We’ve all seen it before, crapware packed into an installer for an otherwise great app. I think most people understand that sometimes this is a necessary evil to support starving app developers everywhere. But what if ads and junkware were included by the company hosting a download for the software and it was ambiguous if any of the funds even went to the developers at all? This is what I heard about the CNET Installer, an application that I had never tried before since I usually download directly from the developer. According to a thread on a popular social media site, this program’s only benefit to a user is its claim to improve download reliability, but in reality the purpose of this software is its ability to sneakily attempt to install crapware on your computer. And why does it do it? This crapware is put into the installer by companies paying CNET to put it there. CNET is literally getting paid to sneakily attempt to install garbage on your computer. It sounds crazy that a reliable company like CNET would resort to these kinds of advertising tactics, so I had to investigate for myself. If CNET’s download installer really is a crapware trap, the scary part is how many people are falling into it. According to CNET it has received over 751,418 downloads which included 97,556 just last week alone. At this rate it will soon be over 1 million downloads and likely close to as many computers infected with its alleged crapware. My Investigation is long and drawn out, so if you’d like to just skip to learn how to avoid becoming a victim of crapware via CNET, scroll down.
The Verdict – Is CNET’s installer just a scam to infect your computer?
I was mostly convinced this was going to be bad based on previous experiences with bundled crapware, but the only way to be sure that the rumors were true was to give it a go myself. I went to CNET and decided to download a program called Mangofile using the CNET Installer. Here’s what I ran into:
On the very second page of the installer was what at first glance appeared to be the Terms of Service checkbox for the app I was downloading. But alas, it was a trick! This wasn’t the TOS I was looking for, it was a installer acceptance box with light-gray text. The fine print next to it clearly says that it’s going to install SweetPacks toolbar! Well, they didn’t manage to snag me on this one. I was sure not to check that little box. So I left it unmarked and clicked onto the Next Step.
What’s this? Another Terms of service? Of course I’ll just click the green box right where my mouse already is and accep… wait a minute. This is another load of crapware! Look at the left side! DefaultTab Search Bar and TopArcadeHits? If that doesn’t sound like crap then I don’t know what does. The way around this one was to click the Decline button, so that’s what I pressed.
This screen is even telling me to “Click ‘Accept’ now to continue my installation” so that’s just what I’m going… wait a minute, this is another page of crapware! What the heck is Wajam? That’s not the application I was trying to download… That makes 3 attempts to get me to install crapware. I clicked Decline again and was finally taken to the screen where the program I actually wanted would begin downloading.
After 3 pages of crapware installation attempts, guess what? My download froze. It got to 8.5MB out of 26.5MB and then stopped downloading. I let it sit for about 5 minutes and after it had made no progress I canceled. I didn’t even install the Mangofile that I was originally after. And then I noticed something strange, my Google Chrome browser that was running in the background crashed out. Luckily I didn’t have any unsaved data open it, but that was certainly odd wasn’t it? Well it made me suspicious, so I went to take a look. It turns out that even if you don’t check the box to accept installation, the CNET installer will still install the crapware from the first box. So just letting the installer get to the download page will be enough for you to have fallen into the trap. I was absolutely sure not to accept any of the software that they planned to install, but as you can see in the screenshot below it still installed SweetPacks.
Time to uninstall. I selected all of the SweetPacks programs and then clicked the uninstall button.
Strangely enough, an IB Updater Service prompt appeared and asked me to enter a captcha during uninstall. This is the first time I’ve ever seen a program require a captcha to uninstall, and it surely didn’t ask for a captcha when it installed itself earlier without my permission. Captcha is for security, why in the hell would you need to verify so closely that you want to uninstall something! With no more entries left in the Programs & Features section of the Control Panel it was time to be sure.
I had uninstalled all of the SweetPacks programs from my control panel. Everything should be gone, right? Wrong. The uninstallers don’t actually remove anything. I pulled up a quick search of my drive for files that were recently modified and found quite a few. In particular two entire system folders were created in C:\Program Files.
Within each of these directories were full on SweetPacks applications. I did the sensible thing and manually deleted them by going up a level and removing the entire folder. However not all of these files were removed easily.
In the Updater by SweetPacks directory I ran into a problem with ExtensionUpdaterService.exe – it wouldn’t delete. It turns out that it was already running and would first have to be closed.
To do so I opened up the Task Manager and selected to view processes from All Users. Then I just right-click on the ExtensionUpdaterService.exe and ended it. The file deleted without a problem after it was no longer running.
Next up was a few leftover file scattered about my AppData folder. I used Everything Search to find them and then I removed all of these and anything else I could find that had “sweet” in the name.
In all of my browsers except for Chrome, CNET had installed SweetPacks Toolbar and let it hijack my browsers’ Home Page. This was easily rectified by removing the toolbars and changing the homepages back, but it was still a pain to fix it in both Firefox and IE.
After I finished with Firefox & IE it was time to scan the registry. Chrome wasn’t affected, I think mostly due to it crashing during the installation.
I performed a quick memory scan with CCleaner and found several entries that the installer never bothered to remove. These cleaned up easily enough. Now call me paranoid, but I wanted to be sure that I had removed everything to do with this CNET installer debacle. So I ran some scans using some free tools in the following order:
AdwCleanerMalwarebytesHitmanPro
After all of that I ran another file system scan and everything looked clean. Hopefully it’s all gone. I don’t even think Brian’s method of uninstalling software would have been 100% effective with this royal mess!
How to Avoid the CNET Installer and its Crapware
The easiest way to avoid your computer getting infected is obvious: avoid downloading from CNET & Download.com! Unfortunately some programs are hosted exclusively on Download.com and you might not have an option. In these cases there are still a few ways around the crapware.
Only use Direct Download Links when possible. If your download link contains “cbsidlm” at the beginning of the filename, abort! It is the CNET Downloader…remember that CBS Broadcasting, Inc. is the Parent company of CNET.Add “&dlm=0” to the end of your download links. For example if your download is:http://download.cnet.com/Tropical-Island-Escape-3D-Screensaver/3001-2257_4-92094.html?spi=ad31aa7581c9b6ecfe6e0740a9ed58feChange it tohttp://download.cnet.com/Tropical-Island-Escape-3D-Screensaver/3001-2257_4-92094.html?spi=ad31aa7581c9b6ecfe6e0740a9ed58fe&dlm=0Install Greasemonkey for Firefox (Tampermonkey on Chrome)and use this script to prevent your browser from ever downloading the CNET Installer.Also, if you’re going to install the essential free and open source software like Firefox, Thunderbird, VLC, FileZilla, or Evernote — heck even the runtimes like Java (if you must) Sliverlight and Shockwave — Use Ninite if you can. One of the staples of the Ninite service since its inception is to never allow toolbars or extra junk to be installed.
Conclusion
CNET monetizes many of the programs available in its software download section, also known as Download.com. This is done through its CNET Installer application, which is touted to improve download reliability, however in my case it didn’t even do that as my download froze. The CNET Installer will still install crapware (possibly adware) on your computer even if you choose all of the options saying you don’t agree with it happening. Overall the CNET Installer a great runner up one of the worst pieces of software to ever be put on charade as something useful. Watch out for it the next time you find yourself downloading something from this company. And make sure to tell your friends and coworkers to stay away until the site gets a respectable download policy back in place. “Script retired – This script has been retired because it is no longer needed, as Download.com now provides a “Direct Download Link” below their bundled download links.” In the beginning, in a rather odd place it says “Editor Note: The Download Now Link will download a small installer file to your desktop. Remain online and double-click the installer to processed with the actual download.” Anyway, I didn’t go through with the full download and infect my test computer, but I got far enough to be enraged. First it offered me Delta Toolbar, Search engine and home page hijack with the same delta crap. I had to uncheck three boxes to continue. That wasn’t it though! The second offer was for Safe Saver another browser, search engine and , homepage hijack for deals, cuz I don’t now how to shop right? Continuing on to the Third… yes Three different worthless offers. This time it was for a “Snake-oil Registry cleaner app that said it will improve your computer speed by 300% YES 300% faster guaranteed! After that I just shut the whole thing down because it was very funny on one hand, and on the other irritating as hell. CBS is the parent company of Cnet and Download.com — I guess they didn’t make enough ad money for the Super Bowl and need to nickle and dime us little guys to gain even more browsing habits for the perfect million dollar 30 second commercials next year! I will be doing some more research into this CNET debacle and the growing phenomenon of type of outrageous crap. SourceForge.net is the next on the dark side block. Not as blatantly evil as Cnet, but close. Thank you for the eye-opening article and please, keep up the great work in protecting your web audience! Either they admit to it, and promise to fix it, or they deny it, and we have learned that they are permanently on the dark side, and millions more will dump them completely. It actually kind of sad, as CNET does have a bunch of promising young writers over there….. Great article Austin. My computer is fine. Checks out with scans too….. But yes, we usually always throw a bone to those we quote or mention. So I hope they realize the error of their ways and make amends & SOON!!!! Thanx for all you do Austin!!! Major Geeks and Snap Files have plenty on offer and at least have the courtesy to warn you if a program attempts to install crap-ware. Here are some tools that are pretty good at cleaning the mess if you’ve been caught out: avast browser clean-up, adwcleaner, and spyBHORemover. THANKS for all your efforts and a great informative article. Sad that CNET has sunk to such low , deceptive tactics. To all who read the article — tell your friends and anyone about the evil of CNET / DOWNLOAD.com. Peer pressure, if enough people respond, is great and will work. Look forward to Brian Burgess follow up article and to response from CNET. GroovyPost –be sure to descriptive notice in your web cast. But I got SweetPacks AND PC Optimizer Pro. The PC Op. Pro pop up down near the date/time is what alerted me to something being wrong. I opened a new FireFox tab to “Google” info about it and instead of Google, I saw Bing (sans the cool pics associated with Bing). Frankly, I think this should be illegal as even opting out of the crap does not stop it from being installed and taking over. I now will NEVER use CNET again, and will share this article on Facebook! Thanks for the help in getting rid of it too! Yes, there are some sites that are free of crapware. Here is one site, may or may not be of use to you (site is a clean up utility for PC’s), but answers your question. Below is text from web page, notice last line. I recommend the user community “demand” this type of clear wording and the vendors be held accountable. May be have groovy post start a “Dark side do not use list” That is, e.g. respect that “NO I do not want your crapware” and uninstallers that install EVERYTHING that was installed. Text from web site (URL is shown on last line): Totally Free You don’t have to pay a dime, go buy yourself a cup of good coffee instead.. . Small & Portable With a size of only ~45 MB, Switchblade will fit on pretty much any storage media available. No Malware, Spyware or Toolbars I nor any third party applications use toolbar infested malware-installers. – See more at: http://switchblade.helgesverre.com/#sthash.XCsApk0l.y6janjb9.dpuf http://switchblade.helgesverre.com/#sthash.XCsApk0l.y6janjb9.dpbs Glad the community like my “Anti-Adware” views :D Fun stuff on the internet today. ;) And now, if you’ll excuse me, I have some open source software to compile from source. Foolproof? Hell, no. A vast improvement over downloading from what used to be a fairly trustworthy source? You bet. I used to believe that CNet was a trusted site. Now they are among the pantheon of most malicious web sites on the net. Who is the jerk running that show? He/She must have been hired away from some porn site that earned coin using these tactics. So I hope they realize the error of their ways and make amends & SOON!!!!” ————————————————————————————————— They are not getting better, they are getting worse. I have decided to contact the BBC and FOX and see if they would enjoy kicking a competitor around a bit. Seeing BBC news and FOX news trashing CBS for buying CNET and filling it up with shatware would put a very large smile on my face. Well, it turns out that SpyHunter renews every 6 months, and coincidentally, after declining the renewal, and uninstalling SpyHunter, not only do I STILL have SpyHunter installed (and auto scanning without my permission), but I have SWEETPACKS AGAIN – even though I have not installed any new software from anywhere! I uninstalled about a month ago by going to: Control Panel/Programs and Features and uninstalling from there. It is not showing up there now, but it still runs scans, finds something every time, and uses fear tactics to get me to pay them for another 6 months – because they won’t “fix” the issues they say I have until I pay them. I searched my registry today & found the sweetpacks that SpyHunter found today. I’ve been declining the renewal threats for about a month and have NOT installed any new software in way longer than that! GroovyPost: please investigate SpyHunter! I would love to know if they have a business deal with CNET! It also sounds too coincidental that these unwanted scans with this unwanted scanner finds the exact same malware on my computer today that prompted me to purchase their help in the first place 7 months ago. I smell a crooked, stinking, thieving fish! Same thing happened to my mothers computer. Wiped it and rebuilt it during my monthly dinner visit (aka – pc support visit) being that I had no idea what the grand kids had done on it… When I say same thing — I mean an AV company used fear to get a purchase then hounded her when I had her cancel it via their website (and via the credit card company). Will take a look at SpyHunter. See what we can dig up. Article added to the writers queue! -S Goodbye, CNET, I wish I could say it was fun. My guess is that eventually – when their traffic drops off they will issue an official apology or excuse. Too late – I will never trust Cnet again. NEVER! Somebody please file a class action suit. These programs, no matter what they claim, are malware and do cause problems on every computer they are installed on – and they know it. That’s why they sneak in the install when you really don’t want it. Check this out: http://netsecurity.about.com/od/antivirusandmalware/a/The-Shadowy-World-Of-Malware-Affiliate-Marketing.htm I’m with you, if you find a class action law suit! It’s been almost 9 months, and I’m still dealing with the repercussions! I don’t have a problem with profit, just lazy, obnoxious faggots who spam me. Thanks for the article. I’ve starting seeing a lot of such download sites including the good reputed ones like CNET promoting malware offers. It’s ridiculous what these sites can do for the sake of earning some additional revenue. Giants like Google should slap sites like these from their index. Dave Never again. I’m surprised there still around. Comment
Δ