CCDWare site Trojan?


George LaBelle
 

I use Mawarebytes which is reporting that ccdware.com has a trojan.

I'd like to get PEMPRO V3.

Anyone visited this site recently? Had a problem? The trojan, according to Malwarebytes was discovered in February.
--
George
Prineville, Oregon


 

Hi George

I think that's a false positive.

Also I believe that happens only when downloading the first link, which is not PEMPro. 

Make sure you scroll down a bit and download PEMPro and not the first link of CCDNavigator (which throws that warning)

On Sun, Aug 9, 2020 at 8:16 AM George LaBelle <george.labelle@...> wrote:
I use Mawarebytes which is reporting that ccdware.com has a trojan.

I'd like to get PEMPRO V3.

Anyone visited this site recently? Had a problem? The trojan, according to Malwarebytes was discovered in February.
--
George
Prineville, Oregon



--
Brian 



Brian Valente


CurtisC
 

I downloaded PEMPro 3 from CCDWare about a week ago, and I haven't seen any problems with Trojan horses.


Ray Gralak
 

Hi George,

As Brian stated, PEMPro does not have a Trojan virus. You probably clicked the download button for CCD Navigator or Weather Ninja, which for some reason, sometimes gets a false positive.

I asked John Smith to move the other application's download link away from PEMPro so that hopefully, others won't click the wrong link by mistake!

-Ray Gralak
Author of APCC (Astro-Physics Command Center): https://www.astro-physics.com/apcc-pro
Author of PEMPro V3: https://www.ccdware.com
Author of Astro-Physics V2 ASCOM Driver: https://www.siriusimaging.com/apdriver

-----Original Message-----
From: main@ap-gto.groups.io [mailto:main@ap-gto.groups.io] On Behalf Of George LaBelle
Sent: Sunday, August 9, 2020 8:16 AM
To: main@ap-gto.groups.io
Subject: [ap-gto] CCDWare site Trojan?

I use Mawarebytes which is reporting that ccdware.com has a trojan.

I'd like to get PEMPRO V3.

Anyone visited this site recently? Had a problem? The trojan, according to Malwarebytes was discovered in
February.
--
George
Prineville, Oregon


George LaBelle
 

Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed as so since Feb. 2020 on their server.
It doesn't matter which product you try to view. Going to "ccdware.com" is prevented by Malwarebytes. I never got to any product page.

I never said Pempro or any other product they sell had a trojan! I thought it was clear that I was "trying to get" Pempro.

I'm sure it is a false positive. I went ahead and allowed that domain and was able to enter the site.

--
George
Prineville, Oregon


Ray Gralak
 

Hi George,

Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed
as so since Feb. 2020 on their server.
CCDWare recently (last week) moved to a completely new site, so maybe refreshing your browser will help?

The site will look similar but was completely rewritten well after February.

-Ray Gralak
Author of APCC (Astro-Physics Command Center): https://www.astro-physics.com/apcc-pro
Author of PEMPro V3: https://www.ccdware.com
Author of Astro-Physics V2 ASCOM Driver: https://www.siriusimaging.com/apdriver


-----Original Message-----
From: main@ap-gto.groups.io [mailto:main@ap-gto.groups.io] On Behalf Of George LaBelle
Sent: Monday, August 10, 2020 6:59 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?

Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed
as so since Feb. 2020 on their server.
It doesn't matter which product you try to view. Going to "ccdware.com" is prevented by Malwarebytes. I never got
to any product page.

I never said Pempro or any other product they sell had a trojan! I thought it was clear that I was "trying to get"
Pempro.

I'm sure it is a false positive. I went ahead and allowed that domain and was able to enter the site.

--
George
Prineville, Oregon


Joe Zeglinski
 

Hi George,
 
    By any chance are you now running with the Build 2004 Update of Win-10?
 
    Microsoft ... “drastically changed” its DEFENDER antivirus program in this recent major update  -  and added new features to it.
One of these is that it reports and even isolates PUP’s (potentially unwanted programs) into its own Quarantine, which you can undo, just as with MB’s A/V. You can see which ones got blocked by going into Settings and looking at Security/Defender. There is a list of blocked PUP’s it was responsible for – nothing to do with Malwarebytes.
 
    Also, perhaps the good news is that DEFENDER used to “bow out” if another antivirus program was found in the system. But if you chose to change the MB setting to NOT register itself in Windows, then BOTH antivirus programs would always be running. Then you will get DEFENDER interfering with its own opinions about PUP’s. I would trust MB over it now, since this is totally a new way of doing things for the revised Defender (darned nuisance).
Beginning to think that Build 2004’s DEFENDER is actually the  “Potentially Unwanted Program”.
 
    Among those it now doesn’t like, for example,  was the PIRIFORM’s  CCLEAN which has been just fine for over 10 years, and now Defender just got uppity about it. Meanwhile, my latest MALWAREBYTES is fine with it, always has been, never reported it as even suspicious. Likewise, changes in the communications area logs me out of my email account every 24 hours or so, even if the PC never hibernates, something new on three PC’s I know of – another build 2004 oddity. Too late to roll back to Build 1909, which was much more reliable.
 
    I suspect, if this is what you are running as well, it was Defender not Malwarebytes blocking  PEMPRO access.
The good news is that Update 2004 will go away by November to make space for the next major Microsoft Win-10  screw up.
 
Joe Z.
 

From: George LaBelle
Sent: Monday, August 10, 2020 9:58 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed as so since Feb. 2020 on their server
It doesn't matter which product you try to view. Going to "ccdware.com" is prevented by Malwarebytes. I never got to any product page.

I never said Pempro or any other product they sell had a trojan! I thought it was clear that I was "trying to get" Pempro.

I'm sure it is a false positive. I went ahead and allowed that domain and was able to enter the site.

--
George
Prineville, Oregon


 

I think the false positive on CCDWare's downloads caused Malwarebytes to flag the whole site

afaik Malwarebytes is its own thing, keeping its own database of sites it considers safe or 'infected' based on issues from downloaded files. 



On Mon, Aug 10, 2020 at 7:03 AM Ray Gralak <groups3@...> wrote:
Hi George,

> Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed
> as so since Feb. 2020 on their server.

CCDWare recently (last week) moved to a completely new site, so maybe refreshing your browser will help?

The site will look similar but was completely rewritten well after February.

-Ray Gralak
Author of APCC (Astro-Physics Command Center): https://www.astro-physics.com/apcc-pro
Author of PEMPro V3:  https://www.ccdware.com
Author of Astro-Physics V2 ASCOM Driver: https://www.siriusimaging.com/apdriver


> -----Original Message-----
> From: main@ap-gto.groups.io [mailto:main@ap-gto.groups.io] On Behalf Of George LaBelle
> Sent: Monday, August 10, 2020 6:59 AM
> To: main@ap-gto.groups.io
> Subject: Re: [ap-gto] CCDWare site Trojan?
>
> Let me make it clear - the domain ccdware.com is reported by Malwarebytes as having a trojan. It has been listed
> as so since Feb. 2020 on their server.
> It doesn't matter which product you try to view. Going to "ccdware.com" is prevented by Malwarebytes. I never got
> to any product page.
>
> I never said Pempro or any other product they sell had a trojan! I thought it was clear that I was "trying to get"
> Pempro.
>
> I'm sure it is a false positive. I went ahead and allowed that domain and was able to enter the site.
>
> --
> George
> Prineville, Oregon
>






--
Brian 



Brian Valente


Joe Zeglinski
 

I agree,
    The two antivirus programs are independent, but Defender hasn’t changed much in many years, so it is just  testing its new features now. Consider it a trigger happy Beta for a couple of its next few updates, until the kids at Microsoft have us all test the rewrite for them. If it continues to get in the way at CCDWARE, change Defenders sensitivity for that website, in its new settings options. If Malwarebytes didn’t flag it, in its own Reports, then the only other app may be Defender, unless you have even more A/V’s active.
 
    Perhaps the only reason I still keep Defender active is for its Win-10 “pre-boot” virus scan user  option, which MB doesn’t seem to have.
 
Joe Z.
 

From: Brian Valente
Sent: Monday, August 10, 2020 10:33 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I think the false positive on CCDWare's downloads caused Malwarebytes to flag the whole site
 
afaik Malwarebytes is its own thing, keeping its own database of sites it considers safe or 'infected' based on issues from downloaded files.
 
 


Pete Mumbower
 

Actually Windows Defender has changed significantly in the last couple of years, recent builds have not changed a ton, at least on the consumer side. The enterprise side (Advanced Threat Protection) has had some "significant" changes, but nothing that would effect what this thread is about. It is pretty sophisticated and one of the leading AV products on the market now. I talked to quite a few other It professionals at other companies at the big Microsoft conference (Ignite) last summer and they agree that it is made some major strides in how well it works compared to others.

I do agree and highly recommend only running one AV product on a computer. The threat landscape has change a lot in the last decade and the modern techniques are needed to detect and stop the bad actors out there. Whatever AV product you use, make sure the virus definitions are up date (daily or even hourly) if you do a lot of online browsing with the computer.

Pete


Pete Mumbower
 

Sorry forgot to add that the below website is great for checking out websites to see if there are any known security issues:

https://www.urlvoid.com/scan/ccdware.com/

(set to scan ccdware.com in this instace, which comes back clean)

-Pete


Bill Long
 

Not sure why the Windows Defender bashing is going on, or the name calling of MS Employees. I dont use MB and only use Windows Defender and I have no issue using CCDWare's website. 


From: main@ap-gto.groups.io <main@ap-gto.groups.io> on behalf of Joe Zeglinski <J.Zeglinski@...>
Sent: Monday, August 10, 2020 8:04 AM
To: main@ap-gto.groups.io <main@ap-gto.groups.io>
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I agree,
    The two antivirus programs are independent, but Defender hasn’t changed much in many years, so it is just  testing its new features now. Consider it a trigger happy Beta for a couple of its next few updates, until the kids at Microsoft have us all test the rewrite for them. If it continues to get in the way at CCDWARE, change Defenders sensitivity for that website, in its new settings options. If Malwarebytes didn’t flag it, in its own Reports, then the only other app may be Defender, unless you have even more A/V’s active.
 
    Perhaps the only reason I still keep Defender active is for its Win-10 “pre-boot” virus scan user  option, which MB doesn’t seem to have.
 
Joe Z.
 
From: Brian Valente
Sent: Monday, August 10, 2020 10:33 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I think the false positive on CCDWare's downloads caused Malwarebytes to flag the whole site
 
afaik Malwarebytes is its own thing, keeping its own database of sites it considers safe or 'infected' based on issues from downloaded files.
 
 


Michael 'Mikey' Mangieri
 

Indeed. Windows defender is probably as good as any other AV out there. But, people have always bashed MS and so I guess they will continue to do so. I’ve used Windows Defender (and still do) with no problems. 


On Aug 10, 2020, at 4:44 PM, Bill Long <bill@...> wrote:


Not sure why the Windows Defender bashing is going on, or the name calling of MS Employees. I dont use MB and only use Windows Defender and I have no issue using CCDWare's website. 


From: main@ap-gto.groups.io <main@ap-gto.groups.io> on behalf of Joe Zeglinski <J.Zeglinski@...>
Sent: Monday, August 10, 2020 8:04 AM
To: main@ap-gto.groups.io <main@ap-gto.groups.io>
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I agree,
    The two antivirus programs are independent, but Defender hasn’t changed much in many years, so it is just  testing its new features now. Consider it a trigger happy Beta for a couple of its next few updates, until the kids at Microsoft have us all test the rewrite for them. If it continues to get in the way at CCDWARE, change Defenders sensitivity for that website, in its new settings options. If Malwarebytes didn’t flag it, in its own Reports, then the only other app may be Defender, unless you have even more A/V’s active.
 
    Perhaps the only reason I still keep Defender active is for its Win-10 “pre-boot” virus scan user  option, which MB doesn’t seem to have.
 
Joe Z.
 
From: Brian Valente
Sent: Monday, August 10, 2020 10:33 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I think the false positive on CCDWare's downloads caused Malwarebytes to flag the whole site
 
afaik Malwarebytes is its own thing, keeping its own database of sites it considers safe or 'infected' based on issues from downloaded files.
 
 


Michael Dolenga
 

I work at Microsoft. It comes with the territory. And we're often the first to complain about stuff other departments do. :)

Michael



On Monday, August 10, 2020, 01:50:11 PM PDT, Michael 'Mikey' Mangieri <mjmangieri@...> wrote:


Indeed. Windows defender is probably as good as any other AV out there. But, people have always bashed MS and so I guess they will continue to do so. I’ve used Windows Defender (and still do) with no problems. 


On Aug 10, 2020, at 4:44 PM, Bill Long <bill@...> wrote:


Not sure why the Windows Defender bashing is going on, or the name calling of MS Employees. I dont use MB and only use Windows Defender and I have no issue using CCDWare's website. 


From: main@ap-gto.groups.io <main@ap-gto.groups.io> on behalf of Joe Zeglinski <J.Zeglinski@...>
Sent: Monday, August 10, 2020 8:04 AM
To: main@ap-gto.groups.io <main@ap-gto.groups.io>
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I agree,
    The two antivirus programs are independent, but Defender hasn’t changed much in many years, so it is just  testing its new features now. Consider it a trigger happy Beta for a couple of its next few updates, until the kids at Microsoft have us all test the rewrite for them. If it continues to get in the way at CCDWARE, change Defenders sensitivity for that website, in its new settings options. If Malwarebytes didn’t flag it, in its own Reports, then the only other app may be Defender, unless you have even more A/V’s active.
 
    Perhaps the only reason I still keep Defender active is for its Win-10 “pre-boot” virus scan user  option, which MB doesn’t seem to have.
 
Joe Z.
 
From: Brian Valente
Sent: Monday, August 10, 2020 10:33 AM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
I think the false positive on CCDWare's downloads caused Malwarebytes to flag the whole site
 
afaik Malwarebytes is its own thing, keeping its own database of sites it considers safe or 'infected' based on issues from downloaded files.
 
 


Joe Zeglinski
 

Hi Pete,
 
    I agree, DEFENDER is generally a good AV program -  even though I sounded like MS Defender bashing.
 
    I have never used any other antivirus program regularly over the past decades, except Defender or its earlier pre-Microsoft ownership versions – and don’t plan that I ever will.   DEFENDER is/was just a plain good workhorse of an AV program, and I am glad to have it on all PC’s.
 
     I just get rattled and lose confidence in it now, when I get a “LOW level” warning from its recent Build 2004 Win-10 major rewrite, warning that (even) CCLEAN is one of its suggested PUP’s.   Just because a program like  PIRIFORM’s ...  CAN modify the Registry, shouldn’t automatically make it a PUP threat, until Microsoft has some strong evidence. Otherwise,  we would be chasing many more innocent apps on the PC. Besides, what should I believe about Defender’s  other suggested PUP’s ?
 
    Very many people has been using CCLEAN, (for example),  with confidence,  for at least a decade, and most people trust it, as perhaps the industry’s best clean-up utility. It is a necessary tool because every Microsoft Update leaves piles of Temp Work files cluttering up the disk drive, and misdirected & lost Registry links behind,  after performing  its frequent Windows updates. Wish Microsoft would clean up after itself, so the app wouldn’t be needed as much. But, that’s not the point.
 
    Calling that app a PUP, now makes me highly suspicious of anything else that Win-10 PRO’s version of  Defender considers a PUP. Seems a bit trigger-happy.
    So, contrary to tech advice, I like to back up Defender with a second opinion by  Malwarebytes, another well-respected antivirus program, but one which never accused CCLEAN of being malware. I think MB  does its due diligence and homework better.
 
    Which is why I suspected that Defender may have needlessly  caused that PUP warning at CCDWARE,  that Malwarebytes may not have.
 
Joe
 
 

From: Pete Mumbower
Sent: Monday, August 10, 2020 2:45 PM
To: main@ap-gto.groups.io
Subject: Re: [ap-gto] CCDWare site Trojan?
 
Actually Windows Defender has changed significantly in the last couple of years, recent builds have not changed a ton, at least on the consumer side. The enterprise side (Advanced Threat Protection) has had some "significant" changes, but nothing that would effect what this thread is about. It is pretty sophisticated and one of the leading AV products on the market now. I talked to quite a few other It professionals at other companies at the big Microsoft conference (Ignite) last summer and they agree that it is made some major strides in how well it works compared to others.

I do agree and highly recommend only running one AV product on a computer. The threat landscape has change a lot in the last decade and the modern techniques are needed to detect and stop the bad actors out there. Whatever AV product you use, make sure the virus definitions are up date (daily or even hourly) if you do a lot of online browsing with the computer.

Pete


KHursh
 

CCDWare site is down since yesterday. Related?

Kevin