How to report unsafe software?

Norton Security | Norton Internet Security
1

This has already been asked, but the link posted in this thread only allows uploads up to 20 MBs in size.  The installer I am attempting to report as potentially unsafe is 122 MBs.  I've attempted to report the download using the Norton Toolbar, but even though I was able to report the direct URL of the file, I was not able to add any details to explain why I expect it is dangerous.

 

The page that has the download can be located here and the download link can be found at the bottom page leading to <Removed> .  The reason why I expect this is dangerous is once installed, you can't uninstall it.  The program loads itself into memory as soon as it's installed on the admin level (possibly because I had to run it as admin to install it) & whenever the computer is booted up regardless of whether you disable it from loading on startup or not.  The process cannot be ended through the Task Manager & the uninstall always fails because you can't kill the process under any means.  The only way I was able to finally remove it was to system restore to before I installed it.  I do not know if it is actually dangerous or not, but as soon as I installed it, it was immediately attempting to access the internet (which I blocked through the Norton Internet Security firewall).  Norton currently has this marked as safe (both the site & the download), so I'm attempting to have it looked at again to make sure this is actually the case.  Programs that do not allow you to uninstall them or to kill the process are potentially unsafe as far as I'm concerned.

 

 

[Edit: Removing direct link to a  potentially malicious executable file to conform with the Participation Guidelines and Terms of Service]

2

This has already been asked, but the link posted in this thread only allows uploads up to 20 MBs in size.  The installer I am attempting to report as potentially unsafe is 122 MBs.  I've attempted to report the download using the Norton Toolbar, but even though I was able to report the direct URL of the file, I was not able to add any details to explain why I expect it is dangerous.

 

The page that has the download can be located here and the download link can be found at the bottom page leading to <Removed> .  The reason why I expect this is dangerous is once installed, you can't uninstall it.  The program loads itself into memory as soon as it's installed on the admin level (possibly because I had to run it as admin to install it) & whenever the computer is booted up regardless of whether you disable it from loading on startup or not.  The process cannot be ended through the Task Manager & the uninstall always fails because you can't kill the process under any means.  The only way I was able to finally remove it was to system restore to before I installed it.  I do not know if it is actually dangerous or not, but as soon as I installed it, it was immediately attempting to access the internet (which I blocked through the Norton Internet Security firewall).  Norton currently has this marked as safe (both the site & the download), so I'm attempting to have it looked at again to make sure this is actually the case.  Programs that do not allow you to uninstall them or to kill the process are potentially unsafe as far as I'm concerned.

 

 

[Edit: Removing direct link to a  potentially malicious executable file to conform with the Participation Guidelines and Terms of Service]

3

Hang on for some help on how to deal with a problem like this. It may be a false positive since Norton Safe Web reports the site as safe.

4

That's the problem actually.  I can see the site is safe, but the download of the program is what I believe to be potentionally dangerous.  Norton reports the installer to be safe, but I seriously don't believe that's the case with the behavior I ran into when I installed it.

5

OK -- can you give the name of the downloading file, without making it a live link as before?

 

While waiting for some help on reporting the specific file ..... have you seen this on the Arcsoft website?

 

http://www.arcsoft.com/support/technical-assistant.html 

 

There's a section on uninstalling

 

Also this frustrating one http://www.cybertechhelp.com/forums/showthread.php?t=218209  where the OP asks for the message to be removed because he found a solution but does not say what it is!

 

If you want to do a thorough clean up of your installation of Arcsoft, regulars here know I like the free Revo Uninstaller because it does a wonderful job of tracking down and removing files and registry entries left after the normal uninstall procedure of Windows.

 

I particularly like it since it automatically makes a system restore point and while it begins with the normal Windows uninstall routine it offers you two further clean up steps and shows you exactly what it is going to do before you tell it to go ahead.

 

One Catch 22 to watch for: when it runs the standard Windows Uninstaller you may see popup the application's standard "Restart your computer to delete files in use by WIndows" or words to that effect. DO NOT tell it to go ahead or you will find that after the computer restarts you have to start up Revo Uninstaller again and it can't find the jumping off point because the main files are gone!

 

So [X] or whatever on that popup or ignore it if it will pop into the background and then Revo will ask if you want to go to the next stages that you checked at the beginning.

 

Maybe Revo have fixed this by storing information but I've not tried recently to see so I do as above.

6
huwyngr wrote:

OK -- can you give the name of the downloading file, without making it a live link as before?

showbiz5_retail_tbyb_all.exe

huwyngr wrote:
While waiting for some help on reporting the specific file ..... have you seen this on the Arcsoft website?

 

http://www.arcsoft.com/support/technical-assistant.html 

 

There's a section on uninstalling

I tried this already.  I'm a computer technician, I knew what I was doing.  The processes in that thread were not the problem, the problem was the executable on the program itself was not letting me kill it (ShowBiz.exe I believe).  The program was immediated loaded into memory after being installed & immediately after a reboot even after attempting to disable it in Services (you couldn't even kill it through Services).  You couldn't kill it regardless of what you tried.  I finally managed to remove it by system restoring to before I installed it.

7

<<  I finally managed to remove it by system restoring to before I installed it.  >>

 

As a computer technician you'll be able to tell me something that I've wondered about -- doing a system restore would only remove references to the file but not the file itself?

 

Or did you mean that then Windows allowed you to delete it?

8
huwyngr wrote:

As a computer technician you'll be able to tell me something that I've wondered about -- doing a system restore would only remove references to the file but not the file itself?

 

Or did you mean that then Windows allowed you to delete it?

Not exactly.  Depending on whether you have system restore set to back up your hard drive changes or not, it would also remove/restore any files added/removed from the current state back to the restore point.  I personally have it enabled only on my OS drive, the other 3 drives do not have it enabled on it.  So when I restore to a restore point, it not only restores the registry, but also reverts any changes that were made between the restore point & my current running state (this even means reinstalling programs I may have uninstalled since then) on my OS drive.  Seems your documents get untouched, so it's possible that files from that installation may still be in there (I haven't checked yet), but even if they were, then wouldn't be running given the fact that the references were removed from the registry when I restored the registry.  So the program ended up getting uninstalled in the restore except for maybe some traces left behind in my documents folder.

 

Let's say that I didn't have hard drive changes set to be backed up by system restore.  You would be correct in this case.  The program would be removed from the registry & not be running on startup unless it was added to the startup folder in your Start Menu (I can't really answer this one as I haven't ever disabled backup of hard drive changes on my OS drive, but it's possible that reverting these changes in the registry will also remove them from the Start Menu).  Once the the registry is restored, the program shoudn't be running on start up anymore (except in the case above), where you can simply delete any directories that were left on your hard drive from the installation.

9

Thanks very much for the detailed explanation.

 

It's a feature I've never used and certainly not set up in any particular way.

 

I've posted a request for help from those who know the reporting system.

10
huwyngr wrote:

Thanks very much for the detailed explanation.

 

It's a feature I've never used and certainly not set up in any particular way.

Glad I could help, I hope it will help you in the future, I know it has for me.  I will mention that certain malware can disable it, however.  Seems they know where to target & have the capability of corrupting the feature.  It's also possible for viruses to target that data & add additional data into restore points, making those restores useless.  I've only after had this problem on XP, never on 7, so you may find yourself unable to use this features if it's been targeted by malware on older systems.  It isn't apparent that it's been disabled until you try to restore your system & get an error message that the restore failed after reboot.  You're pretty well stuck with just reinstalling your computer at this point if you can't use system restore & it's the only way to fix your problem..