berty.heim Posted November 21, 2019 Share Posted November 21, 2019 Hi guys, Surprise Spy (CocCoc) in latest version IDM 6.35_12 HK_CURRENT_USER / SOFTWARE / CocCoc Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted November 21, 2019 Share Posted November 21, 2019 Eh?? IDM works totally normal and there is no CocCoc at all, also not in my registry. So......... Better ONLY use the original installer! Link to comment Share on other sites More sharing options...
Quilva Posted November 21, 2019 Share Posted November 21, 2019 Its look like you got infection from other source...... I used it from Nsane and work clear... Also tested these 2 repacks made by other peoples in my vmware malware lab and also look clean. If you have still this instaler plz reupload me it i will check it out in free time :) Link to comment Share on other sites More sharing options...
berty.heim Posted November 21, 2019 Author Share Posted November 21, 2019 I just reinstalled under VMware the application downloaded directly from IDM, identical result HK_CURRENT_USER / Software / CocCoc Il y a 11 minutes, Quilva a déclaré: On dirait que vous Avez Été infecté la source par ...... Une autre regard Je l'ai sous Nsane et used je travaille bien ... Nous Avons also tested 2 bureaux à jour EFFECTUEES mises par d'Autres personnes Dans mon labo de logiciels malveillants vmware et également une apparence propre. Si vous avez toujours cet instaler, vous devez le télécharger à nouveau, je le vérifie pendant le temps libre Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted November 21, 2019 Share Posted November 21, 2019 Old rule: Patch the installed IDM before running it!! And works still perfect with @Ali.Dbg. And for sure no CocCoc, whatever that might be... Link to comment Share on other sites More sharing options...
DeLtA Posted November 21, 2019 Share Posted November 21, 2019 IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc). Spoiler Link to comment Share on other sites More sharing options...
berty.heim Posted November 21, 2019 Author Share Posted November 21, 2019 Ok thanks Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted November 21, 2019 Share Posted November 21, 2019 12 minutes ago, DeLtA said: IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc). Hide contents But that would mean that HE has installed already that weird browser, right? Because in my registry is still nothing like that. Or only comes in a new install or some other software blocks it. Anyway... Looks for sure not dangerous. Link to comment Share on other sites More sharing options...
berty.heim Posted November 21, 2019 Author Share Posted November 21, 2019 4 minutes ago, Israeli_Eagle said: Mais cela voudrait dire qu'il était déjà installé ce navigateur étrange, non? Parce que dans mon registre, il n'y a toujours rien de tel. Build 6.35_11 no CotCot 😜 Link to comment Share on other sites More sharing options...
Quilva Posted November 21, 2019 Share Posted November 21, 2019 hahahahaha Vietnam Browser and wonder why he got injection... probably IDM need this to hook process to this browser for working propertly.. lulz Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted November 21, 2019 Share Posted November 21, 2019 3 minutes ago, berty.heim said: Build 6.35_11 no CotCot 😜 LOL... Anyway, does not look dangerous and nothing to worry. Link to comment Share on other sites More sharing options...
Stig Posted November 21, 2019 Share Posted November 21, 2019 Yes, Build 12 has it. Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted November 22, 2019 Share Posted November 22, 2019 I also tested it now in a 'naked' Windows as VM. And yes, it came into the registry. But ONLY there! So as @DeLtA told already, it's only a new feature. Nothing to worry, guys. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.