Sign in to follow this  
Deisel Weisel

Downloading paint.net has given my PC malware!

Recommended Posts

Downloaded from here on Sunday: http://www.getpaint.net/ During the installation process it became obvious that it wasn’t only paint.net being installed, so I stopped the instalation. Opened up Chrome again, to find my home page, and chosen search engine, had been swapped. Changed those back, only to find other suspicious looking stuff when I looked in the downloads folder from that download. I’ve uninstalled those, but I’m left with this one problem: certain words on web pages are double under lined (hyperlinked?) and if you click on them the page goes momentarily to cxpfy.com and then mostly onto MonsterMarketplace and other places.

Anyone know how to get rid of this? I’ve asked on a malware/spyware help forum, but so far no one has offered a solution. I have run Malwarebytes and have AVG 2012 installed, but neither helped.

Edited by Deisel Weisel

Share this post


Link to post
Share on other sites

The best way to get rid of malware is to restore to a previous version of the system. If you don't know how to use Restore Points, do a google search.

Then, only download Paint.NET from http://www.dotpdn.com/downloads/pdn.html there is a link to the file in the upper right corner of the page that has the actual file. There are NO virus or malware programs in the official download.

Share this post


Link to post
Share on other sites

What I did, was what a lot of people will do:

1. Google ‘paint.net’ and www.paint.net/ comes top of the Google results.

2. Top r/h corner of paint.net is a banner to download, so click on that.

3. Takes you to here: http://www.getpaint.net/ where you d/l and get infected.

The first URL is the exact same name as your product. This very forum appears to be a subdomain of http://www.getpaint.net/, which is hosting the infected copy. So what’s going on here? You appear to be directly associated with this trojan type download. Thanks for the advice about ‘Restore Points’ but I don’t see why I should be trusting you any further, to d/l it elsewhere, unless you’ve got a very good explanation for all of this.

Share this post


Link to post
Share on other sites

Sorry Boltbait but I have to agree with Diesel. If I was new and I wanted PDN I would do exactly the same thing , thinking that was the official download - and end up infected. I think this needs to be looked into as it seriously damages the reputation of the program. The website should be sorted out before too many people get caught out.

Diesel I hope you can sort out your problem. Although I doubt this forum is knowingly associated with the malware as you imply ( intended or not that is how it comes across). It`s just a way of deceiving people into thinking it is the official PDN website.

Edited by Goonfella

Share this post


Link to post
Share on other sites

I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing.

The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...)

Share this post


Link to post
Share on other sites

Thanks for the advice about ‘Restore Points’ but I don’t see why I should be trusting you any further

I know you must be frustrated, but I'm just trying to help you out here.

I don't own Paint.NET nor the web site. I'm just a regular user like you. I'm just trying to be helpful.

Share this post


Link to post
Share on other sites

I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing.

The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...)

I don`t think Diesel has an issue with the ads, it`s just the download button which seems to have got him infected.

Boltbait I know you are not responsible for the website but a s a well respected mod here on the forum (which is directly linked to the site in question) surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ( and I have no doubt that you were trying to help) it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example. Even if he doesn`t actually own the site he must know who does.

Share this post


Link to post
Share on other sites

Maybe you could bring the issue to the attention of Rick for example. Even if he doesn`t actually own the site he must know who does.

Rick reads EVERY thread in this section of the forum.

If a specific ad gave you spyware, tell him which one it was so he can block it.

Share this post


Link to post
Share on other sites

Boltbait I know you are not responsible for the website but as a well respected mod here on the forum ... surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ... it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example.

First, I read nothing in BoltBait's replies that is "dismissive". What BoltBait said was simply a statement of fact, and nothing more.

Secondly, the overall issue of malware being bundled in the software from other sites is not news to anybody here. Given the fact that this isn't some new development, I further feel that it is unjustified to put the onus on his back to "have looked into this further".

As for what Rick can/should do, is another question entirely. To what end do you think it should proceed? A cease and desist order for something anyone anywhere can disseminate? And to that point, to what cost? How many people would you venture to guess have paid the due worth of this software (I've made a contribution, but admittedly, it wasn't anywhere near what I should have)? Do you think there has been enough collected for all that this software encompasses (website, forum, development, LEGAL FEES, etc.)?

At any rate, regardless of how (if ever) this will be resolved, my primary concern at this point is more about how somehow you don't agree (to put it mildly) with the manner in which BoltBait handled this. I personally think you owe him an apology - whether or not he asks for it, and simply decides to take a non-argumentative approach to it, the point is he deserves it.

...my 2 cents (for better or worst).

Share this post


Link to post
Share on other sites

Rick reads EVERY thread in this section of the forum.

If a specific ad gave you spyware, tell him which one it was so he can block it.

A specific ad ? I have come back today as I've always been a quiet fan of PDN and needed to download it. Your site is now full of links to the download which contain injectors. I've looked at a lot of the links and they all have statements on their websites saying how its a modified version of the download and not the original file, which can contain other installers such as browser addons at wot not.

A virus heaven.. PDN is now. Virtually every download link except for the one true download (which is totally obscured now!) are possible virus / hack threats for everyone coming here to download it.

Share this post


Link to post
Share on other sites

On the contrary, the only paint.net download button I could find was the real one, and I have never been infected with malware in the download process. Try going to the download page from a library computer just to see if it is an issue unrelated to the webpage.

These are screenshots of how my screen looks upon going to the site. The red circles indicate the links I click on. The first one is www.getpaint.net, then http://www.getpaint....d.html#download, then http://www.dotpdn.co...nloads/pdn.html

http://i758.photobucket.com/albums/xx228/pdnnoob/downloadpdn.png

As you can see, the only links for downloads on the pages are the legitimate ones. I don't see any of the links you refer to. If you can get a screenshot of what it looks like on your end, that may clear up part of the confusion.

Edited by pdnnoob

Share this post


Link to post
Share on other sites

Currently (May 26, 2012, 10:04 GMT) on the www.getpaint.net homepage, there is a link for Gimp from Google AdSense which does not link to http://www.gimp.net or http://www.gimp.org/downloads/ it has a great big "Download Now" link on it.

I believe that Deisel Weisel may have clicked on a similar link instead of the proper link. It is possible that where ever this link went to, he hit a drive-by script or poisoned image. It is also possible that he could have picked it up somewhere else (*shrug*).

Deisel: if you are still reading this thread, you might try this website for some insight on how to repair your system.

http://www.geekstogo.com/forum/topic/318024-cxpfy-double-underlined-links-appearing-everywhere/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this