berty.heim 5 Posted November 21 Hi guys, Surprise Spy (CocCoc) in latest version IDM 6.35_12 HK_CURRENT_USER / SOFTWARE / CocCoc Quote Share this post Link to post Share on other sites
Israeli_Eagle 1,140 Posted November 21 (edited) Eh?? IDM works totally normal and there is no CocCoc at all, also not in my registry. So......... Better ONLY use the original installer! Edited November 21 by Israeli_Eagle 1 jabrwky reacted to this Quote Share this post Link to post Share on other sites
Quilva 32 Posted November 21 Its look like you got infection from other source...... I used it from Nsane and work clear... Also tested these 2 repacks made by other peoples in my vmware malware lab and also look clean. If you have still this instaler plz reupload me it i will check it out in free time :) 1 jabrwky reacted to this Quote Share this post Link to post Share on other sites
berty.heim Topic Author 5 Posted November 21 I just reinstalled under VMware the application downloaded directly from IDM, identical result HK_CURRENT_USER / Software / CocCoc Il y a 11 minutes, Quilva a déclaré: On dirait que vous Avez Été infecté la source par ...... Une autre regard Je l'ai sous Nsane et used je travaille bien ... Nous Avons also tested 2 bureaux à jour EFFECTUEES mises par d'Autres personnes Dans mon labo de logiciels malveillants vmware et également une apparence propre. Si vous avez toujours cet instaler, vous devez le télécharger à nouveau, je le vérifie pendant le temps libre Quote Share this post Link to post Share on other sites
Israeli_Eagle 1,140 Posted November 21 Old rule: Patch the installed IDM before running it!! And works still perfect with @Ali.Dbg. And for sure no CocCoc, whatever that might be... 2 jabrwky and Ali.Dbg reacted to this Quote Share this post Link to post Share on other sites
DeLtA 1,426 Posted November 21 IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc). Spoiler 5 GlacialMan, Israeli_Eagle, dabourzannan and 2 others reacted to this Quote Share this post Link to post Share on other sites
berty.heim Topic Author 5 Posted November 21 Ok thanks 2 solitario and jabrwky reacted to this Quote Share this post Link to post Share on other sites
Israeli_Eagle 1,140 Posted November 21 (edited) 12 minutes ago, DeLtA said: IDM is not spying on you, that Registry is created for installing IDM extension to CocCoc Browser. via IDMan.exe while installation. This happens via "/rtr" Command. Same command that is used to install IDM extensions on all other browsers including (Chrome, Firefox, etc). Hide contents But that would mean that HE has installed already that weird browser, right? Because in my registry is still nothing like that. Or only comes in a new install or some other software blocks it. Anyway... Looks for sure not dangerous. Edited November 21 by Israeli_Eagle Quote Share this post Link to post Share on other sites
berty.heim Topic Author 5 Posted November 21 4 minutes ago, Israeli_Eagle said: Mais cela voudrait dire qu'il était déjà installé ce navigateur étrange, non? Parce que dans mon registre, il n'y a toujours rien de tel. Build 6.35_11 no CotCot 😜 Quote Share this post Link to post Share on other sites
Quilva 32 Posted November 21 hahahahaha Vietnam Browser and wonder why he got injection... probably IDM need this to hook process to this browser for working propertly.. lulz 1 jabrwky reacted to this Quote Share this post Link to post Share on other sites
Israeli_Eagle 1,140 Posted November 21 (edited) 3 minutes ago, berty.heim said: Build 6.35_11 no CotCot 😜 LOL... Anyway, does not look dangerous and nothing to worry. Edited November 21 by Israeli_Eagle 1 jabrwky reacted to this Quote Share this post Link to post Share on other sites
Stig 512 Posted November 21 (edited) Yes, Build 12 has it. Edited November 21 by Stig 1 jabrwky reacted to this Quote Share this post Link to post Share on other sites
Israeli_Eagle 1,140 Posted November 22 I also tested it now in a 'naked' Windows as VM. And yes, it came into the registry. But ONLY there! So as @DeLtA told already, it's only a new feature. Nothing to worry, guys. Quote Share this post Link to post Share on other sites