PageRage found mysteriously on my system

It has been ages since the last time I got a virus, maybe 10 years. I'm a sensitive user and I know what a "double click" actually means.

Some minutes ago I've seen my Google searches, on both Chrome and IE, were altered by some nasty ads. I've quickly found that the ad stuff had been installed with PageRage: I removed it and it seems everything has gone away.

Now the problem: how the hell did I install a crap like PageRage? I use to enforce severe security patterns (no unsigned executables, no cracks, no strange stuff, ecc...) and just imagine my face when I discovered I had PageRage (a thingie that will apparently change the background of your facebook profile, who the heck needs this...) installed on my system!

My question is: do you have any clue on how I could get this crap and do you think I should, however, format my hard drive? Please note this machine has to be secure, I'm not a 14-y old boy that plays online flash games, I'm a software developer and webmaster and I handle critical sensible data.

virus

gd1

Posted 2011-06-17T22:33:30.747

Reputation: 490

1Unfortunately any answer is just conjecture, and isn't really suited for a question like this. I don't know that anybody can offer you anything other than generalized security advice, which the site is full of... – Shinrai – 2011-06-17T22:36:43.117

You right. The problem is that I really don't know to react to this. My only hope is somebody had the very same problem. – gd1 – 2011-06-17T22:40:03.520

@Giacomo - I am sure I'd have flipped my lid as well. – Shinrai – 2011-06-17T22:41:21.803

Now I cannot trust this system completely. I have to format and reinstall anything. – gd1 – 2011-06-17T22:42:43.643

1If the machine is that sensitive, you should consider just not doing your browsing on it at all. Here's an extreme example: a lot of my clients are daytraders. It's not uncommon for them to have one computer dedicated to pleasure, one for general work use (email, browsing), one for nothing but charting the markets, and one for nothing but executing trades. It's as sanitary as you can get it. (Of course, it's also expensive, but you could replicate this effect with a virtual machine or two.) – Shinrai – 2011-06-17T22:53:55.153

1I think I've found the cause. I've downloaded a trial of UltraEdit from a website which is not the official one... I didn't want to crack it or whatsoever, just have my trial. Problem is that the executable has been altered (digital signature, in fact, has been removed and I didn't manually check it). I'm a moron! That means, however, that this PageRage crap plays a bad game. Beware. – gd1 – 2011-06-17T23:01:38.033

@Giacomo you should post that as an answer – Sathyajith Bhat – 2011-06-18T05:49:54.823

Answers

I've found the cause. I've downloaded a trial of UltraEdit from a website which is not the official one but one of those shareware "aggregators"... I didn't want to crack it or whatsoever, just have my trial. Problem is that the executable has been altered (digital signature, in fact, has been removed and I didn't manually check it). I'm a moron! That means, however, that this PageRage crap plays a bad game. Beware.

PS.: since the system become untrusted, I formatted my hard drive and reinstalled everything. A pain in the neck, but I deserve it.

gd1

Posted 2011-06-17T22:33:30.747

Reputation: 490

Surely the fault is more with the "aggregator" site you used rather than specifically PageRage. Granted getting companies to bundle your software in with legitimate software is not friendly but to me the main blame lies with the company that actually did the bundling in the first place. – Mokubai – 2011-06-19T08:38:35.177

First of all, the fault is mine. :) But if we look at where everything started, well I don't think the "aggregator" created the poisoned bundle for the sake of doing it, there's probably a deal between PageRage (which is crap but totally legitimate, if installed by the user, but I think THEY created the poisoned bundle) and some distributors. UltraEdit in this case suffers the major damage. It's most certainly an aggressive marketing technique by PageRage wheeler-dealers. These crappy pieces of software always need a fast and dirty way to spread. – gd1 – 2011-06-19T08:49:36.880

Just to see, what OS is this in?

Unless you check the hashes and checksums on all the files you download you might have brought something in without knowing. Either that or someone else sent you something or used your computer and unknowingly did something to open themselves up.

People have sneaky ways of getting software on to your computer.

n0pe

Posted 2011-06-17T22:33:30.747

Reputation: 14 506