Unchecky. A tool you may find useful

I've checked the site, because of user comments after the article. It's clean.

 

http://www.techsupportalert.com/content/automatic-warning-if-youre-about-install-unwanted-software.htm

 

 

I've checked the site, because of user comments after the article. It's clean.

 

http://www.techsupportalert.com/content/automatic-warning-if-youre-about-install-unwanted-software.htm

 

 

Looks like they have some site problems ?

Yes, Hugh. Looks like it. I checked the site for malware,so it was operational then. I also see it's in beta,so folks should use caution.

What's a simple system crash among friends? Just a way of finding bugs that need to be fixed!

 

win7,64bit, ns22.7.1.32, sandboxie5.12, cryptoprevent4.7.21, mbam free, unchecky, ff48.0.2/ubo. i used unchecky for a couple of years. i have it on all of my machines, on all of my friends machines, and i install it on on any machines i work on. like anything its not 100%, but its damn close. its a set and forget program that updates automatically and it will tell you when it blocks something. very good tool (esp. for people who download a lot from cnet, etc, etc.

20750065:

@lmacri: the latest download of Unchecky works for me, as it (at least) automatically & successfully disabled the option for downloading/installing the infamous Trovi/Conduit Search and other known PUPs (shown below). And, I got several warnings from Unchecky when trying to click on the "Next/Accept" button, saying "By clicking this, you may install a program you didn't intend....

 Hi 20750065:

Thanks for the feedback.  I'm fairly meticulous about checking for bundled PUPs but I might give Unchecky a test run of my own now that it's out of beta.

Furthermore, keep this folder@ C:\Users\TEST\AppData\Local\Temp\nsgBB74.tmp in mind, as you can find something interesting: the following files were created (erased) when the said sample was launched (the install process failed).
 

I had a similar experience a few years ago when I ran an installer for a utility called BatteryCare.  I declined the installation of the bundled Amazon browser toolbar but a Malwarebytes Anti-Malware (MBAM) scan detected and removed an OpenCandy component (file C:\Users\<username>\AppData\Local\Temp\is-U0PHM.tmp\OCSetupHlp.dll - detected by MBAM as PUP.Optional.OpenCandy) that the installer still managed drop in my AppData\Local\Temp folder.
------------
32-bit Vista Home Premium SP2 * Firefox v48.0.2 * NIS v22.7.1.32 * MBAM Premium v2.2.1

@lmacri: the latest download of Unchecky works for me, as it (at least) automatically & successfully disabled the option for downloading/installing the infamous Trovi/Conduit Search and other known PUPs (shown below). And, I got several warnings from Unchecky when trying to click on the "Next/Accept" button, saying "By clicking this, you may install a program you didn't intend."

20160830044443.png(sample sha256: 04988e53180c8a13e42fe1ff6022aeaac2e905e18b60d156ced6e573304e8e6e; more, turn off Norton's protection, visit ourtoolbar dot com; run your download on a W 7 computer (recommended).

20160830044926.pngBTW: Detected PUPs were MyPC Backup, WinZip, and PC Speed Up.

20160830044953.png20160830045026.png20160830045055.pngFurthermore, keep this folder@ C:\Users\TEST\AppData\Local\Temp\nsgBB74.tmp in mind, as you can find something interesting: the following files were created (erased) when the said sample was launched (the install process failed).

20160830050439.pngHave fun if you have a VM. :)

 

 

I still haven't tried this tool yet, but the changelog at https://unchecky.com/changelog now notes that Unchecky is out of beta and "stable enough for everyday use" as of 21-Aug-2016.  An updated v1.0.1 was released today (22-Aug-2016) with a minor bug fix for hangs with NSIS installers.

Has anyone tested Unchecky lately to see how well it catches PUPs bundled inside software installers?