March version of Install file for PDF Creator 2.3 corrupted with MalWare

I was informed last week by the Infosec folks at my company that the install file I downloaded for PDFCreator 2.3 from your site on March 10th, 2016 was infected with a Malware called C2C (or some such). They are assuming that the original install file was OK but that something happened at the reflector/download site – that the malware was added to it there. Bottom line for me is that my company laptop was completely re-imaged last Wednesday. I’m still in the process of reloading all the extra software I need to perform my job (restored all the data I considered safe yesterday). I’m holding my breath that the download I did 2 wks later from PDFForge to install 2.3 on my home machine (March 26th) was clean. Multiple scans with programs like SpyBot and MalWareBytes have revealed nothing amiss.

In any case - altho I’ve used your application for over 5 yrs – I just can’t trust it anymore and will have to search for another PDF Printer product to install on my office and home machine. But I wanted you to inform you of what happened so that you can take steps (if you can) to address this serious issue.


most likely this is related to the InstallMonetizer component which has been part of our setup for a very long time.
It displays an offer screen with optional offers during the setup and if the user decides to install any of them, it will report if the installation was successfull afterwards.This behaviour can cause false alerts in some security products.
This is only included in the setup of the freeware, PDFCreator Plus doesn’t contain the InstallMonetizer component and will therefore not trigger any false alerts:

Best regards,


Your attitude and response is dreadful. And no it was not what you’re assuming. It was a particular kind of malware called a C2C beacon. ( if memory serves) which our Infosec folks finally detected on our network and traced back to all of us (have no numbers) who had installed Rel 2.3, in my case, on March 10, 2016. And then spent a busy week last week re-imaging all of us (and there were a number of us) affected. Our Infosec guys know their business and were well aware that this freeware has been quite popular over the past at least 5 years or more (the case for me). They speculate that the corruption was introduced at the download reflector site. You need to check into this. It’s serious.

For me going forward, I will not use your application again. I don’t need the hassle of rebuilding my machine with all my non company standard software plus getting back all my files (minus any pdf files generated using PDFCreator).

Oh. Forgot to mention. Your site is now blacklisted by my company. Can not be accessed whether from behind our proxy firewall or not. That’s how serious they regard this malware incident. I posted my note to the PDFForge Forum via my network at home.

Essentially telling me to pay for your product or be infected with malware is despicable.