This is a new post following on from the discussion kicked off by @kartal
on « on: 2010-01-06, 15:58:54 », Nch Software
I had been trialling some NCH Software over the last few weeks, and noticed that they sometimes seemed to do what I think can best be described as a complex "Trojan bait-and-switch"
. This is stuff which would probably be illegal in some countries, but perhaps not in the US or Germany - which seem
to be a couple of the locations that NCHS websites route you to.
This had started because I got a free licence to something - NCHS Doxillion a "Document Converter" (probably via Bits-du-jour), that appears to do nothing much that you can't already do with existing software. That is, it apparently adds no value to anything. Doxillion invited me to try some other "free" stuff to expand its functionality, which invite I accepted, and I rapidly found I was getting additional software installed that had limited free functionality and was actually nagware - you had to pay money to enable any of its useful features. So it seemed to be a classic "Trojan bait-and-switch"
scam, with Doxillion as the Trojan.
I therefore rapidly uninstalled the nagware bits using Revo Uninstaller on it's "Advanced" setting, and ringfenced Doxillion like a virus, thinking about investigating it, and then fell very ill with the flu (just getting over it now), so did nothing for a couple of weeks meanwhile.
Today I downloaded something called "Clover 2"
(a tabbed Windows Explorer replacement with a Chrome-like interface), which I had read about, and which, on googling, I saw had for several months been pushed by some websites as worth looking at. So it could be interesting.
It installed no probs and seemed to be legit. I kept it isolated behind my firewall and didn't let it phone home until it seemed to want to legitimately check for a version update. It came from a Chinese or Korean website, which had an English page: http://ejie.me/clover-wings-for-explorer
. That's just one of the links - it seemed to have several different sites/links/routes to get to the same thing, so my alarm bells were ringing.
I should say here that I don't need a Windows Explorer replacement - I already have a superb one (xplorer²). I was looking at Clover 2 purely out of interest in that type of software.
Anyway, when I used Clover 2 to open a compressed file, it said I needed an "external component" and asked permission to download it. I OK'd that and let it through the firewall, and then, quick as a flash it had downloaded and installed "Express Zip"
from NCHS, which promptly started to do the old "bait-and-switch"
and nag/ask for money scam thing. So this was a "Trojan bait-and-switch"
scam, where Clover 2 was the Trojan.
Therefore, using Revo Uninstaller, I have just uninstalled:
My recommendation is that the NCHS website should be listed as a highly dubious scam site.
- Clover 2
- Express Zip
To protect myself in future, I shall see about getting it into my Malwarebytes blacklist, so it protects me in real-time browse mode. That way, any software like Clover 2 will have its call intercepted and blocked when attempting to hand me across to the scam site address.
Be warned: NCH Software - "There Be Dragons"