Jump to content

PowerISO 5.9


Engh3.

Recommended Posts

  • Replies 32
  • Views 4.6k
  • Created
  • Last Reply

Top Posters In This Topic

  • psyko666

    10

  • MasterFaster

    4

  • avmad

    2

  • maddoxx

    2

Popular Days

Top Posters In This Topic

A new update; PowerISO 5.9 is out !!

B.T.W. Old keys ( thx Joffre !!!!) still works on my Win7x64 ( installed the x64-version) , just wonderfull !!

Link to comment
Share on other sites


This program is fucked up.. it installs crap even if you don't select it! :angry:

Run Malware Bytes after install and check what it finds!

Edited by psyko666
Link to comment
Share on other sites


This program is fucked up.. it installs crap even if you don't select it! :angry:

Run Malware Bytes after install and check what it finds!

+1

it installs malware or something even if you don't select it before install, you're right, run MBAM after install of PowerISO!

Edited by psyko666
Link to comment
Share on other sites


I think, the website is infected with fakes installers :unsure:

No I guess the creators of PowerISO made a deal with the malware shitty Conduit.A that's the main reason I don't use PowerISO anymore... <_<

Link to comment
Share on other sites


psyko666, on 15 Feb 2014 - 08:31, said:
Shadowx, on 15 Feb 2014 - 08:27, said:

I think, the website is infected with fakes installers :unsure:

No I guess the creators of PowerISO made a deal with the malware shitty Conduit.A that's the main reason I don't use PowerISO anymore... <_<

What do you use now? What is good alternative?

Link to comment
Share on other sites


psyko666, on 15 Feb 2014 - 08:31, said:
Shadowx, on 15 Feb 2014 - 08:27, said:

I think, the website is infected with fakes installers :unsure:

No I guess the creators of PowerISO made a deal with the malware shitty Conduit.A that's the main reason I don't use PowerISO anymore... <_<

What do you use now? What is good alternative?

http://www.nsanedown.com/?request=2439063

Link to comment
Share on other sites


~Well, I was wrong :-

Conduit Ltd - The Conduit Spyware Engine

It has been a while since I last had to fight a virus or malware but today I came across an especially nasty bit of spyware on my girlfriends computer: The Conduit Toolbar. It was drive-by installed through some other software, which AFTER installation provided a pre-checked checkbox with the caption "I have read and agree with the license agreement and privacy policy of xy toolbar and wish to install it." (wording may be a little different depending on which drive by you catch) It is really easy to overlook, even I nearly fell for it.

When she saw the first effects she called me immediately and I took a quick look. It was obvious that there was a big problem when I tried to find some way of removal via google searches. It turns out that not only there is no article with a solution, there are dozends of articles, forum posts and websites claiming the tool was harmless and could just be uninstalled using the normal mechanisms. These were obviously written by Conduit stakeholders.

So I started the tedious process of manually searching for rootkits and hidden files / startup entries / registry entries and so on. It took me almost a day(!) to get rid of the tool. This included blocking the website bunndle.com via the hosts file, through which the software re-downloads and re-installs itself after a partial removal. I also had to delete many registry entries and well hidden files all over the system. And of course I had to remove all browsers and re-install them.

I also analyzed some of the software and it turns out that this is a spyware and backdoor of the worst imaginable kind. Even worse, it will open up your computer to all kinds of additional malicious applications from third parties, which can be installed without you even noticing, once the primary backdoor is open.

After that I was very angry of course and started to prepare for some retailation / legal action. I filed an FTC complaint and other things, but usually such measures do little on the short term. So I researched the guy who is ultimately responsible for this crap: Ronen Shilo, an israeli nationalist who makes a living out of the misery of unexperienced computer users. You can easily find him on facebook: http://www.facebook.com/ronen.shilo So obviously he is not very intelligent overall, just in business things if his numbers are to be believed.

A few interesting additional facts if you have also been fucked by his software: His websites conduit.com and especially bunndle.com currently do not adhere to law concerning the whois entries. (I have already filed complaints, but the more the better) The bunndle.com whois data leads you to a phone number which will play a recorded ring-back tone, so you have to pay the connection fee for a while until you realize that you are being fucked - again.

However, it won't hurt this guy even if someone would take down his company, since he has already sold it and moved on to further (probably also criminal) "projects" and besides he is rich like shit already, so that's not the way to hurt him. But he (yet) has a social life and "friends", so there will be other ways to make him aware of his mistakes. Which I will continue to do until he sends me a perfect apology. (this will never happen of course)

PS: I am sure it is just a matter of time ;) until a decent decompile turns up so that... well all grey hats will know what to do :)

Link to comment
Share on other sites


I don't find anything else installed after declining to have the optional stuff installed during install. Malwarebytes finds nothing suspicious scanning the c drive in sandbox.

G4VNFoy.png
ADMYPta.png

Link to comment
Share on other sites


Now, with all these various views am scared to even touch this Version ... Maybe i have to wait till everything is Straightened out .... Cheers Guys Keep up the good work ...

Link to comment
Share on other sites


jofre, on 15 Feb 2014 - 08:53, said:

~Well, I was wrong :-

Conduit Ltd - The Conduit Spyware Engine

It has been a while since I last had to fight a virus or malware but today I came across an especially nasty bit of spyware on my girlfriends computer: The Conduit Toolbar. It was drive-by installed through some other software, which AFTER installation provided a pre-checked checkbox with the caption "I have read and agree with the license agreement and privacy policy of xy toolbar and wish to install it." (wording may be a little different depending on which drive by you catch) It is really easy to overlook, even I nearly fell for it.

When she saw the first effects she called me immediately and I took a quick look. It was obvious that there was a big problem when I tried to find some way of removal via google searches. It turns out that not only there is no article with a solution, there are dozends of articles, forum posts and websites claiming the tool was harmless and could just be uninstalled using the normal mechanisms. These were obviously written by Conduit stakeholders.

So I started the tedious process of manually searching for rootkits and hidden files / startup entries / registry entries and so on. It took me almost a day(!) to get rid of the tool. This included blocking the website bunndle.com via the hosts file, through which the software re-downloads and re-installs itself after a partial removal. I also had to delete many registry entries and well hidden files all over the system. And of course I had to remove all browsers and re-install them.

I also analyzed some of the software and it turns out that this is a spyware and backdoor of the worst imaginable kind. Even worse, it will open up your computer to all kinds of additional malicious applications from third parties, which can be installed without you even noticing, once the primary backdoor is open.

After that I was very angry of course and started to prepare for some retailation / legal action. I filed an FTC complaint and other things, but usually such measures do little on the short term. So I researched the guy who is ultimately responsible for this crap: Ronen Shilo, an israeli nationalist who makes a living out of the misery of unexperienced computer users. You can easily find him on facebook: http://www.facebook.com/ronen.shilo So obviously he is not very intelligent overall, just in business things if his numbers are to be believed.

A few interesting additional facts if you have also been fucked by his software: His websites conduit.com and especially bunndle.com currently do not adhere to law concerning the whois entries. (I have already filed complaints, but the more the better) The bunndle.com whois data leads you to a phone number which will play a recorded ring-back tone, so you have to pay the connection fee for a while until you realize that you are being fucked - again.

However, it won't hurt this guy even if someone would take down his company, since he has already sold it and moved on to further (probably also criminal) "projects" and besides he is rich like shit already, so that's not the way to hurt him. But he (yet) has a social life and "friends", so there will be other ways to make him aware of his mistakes. Which I will continue to do until he sends me a perfect apology. (this will never happen of course)

PS: I am sure it is just a matter of time ;) until a decent decompile turns up so that... well all grey hats will know what to do :)

I wouldn't mind if some powerful hackers decided to take wealth away from such a people.

Link to comment
Share on other sites


If you choose DECLINE it still installs the Malware Conduit Search!

I pressed "Decline" and it didn't install anything. Tested on Win 8.1 x86.

Link to comment
Share on other sites


If you choose DECLINE it still installs the Malware Conduit Search!

I pressed "Decline" and it didn't install anything. Tested on Win 8.1 x86.

Yes it does with me.. :(

https://www.virustotal.com/en/file/6f570a6ab6aff575b8ffdc772a417215bb0cc4e79fb31507b4c705c319a0565a/analysis/1392470405/

Link to comment
Share on other sites


Personally, I kept v5.7 and I skipped v5.8 and v5.9.

Can you uload that version for me please?

Datafilehost please.. :)

Link to comment
Share on other sites


Yes it does with me.. :(

https://www.virustotal.com/en/file/6f570a6ab6aff575b8ffdc772a417215bb0cc4e79fb31507b4c705c319a0565a/analysis/1392470405/

Yes, I understand it shows as infected because the Search Protect setup is included. But, like I said, I declined it and it didn't install anything else. Sorry you're having problems.

Link to comment
Share on other sites


Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...