Saturday, August 23, 2014

How I got Trovi on my computer and why you should never install CDisplayEx

This post has moved along with the rest of this blog to WordPress please go to this link here: http://obscureproblemsandgotchas.com/uncategorized/how-i-got-trovi-on-my-computer-and-why/

19 comments:

  1. This program was caught by the AVG antivirus for me. Wanting to check if it was a serious threat, I found your point, and I'm sufficiently convinced. I'm curious if old versions of this software were similarly infected. There is a rather small list of .cbr readers, and there's no doubt that this plays into the strategy of getting such malware installed. I believe it's still top of the list for many related Google searches. But maybe it's only a matter of time before they recognize it too and put up warnings.

    ReplyDelete
    Replies
    1. You make a good point there - I am going to see if I can contact google about this. Not sure if they can intervene on this one or not (probably not). I am also going to contact the site's host. There has to be a guideline about this, they should not be hosted if they are harboring malware. Unless there is a legal loophole or something.

      Delete
    2. I found their DNS/Hosting information here: https://who.is/whois/cdisplayex.com and I wrote a complaint email to "abuse@support.gandi.net" explaining to them the situation. If this pans out I will update the article above.

      Delete
  2. Dear Infernape28,

    I took the liberty of deleting your comment instead of replying to it because I figured the amount of time and effort you spent on writing it was gratifying to you. I found it gratifying to delete your comment. Plain and simple, I downloaded the EXE from the site, wrong link or not, I found it on the site and it was infected. When they clean up the site I will update this article. Until then, I stand by what happened to me and probably others.

    ReplyDelete
    Replies
    1. Happened to me too, dude. That trovi shit is brutal to get rid of.

      Delete
  3. Same here. I installed it from www.cdisplayex.com, very careful to disable any proposed additional program, yet it changed chrome settings to Trovi, and installed Conduit software (SearchProtect).
    I hadn't had that kind of near-virus issue since the last millenium, as I can usually tell legit software from malware.
    CDisplayEx.com is really to be avoided. I had to install MawareBytes to disable all the malwares added...

    ReplyDelete
    Replies
    1. I want to thank you for sharing your experience. After I made this post the first reply that I got was from a user named Infernape28 who essentially said it was my fault for getting infected. Like I said in the post, I wouldn't post this unless I was sure and you are helping me prove that. Thank you.

      Delete
    2. This comment has been removed by the author.

      Delete
  4. I found your article after the fact and, yes, I should've researched it before downloading it but I didn't. I had to uninstall a bunch of malware including Chromium which was a bitch! I didn't get Trovi as far as I know, but I am looking for it. Thanks for your article, I wish i had seen it prior to my mistake.

    ReplyDelete
    Replies
    1. I'm sorry you had to go through this, we live and learn right? Unfortunately there is a community of zealous trolls out there too that stand by CDisplayEX stating that there is nothing wrong with the software and it is just that site that got hacked - they blame us for downloading it. Hopefully you can fix your computer and get past this, I recommend Comic Rack in the mean time.

      Delete
  5. Well, that's irritating. Avast flagged something up after I installed CDisplayEx last night, but I looked up the error and it said it was a broad-spectrum warning so I thought nothing of it. I saw Chromium had been installed too, but it's the browser I use on my laptop with Ubuntu on it so I thought I'd just missed one of those annoying check-boxes with the install. I uninstalled it with Programs and Features, but when I started my computer this morning it opened up anyway. Scanned with Malwarebytes, and sure enough, it found four of the PUP files in my registry. Fortunately, Chrome warned me when the Chromium extension tried to install itself in my browser, and looking through the AppData folder it looks like it didn't find its way in.

    Regardless, it's taken a fat dump all over my registry, so now I've got to go through the rigmarole of removing it. I should have done more research before hand. Anything I need to look out for?

    ReplyDelete
    Replies
    1. Status update:

      Malwarebytes just finished scanning. It found 1731 threats all in all, which all look like they came from the same trojan. Here's a list of the files it found:

      http://pastebin.com/tTXSqBrg

      Delete
    2. I'm sorry to hear that this happened to you. I don't have anything more to contribute other than it seems like the malware that is embedded into CDisplayEx is evolving quite a bit. I hope the responsible parties burn in hell. Worst case scenario, not that it is fun to do, wipe your drive if you can't fix it.

      Delete
  6. Massively disappointing, especially since CDisplayEx is the best comic viewer I've ever used.

    ReplyDelete
    Replies
    1. I agree, I remember liking it a lot. Check out Comic Rack, it is pretty good in comparison.

      Delete
  7. Thanks for your dedication and share. I was about to install it when Avira rung the bell. Any suggestion for a light weight comic book reader for Windows?

    ReplyDelete
    Replies
    1. I don't know about light weight, but comic rack is awesome. http://comicrack.cyolito.com

      A friend of mine who is heavy into comics recommended it to me. It's free, tablet compatible and virus free which is always a plus.

      Delete
  8. Was looking for a comic reader and it's a shame that it is one of the first results that comes up on Google. Nearly got infested, thankfully I had Avast installed and was able to remove the crap that it comes with. Thanks dude, keep this up.

    ReplyDelete
    Replies
    1. Thank you. Glad you were able to avoid any major problems.

      Delete

Note: Only a member of this blog may post a comment.