Posted as a warning and for information/use of other DC denizens.
Following a link in
Lifehacker,
oCam Supercharges Screen Capture in Windows, I went to the oCam developer's website at
http://www.ohsoft.net. There I found they had 4 products:
- oCam
- VirtualDVD
- CoffeeZip
- SecretFolder
I downloaded and installed
oCam (it was a straightforward silent install), as that was what I was primarily interested in, and took a look at the other 3 items, downloading
VirtualDVD as that looked like it could be useful to me.
I gave
oCam a quick try out, and it seemed to do what it was designed for rather well.
I then turned my attention to something else and opened up IE11 (this is on a laptop with Win7-64 Home Premium), and saw that the default page was what looked like a search page hijack for
unifinder.net.
At the bottom of the page there was a box with small type in it that said:
You can change the search engine using the PageUp, PageDown key and Mouse Wheel.
* If keyword is the URL address, we will go directly to the site.
* [100% Freeware] Screen Recorder / DVD-ROM emulator / File Archiver / Hide Folder Download
Copyright Ohsoft.net All Right Reserved
After a bit of experimentation, I recognised that the search page was a trojan hijack - i.e., it persisted between IE sessions and could not be deleted. It kept recreating itself as file
unifinder.em[1].js.
Fearing the worst, I set MBAM (Malwarebytes PRO) on a scan, and it took a few minutes to come up with a report that 8 folders and 60 files had been infected with
(PUP.Optional.CrossRider.A). The infected items were quarantined and deleted, necessitating what MBAM said was an "urgent" reboot of the laptop (some of the malware had been running in RAM).
After reboot, I re-ran the MBAM scan (better safe than sorry) and then turned my attention to the IE start page, which still had the persistent
unifinder.net page. I eventually figured out that if I set
another website page as the start page instead, and shredded the file
unifinder.em[1].js, then the problem was cleared.
I then did a DuckGo search on (PUP.Optional.CrossRider.A), and discovered that "PUP" stands for "Potentially Unwanted Program". I ran MBAM and MS Security Essentials over the installer files for
oCam and
VirtualDVD, but they both came up "clean". I shredded both files and added some notes to avoid them, to my OneNote Notebook.
The DuckGo search on (PUP.Optional.CrossRider.A) also came up with an interesting post at
fixpcyourself.com about a variant of it -
Remove PUP.Optional.Cgminer VirusAnother learning experience.
EDIT 2014-04-30 2332hrs:By the way, as a precaution I did of course expunge every last trace of
oCam, and as a result of this experience I would strongly recommend that you never download the thing. I certainly wouldn't touch it with a bargepole again. There is, after all, such a thing as a failure of trust.