post submissions.  Please read the pinned topics first.

Link to post
Share on other sites

Thanks, David. I posted about it on Newest Malware Threats, and if it's their specialty to research these things, hopefully they can help.

 

Since my PC is in the shop and I hadn't realized the thing was so obscure, I have no file or screenshot to post, but I did post a link in case they have a safe way to download/analyze it.  Since there are only 34 Google hits, they can also check out one of the few sites that has or wrote about it.

 

Link to the Newest Malware Threats thread is here in case anyone wants to investigate:

 

https://forums.malwarebytes.org/index.php?s=73175b329231c9882b73c4b50d8c7543&showtopic=134794

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.