Jump to content
Paint.NET 5.1 is now available! ×

Recommended Posts

Posted (edited)

Downloaded from here on Sunday: http://www.getpaint.net/ During the installation process it became obvious that it wasn’t only paint.net being installed, so I stopped the instalation. Opened up Chrome again, to find my home page, and chosen search engine, had been swapped. Changed those back, only to find other suspicious looking stuff when I looked in the downloads folder from that download. I’ve uninstalled those, but I’m left with this one problem: certain words on web pages are double under lined (hyperlinked?) and if you click on them the page goes momentarily to cxpfy.com and then mostly onto MonsterMarketplace and other places.

Anyone know how to get rid of this? I’ve asked on a malware/spyware help forum, but so far no one has offered a solution. I have run Malwarebytes and have AVG 2012 installed, but neither helped.

Edited by Deisel Weisel
Posted

The best way to get rid of malware is to restore to a previous version of the system. If you don't know how to use Restore Points, do a google search.

Then, only download Paint.NET from http://www.dotpdn.com/downloads/pdn.html there is a link to the file in the upper right corner of the page that has the actual file. There are NO virus or malware programs in the official download.

Posted

What I did, was what a lot of people will do:

1. Google ‘paint.net’ and www.paint.net/ comes top of the Google results.

2. Top r/h corner of paint.net is a banner to download, so click on that.

3. Takes you to here: http://www.getpaint.net/ where you d/l and get infected.

The first URL is the exact same name as your product. This very forum appears to be a subdomain of http://www.getpaint.net/, which is hosting the infected copy. So what’s going on here? You appear to be directly associated with this trojan type download. Thanks for the advice about ‘Restore Points’ but I don’t see why I should be trusting you any further, to d/l it elsewhere, unless you’ve got a very good explanation for all of this.

Posted

I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing.

The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...)

No, Paint.NET is not spyware...but, installing it is an IQ test. ~BoltBait

Blend modes are like the filling in your sandwich. It's the filling that can change your experience of the sandwich. ~Ego Eram Reputo

Posted

BoltBait is a well respected ADMINISTRATOR on this forum who has been a member since 2005.

You can trust him absolutely. Scouts honor.

Posted

I'm not seeing the same issue, but it may be because I use Firefox with Adblock installed. That link you gave is the official download site and there are links that lead to BoltBait's link. My recommendation: Get Adblock. It saves lots of headache while browsing.

The ads are there because Rick needs to eat too. While I don't like the fact that they are all ads for photo editing programs similar to paint.net, I can't say much because I haven't made any donations to Rick, so I'm part of the problem myself. As said before, install adblock. I think it exists for chrome if you prefer it to firefox (though firefox is a whole lot better in my opinion...)

I don`t think Diesel has an issue with the ads, it`s just the download button which seems to have got him infected.

Boltbait I know you are not responsible for the website but a s a well respected mod here on the forum (which is directly linked to the site in question) surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ( and I have no doubt that you were trying to help) it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example. Even if he doesn`t actually own the site he must know who does.

 

 

Please feel free to visit my Gallery on PDNFans

And my Alternatives to PDN

Posted

Boltbait I know you are not responsible for the website but as a well respected mod here on the forum ... surely you could have looked into this further rather than just saying `There are NO virus or malware programs in the official download.' Whether you intended it or not ... it does sound a tad dismissive as if you are refusing to believe there is a problem. Maybe you could bring the issue to the attention of Rick for example.

First, I read nothing in BoltBait's replies that is "dismissive". What BoltBait said was simply a statement of fact, and nothing more.

Secondly, the overall issue of malware being bundled in the software from other sites is not news to anybody here. Given the fact that this isn't some new development, I further feel that it is unjustified to put the onus on his back to "have looked into this further".

As for what Rick can/should do, is another question entirely. To what end do you think it should proceed? A cease and desist order for something anyone anywhere can disseminate? And to that point, to what cost? How many people would you venture to guess have paid the due worth of this software (I've made a contribution, but admittedly, it wasn't anywhere near what I should have)? Do you think there has been enough collected for all that this software encompasses (website, forum, development, LEGAL FEES, etc.)?

At any rate, regardless of how (if ever) this will be resolved, my primary concern at this point is more about how somehow you don't agree (to put it mildly) with the manner in which BoltBait handled this. I personally think you owe him an apology - whether or not he asks for it, and simply decides to take a non-argumentative approach to it, the point is he deserves it.

...my 2 cents (for better or worst).

Posted

Rick reads EVERY thread in this section of the forum.

If a specific ad gave you spyware, tell him which one it was so he can block it.

A specific ad ? I have come back today as I've always been a quiet fan of PDN and needed to download it. Your site is now full of links to the download which contain injectors. I've looked at a lot of the links and they all have statements on their websites saying how its a modified version of the download and not the original file, which can contain other installers such as browser addons at wot not.

A virus heaven.. PDN is now. Virtually every download link except for the one true download (which is totally obscured now!) are possible virus / hack threats for everyone coming here to download it.

Posted (edited)

On the contrary, the only paint.net download button I could find was the real one, and I have never been infected with malware in the download process. Try going to the download page from a library computer just to see if it is an issue unrelated to the webpage.

These are screenshots of how my screen looks upon going to the site. The red circles indicate the links I click on. The first one is www.getpaint.net, then http://www.getpaint....d.html#download, then http://www.dotpdn.co...nloads/pdn.html

http://i758.photobucket.com/albums/xx228/pdnnoob/downloadpdn.png

As you can see, the only links for downloads on the pages are the legitimate ones. I don't see any of the links you refer to. If you can get a screenshot of what it looks like on your end, that may clear up part of the confusion.

Edited by pdnnoob

No, Paint.NET is not spyware...but, installing it is an IQ test. ~BoltBait

Blend modes are like the filling in your sandwich. It's the filling that can change your experience of the sandwich. ~Ego Eram Reputo

Posted

Currently (May 26, 2012, 10:04 GMT) on the www.getpaint.net homepage, there is a link for Gimp from Google AdSense which does not link to http://www.gimp.net or http://www.gimp.org/downloads/ it has a great big "Download Now" link on it.

I believe that Deisel Weisel may have clicked on a similar link instead of the proper link. It is possible that where ever this link went to, he hit a drive-by script or poisoned image. It is also possible that he could have picked it up somewhere else (*shrug*).

Deisel: if you are still reading this thread, you might try this website for some insight on how to repair your system.

http://www.geekstogo.com/forum/topic/318024-cxpfy-double-underlined-links-appearing-everywhere/

  • toe_head2001 changed the title to Trying to download paint.net has given my PC malware!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...