Malware detected

I've just downloaded & installed PDFCreator v2.3.0 onto my PC only to be notified by Windows Defender that your installer program contained SoftwareBundler:Win32/Stallmonitz. Luckily, Defender removed this malicious software from my PC before it could cause any damage. I had seen some good reports about your software and had been eager to try this product for myself. However, I can hardly be expected to take such a risk, now that I have come so close to getting infected. Why on earth would you want to do such a thing to your potential customers? I'm most upset and disappointed by this.

Yours sincerely,
Robin L. Kippax.

The InstallMonetizer has been part of our setup for years, it is the component responsible for displaying the offer screen with optional offers during the setup (more info on InstallMonetizer can be found here: ). The offers will not get installed without the users permission. We are in constant communication with InstallMonetizer to have all false alerts removed as soon as possible, but since even viewing a single offer screen is potentially unwanted, PUA detections can’t be fully avoided.
Some form of advertising is necessary in order to be able to provide the application for free. A Plus version which doesn’t contain the offer screen during the setup and offers some other improvements is available here:

best regards,

I’ve downloaded and installed this morning, and Symantec has detected a virus, which it cleaned, after which the product ran fine. Details are attached:

Filename: installmanager.exe
Threat name: SAPE.Heur.845F2
Full Path: c:\users***********\appdata\local\temp\nsl7480.tmp\installmanager.exe

On computers as of
17-May-16 at 8:13:00 AM

Last Used
17-May-16 at 8:15:00 AM

Startup Item


Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

installmanager.exe Threat name: SAPE.Heur.845F2

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

This file risk is high.

Downloaded File installmanager.exe Threat name: SAPE.Heur.845F2
Source: External Media


File Actions

File: c:\users\teamultra\appdata\local\temp\nsl7480.tmp\ installmanager.exe Removed

File Thumbprint - SHA:
File Thumbprint - MD5:
Not available

Many thanks for your helpful info, PhilBool.


what gets detected here is the component responsible for displaying the offer screen during the setup.
The offered software is always fully optional, so in fact there is no risk at all, this is a heuristic false detection by Norton or a very incorrectly labeled PUA detection (as even viewing a single offer screen during the setup is potentially unwanted and the installmanager.exe component has no other purpose than displaying the advertising and checking if the additional software got isntalled correctly, if the user choses to install it).
If the setup was downloaded from our website, we can guarantee its safety.
PDCreator Plus doesn’t contain the installmanager component and offers additional benefits:

Best regards,


It can be quite a concern when you get these warnings from the antivirus software so many thanks for the clarification, Robin.

I understand the need for you to fund your free software with advertising but I do not understand why another method has not been chosen that does not cause antivirus alerts to occur when attempting to download or install the application. Surely you must have considered what impression this experience does to users contemplating using your software. While you have attempted to explain why these alerts occur and a small percentage of people who evaluate the software would take the time to discover that it is benign most totally freak out seeing antivirus alerts and drop it like a hot potato never to have anything to do with it or your company again!

Don’t get me wrong, I love the software, and greatly appreciate that you provide it for free but you are not doing yourself any favors by making the install experience so nerve wracking! Understandably the paid version does not include the monitizer but how many users would make it to the point of buying the software when they had a bad experience when attempting to try it.



I can fully understand your opinion, but we have actually put a lot of effort into reducing the (false) alerts as much as possible (not using OpenCandy anymore, addressing AV companies about false detections, separating the offer screen from the setup file etc.).
It simply seems impossible to get rid of theses completely without completely removing any form of ads from the setup. If you have any suggestions, we will be happy to have a look at them.

Best regards,