I download and install PDFArchitect but my Trend Micro antivirus block a download by setup program
the url is http://www.bestdlzone.com/nsi/nsis-2.46/PDFArchitect_5460.exe
I go to this website it report
When accessing data from the URL, "http://www.bestdlzone.com/nsi/nsis-2.46/PDFArchitect_5460.exe"
a virus or unwanted program 'ADWARE/Agent.cwnru' [adware] was found.
Action taken: Blocked file
Is PDFArchitect adware?
where did you download PDFArchitect from? I have no clue what the URL is that has been called there...
I can confirm this behavior. I downloaded PDFCreator-1_3_0_setup.exe from the Sourceforge download server. It looks like you are using at least two different ad networks. I can see reference to them in your installer code. One, opencandy.com, does not produce the attempted download described. The second, www.mickyfastdl.com, is the one causing the problem. This is what the request looks like:
GET /download.php?lH2CeQ== HTTP/1.0
HTTP/1.1 302 Found
Date: Fri, 16 Mar 2012 03:02:52 GMT
Server: Apache/2.2.3 (CentOS)
Cache-Control: no-cache, must-revalidate
Content-Disposition: attachment; filename="InstallMonetizer.exe"
Content-Type: text/html; charset=UTF-8
And of course the InnoTools_Downloader follows the 302 and tries to download the file:
GET /nsi/nsis-2.46/PDFCreator_5459.exe HTTP/1.0
HTTP/1.1 401 Access Denied
Potential Threat Detected
The page you are trying to access, http://www.bestdlzone.com/nsi/nsis-2.46/PDFCreator_5459.exe, has a potential threat detected.
(Note that it only got a 401 and the warning text because of my security appliance blocking the download. The file can be downloaded just fine from an unprotected Internet connection.)
The .exe it tries to download is identified by a couple of the engines on VirusTotal as adware.
I just tried to install PDFCreator 1.3.1 on a XP-vmware image that has no Internet access. It fails telling me
Sorry, the files could not be downloaded. Click 'Retry' to try downloading the files again, or click 'Next' to continue installing anyway.
It is VERY BAD that I need Internet access due to adware! >:-(
Can you please disable that it is neccessary to have Internet access for installation? Tnx!
I have installed PDFCreator on several machines and i found that this download Ad-ware is aleatory, sometimes try to download this and others sometimes don’t.
there is no internet access required. As you have quoted in the message, you can simple press "Next" to continue with the installation.
Thank you for the detailed information. I got confused by the redirection. The downloaded file contains the advertisement offer, so the downloaded package in deed could be called AdWare (based on the definition), but it is not harmful or a potential threat.
It displays the software offer during our setup and if the user agrees, the offered software will be installed.
At the moment, virtustotal has two engines classifying it as adware, without saying that it would be harmful.