Internet Download Manager 6.35.12 (Spy)

[berty.heim 5]

Hi guys,
Surprise Spy (CocCoc) in latest version IDM 6.35_12
HK_CURRENT_USER / SOFTWARE / CocCoc

[Israeli_Eagle 1,140]

Eh?? IDM works totally normal and there is no CocCoc at all, also not in my registry.

So......... Better ONLY use the original installer! 

 

Edited November 21 by Israeli_Eagle

[Quilva 32]

Its look like you got infection from other source......
I used it from Nsane and work clear...

Also tested these 2 repacks made by other peoples in my vmware malware lab and also look clean.

If you have still this instaler plz reupload me it i will check it out in free time :)

[berty.heim Topic Author 5]

I just reinstalled under VMware the application downloaded directly from IDM, identical result
HK_CURRENT_USER / Software / CocCoc

 

 

 

Il y a 11 minutes, Quilva a déclaré:

On dirait que vous Avez Été
infecté la source par ...... Une autre regard Je l'ai sous Nsane et used je travaille bien ...

Nous Avons also tested 2 bureaux à jour EFFECTUEES mises par d'Autres personnes Dans mon labo de logiciels malveillants vmware et également une apparence propre.

Si vous avez toujours cet instaler, vous devez le télécharger à nouveau, je le vérifie pendant le temps libre

 

[Israeli_Eagle 1,140]

Old rule: Patch the installed IDM before running it!! 

And works still perfect with @Ali.Dbg. And for sure no CocCoc, whatever that might be...

[DeLtA 1,426]

IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc).

 

Spoiler

 

[berty.heim Topic Author 5]

Ok thanks

[Israeli_Eagle 1,140]

12 minutes ago, DeLtA said:

IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc).

 

  Hide contents

 

 

But that would mean that HE has installed already that weird browser, right? 
Because in my registry is still nothing like that. Or only comes in a new install or some other software blocks it. Anyway... Looks for sure not dangerous.

 

Edited November 21 by Israeli_Eagle

[berty.heim Topic Author 5]

4 minutes ago, Israeli_Eagle said:

 

Mais cela voudrait dire qu'il était déjà installé ce navigateur étrange, non? 
Parce que dans mon registre, il n'y a toujours rien de tel.

Build 6.35_11 no CotCot 😜

[Quilva 32]

hahahahaha Vietnam Browser and wonder why he got injection... probably IDM need this to hook process to this browser  for working propertly.. lulz

[Israeli_Eagle 1,140]

3 minutes ago, berty.heim said:

Build 6.35_11 no CotCot 😜

 

LOL... Anyway, does not look dangerous and nothing to worry.

 

Edited November 21 by Israeli_Eagle

[Stig 512]

Yes, Build 12 has it.

 

Edited November 21 by Stig

[Israeli_Eagle 1,140]

I also tested it now in a 'naked' Windows as VM. And yes, it came into the registry. But ONLY there!
So as @DeLtA told already, it's only a new feature. Nothing to worry, guys.