PDA

View Full Version : DriverCure - legit or malware?



nofam
09-07-2010, 09:28 AM
A client of mine rang me last night to say he now has a nag screen for this whenever he booted. The website for it looks legit, but he didn't knowingly install it, so is it a genuine driver update tool (which he doesn't need at any rate), or something more malicious?

kjaada
09-07-2010, 09:50 AM
See Here http://forums.techguy.org/virus-other-malware-removal/808060-driver-cure-problem.html
Looks suspect;

GreacherTech
09-07-2010, 10:12 AM
but he didn't knowingly install it

This alone should be cause for alarm -___-

nofam
09-07-2010, 10:19 AM
This alone should be cause for alarm -___-

Indeed - hence me asking; to be fair, the user in question isn't the most tech-savvy person, so a drive-by installation is quite likely! ;)

GreacherTech
09-07-2010, 10:24 AM
Well I've never even hurd of it, so yeah I would say it's malicious.

Would be good if I knew the process that was behind it though, then you could just check out processlibrary.com and look it up to make sure it was under there as a trojan or malware etc

icow
09-07-2010, 11:29 AM
Normally what I do is find the .exe process in Task Manager and then google it. or check http://www.processlibrary.com/directory/

GreacherTech
09-07-2010, 11:52 AM
Isn't that what I just said?

sroby
09-07-2010, 01:11 PM
I'd say it's Crapware (the technical term ;) ), bogus, probhably not malware.

Google:
"Drivercure is not malware.

Drivercure has been scanned by 41 AV engines and came up clean, see the results here:
http://www.virustotal.com/analisis/b548060e9f7551317785c78b7129a3e5e44538ae61a4d76559 ef34278c69550d-1252563198"

Paretologic are(or were) a ligit company, also sell what was(2 years ago) a good spyware scanner.

however, its not uncommon for some Malware to use a very similar name to Ligit products.

Sam I Am
09-07-2010, 01:11 PM
A client of mine rang me last night to say he now has a nag screen for this whenever he booted. The website for it looks legit, but he didn't knowingly install it, so is it a genuine driver update tool (which he doesn't need at any rate), or something more malicious?

Yeah he would have installed it, either as an add on to something he knew he was installing or clicked on the wrong download button on a web page.

kahawai chaser
09-07-2010, 01:20 PM
I run what's running net (http://www.whatsrunning.net/) to see what drivers, modules, TCP/UDP IP connections, etc are trying to be established or are present. Or use the netstat commands (netstat -a, and others).

I once found some rogue free screen saver sites trying to constantly connect which were not/or cannot be picked up by /antivirus/Hijack This/Malwarebytes, etc. Easy way to prevent connections/display was to edit the hosts file (as suggested by many others) by adding the rogue sites address to the hosts file.

Roger Hunt
09-07-2010, 03:40 PM
Yeah he would have installed it, either as an add on to something he knew he was installing or clicked on the wrong download button on a web page.

I agree he would have clicked on the wrong download button
The link for Driver Cure is on a lot of driver download sites as is one for Driver Detective
I would uninstall it with Revo Uninstaller.
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html