Does CamStudio Install A Virus? Malware? Maybe. Here’s My Story.

So, I was browsing a site and being the advertising nerd that I am, discovered that a particular ad that I really liked wasn’t a standard animated GIF but was an embedded flash file that I still couldn’t save even by looking through the source or using SWF/FLV rippers, so I decided to use an old method of a program I thought was reliable — a screen recorder called CamStudio. I had used it for years on previous machines without an issue, but no longer after this.

The first red flag should have been that such a corny little program that, as I recall, had a generic windows installer before, now had what appeared to be a sleeker graphic/skinned installer with nontraditional windows buttons and options. I was sure to deselect all of the add-on options I could determine, even nearly hitting an accept button that was grey whereas the decline button was green as if it were a trick to get you to accept by accident.

The second red flag I encountered was that after installing CamStudio, supposedly from the official site, was that it closed all of the browsers I had open — and thereby losing the page where I had seen the ad I wanted to record. I was able to find it again in history and had to refresh several times to make the desired ad appear, and was able to record it. However, several sites that I knew didn’t have a particular kind of ad (such as Koreaboo) suddenly had a new kind of ad showing up as sidebars and a bottom-of-screen [x]-able javascript-looking banner that overlaid site text. I typically use Chrome so I checked extensions with no luck.

I decided to dust off the old Malwarebytes, and give that a run and it almost immediately detected something called NetCrawler. I paused the scan, shut down Malwarebtyes without quarantining and uninstalled Netcrawler independently, and tried the same sites again and the advertising had disappeared. So far so good..

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s