Deisel Weisel Posted May 15, 2012 Posted May 15, 2012 (edited) Downloaded from here on Sunday: http://www.getpaint.net/ During the installation process it became obvious that it wasn’t only paint.net being installed, so I stopped the instalation. Opened up Chrome again, to find my home page, and chosen search engine, had been swapped. Changed those back, only to find other suspicious looking stuff when I looked in the downloads folder from that download. I’ve uninstalled those, but I’m left with this one problem: certain words on web pages are double under lined (hyperlinked?) and if you click on them the page goes momentarily to cxpfy.com and then mostly onto MonsterMarketplace and other places. Anyone know how to get rid of this? I’ve asked on a malware/spyware help forum, but so far no one has offered a solution. I have run Malwarebytes and have AVG 2012 installed, but neither helped. Edited May 15, 2012 by Deisel Weisel Quote
BoltBait Posted May 15, 2012 Posted May 15, 2012 The best way to get rid of malware is to restore to a previous version of the system. If you don't know how to use Restore Points, do a google search. Then, only download Paint.NET from http://www.dotpdn.com/downloads/pdn.html there is a link to the file in the upper right corner of the page that has the actual file. There are NO virus or malware programs in the official download. Quote Download: BoltBait's Plugin Pack | CodeLab | and a Free Computer Dominos Game
Deisel Weisel Posted May 16, 2012 Author Posted May 16, 2012 What I did, was what a lot of people will do: 1. Google ‘paint.net’ and www.paint.net/ comes top of the Google results. 2. Top r/h corner of paint.net is a banner to download, so click on that. 3. Takes you to here: http://www.getpaint.net/ where you d/l and get infected. The first URL is the exact same name as your product. This very forum appears to be a subdomain of http://www.getpaint.net/, which is hosting the infected copy. So what’s going on here? You appear to be directly associated with this trojan type download. Thanks for the advice about ‘Restore Points’ but I don’t see why I should be trusting you any further, to d/l it elsewhere, unless you’ve got a very good explanation for all of this. Quote
pdnnoob Posted May 16, 2012 Posted May 16, 2012 I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing. The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...) Quote No, Paint.NET is not spyware...but, installing it is an IQ test. ~BoltBait Blend modes are like the filling in your sandwich. It's the filling that can change your experience of the sandwich. ~Ego Eram Reputo
BoltBait Posted May 17, 2012 Posted May 17, 2012 Thanks for the advice about ‘Restore Points’ but I don’t see why I should be trusting you any further I know you must be frustrated, but I'm just trying to help you out here. I don't own Paint.NET nor the web site. I'm just a regular user like you. I'm just trying to be helpful. Quote Download: BoltBait's Plugin Pack | CodeLab | and a Free Computer Dominos Game
Ego Eram Reputo Posted May 17, 2012 Posted May 17, 2012 BoltBait is a well respected ADMINISTRATOR on this forum who has been a member since 2005. You can trust him absolutely. Scouts honor. Quote ebook: Mastering Paint.NET | resources: Plugin Index | Stereogram Tut | proud supporter of Codelab plugins: EER's Plugin Pack | Planetoid | StickMan | WhichSymbol+ | Dr Scott's Markup Renderer | CSV Filetype | dwarf horde plugins: Plugin Browser | ShapeMaker
Goonfella Posted May 17, 2012 Posted May 17, 2012 I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing. The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...) I don`t think Diesel has an issue with the ads, it`s just the download button which seems to have got him infected. Boltbait I know you are not responsible for the website but a s a well respected mod here on the forum (which is directly linked to the site in question) surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ( and I have no doubt that you were trying to help) it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example. Even if he doesn`t actually own the site he must know who does. Quote Please feel free to visit my Gallery on PDNFans And my Alternatives to PDN
BoltBait Posted May 17, 2012 Posted May 17, 2012 Maybe you could bring the issue to the attention of Rick for example. Even if he doesn`t actually own the site he must know who does. Rick reads EVERY thread in this section of the forum. If a specific ad gave you spyware, tell him which one it was so he can block it. Quote Download: BoltBait's Plugin Pack | CodeLab | and a Free Computer Dominos Game
jim100361 Posted May 17, 2012 Posted May 17, 2012 Boltbait I know you are not responsible for the website but as a well respected mod here on the forum ... surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ... it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example. First, I read nothing in BoltBait's replies that is "dismissive". What BoltBait said was simply a statement of fact, and nothing more. Secondly, the overall issue of malware being bundled in the software from other sites is not news to anybody here. Given the fact that this isn't some new development, I further feel that it is unjustified to put the onus on his back to "have looked into this further". As for what Rick can/should do, is another question entirely. To what end do you think it should proceed? A cease and desist order for something anyone anywhere can disseminate? And to that point, to what cost? How many people would you venture to guess have paid the due worth of this software (I've made a contribution, but admittedly, it wasn't anywhere near what I should have)? Do you think there has been enough collected for all that this software encompasses (website, forum, development, LEGAL FEES, etc.)? At any rate, regardless of how (if ever) this will be resolved, my primary concern at this point is more about how somehow you don't agree (to put it mildly) with the manner in which BoltBait handled this. I personally think you owe him an apology - whether or not he asks for it, and simply decides to take a non-argumentative approach to it, the point is he deserves it. ...my 2 cents (for better or worst). Quote
cgz Posted May 20, 2012 Posted May 20, 2012 Rick reads EVERY thread in this section of the forum. If a specific ad gave you spyware, tell him which one it was so he can block it. A specific ad ? I have come back today as I've always been a quiet fan of PDN and needed to download it. Your site is now full of links to the download which contain injectors. I've looked at a lot of the links and they all have statements on their websites saying how its a modified version of the download and not the original file, which can contain other installers such as browser addons at wot not. A virus heaven.. PDN is now. Virtually every download link except for the one true download (which is totally obscured now!) are possible virus / hack threats for everyone coming here to download it. Quote
pdnnoob Posted May 20, 2012 Posted May 20, 2012 (edited) On the contrary, the only paint.net download button I could find was the real one, and I have never been infected with malware in the download process. Try going to the download page from a library computer just to see if it is an issue unrelated to the webpage. These are screenshots of how my screen looks upon going to the site. The red circles indicate the links I click on. The first one is www.getpaint.net, then http://www.getpaint....d.html#download, then http://www.dotpdn.co...nloads/pdn.html http://i758.photobucket.com/albums/xx228/pdnnoob/downloadpdn.png As you can see, the only links for downloads on the pages are the legitimate ones. I don't see any of the links you refer to. If you can get a screenshot of what it looks like on your end, that may clear up part of the confusion. Edited May 20, 2012 by pdnnoob Quote No, Paint.NET is not spyware...but, installing it is an IQ test. ~BoltBait Blend modes are like the filling in your sandwich. It's the filling that can change your experience of the sandwich. ~Ego Eram Reputo
Daikoku Posted May 26, 2012 Posted May 26, 2012 Currently (May 26, 2012, 10:04 GMT) on the www.getpaint.net homepage, there is a link for Gimp from Google AdSense which does not link to http://www.gimp.net or http://www.gimp.org/downloads/ it has a great big "Download Now" link on it. I believe that Deisel Weisel may have clicked on a similar link instead of the proper link. It is possible that where ever this link went to, he hit a drive-by script or poisoned image. It is also possible that he could have picked it up somewhere else (*shrug*). Deisel: if you are still reading this thread, you might try this website for some insight on how to repair your system. http://www.geekstogo.com/forum/topic/318024-cxpfy-double-underlined-links-appearing-everywhere/ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.