How worried should I be?

[RGone]

Frosty 18 > Sorry for the problems, that was NOT my intention, like I said I posted the url for convenience.

"oldbrave", man I don't believe "Frosty18" is mad at you. Think he said as much. What we need to do is let our members and pards know to stay the crap away from CoreTemp from the CoreTemp site for sure. No telling what it looks like when it gets to some other download site. And if it was downloaded hacked or the hackers know what can be hacked now that InstalllQ is in the downwload is not known; at least by me.

We just need to get the word out is all I am getting at. I posted link in AMD cpu section for them to come read this thread.

One last thought was when following the WOT link above, one of the 'responders' down below said he tried to cancel InstalllQ and it did not want to desist and that certainly does not sound very appealing.

 

[The Coolest]

Not sure if this was intentional, or just a quick google search for coretemp, but I believe the version at that site includes Malware.

Since dloading that software I have had several accounts hacked and Sypot S&D identified the issue. After some googling I found out it's a W3i.IQ5 Fraud. Searching for W3i files led me back to the CoreTemp file I downloaded.

oldbrave - I don't get the feeling you did it maliciously. I simply wanted to post to make others aware.

While the site linked above only accounts for the 'bloatware' mine came with a trojan that allowed the user to keylog and get the passwords to my accounts. In the worst one, it hijacked my hotmail account I am using right now to find a new job and spammed a handful of recruiters using MY email address.

I bet they will opt not to hire me now.

*so angry*

I'm sorry for what happened to your accounts, but we can't be 100% certain it was caused by you using the installer. Although InstallIQ is sometimes associated with malware etc, as far as I am aware nothing should install when you click on decline on the offer screens. And when the user selects to install said software, it's not supposed to be malicious or infected with anything either.

I have notified W3i about this thread, and asked them for an explanation of all this.
I will update as soon as I get a reply.

Yeah, I just went back to alcpu and clicked on quick chat and there is the only place that really lets anyone know to be d*mn careful about later CoreTemp downloads.

Copied from QuickChat:
"Alcpu.com is distributing modified installers which differ from the originals. The modified installers are compliant with the original software manufacturer's policies and terms & conditions. Additional software recommendations may be offered to users on an opt-in basis during the installation."

Alcpu is handing out modded installers different from the originals. He is supposed to be the "original". And the modified installers are "okay'd" by alcpu and owner, author of the software. I would not use Quick Chat due to what is going on, but I may get me a gmail email address and contact that guy.

The quoted part from the website is information one must provide to conform with Google's demands. One must inform the user that the installer the website provides is not the standard installer most of us are accustomed to.
In this case, it is simply a wrapper for the standard Inno Setup based installer.

I just downloaded it into my sandbox and the download is infected.

I have just tried to do the same. Standard AV software doesn't find any issues with the file, Malewarebytes with the latest updates doesn't either. I've also ran Spybot S&D and it did flag it as 'W3i.IQ5 Fraud', like Frosty18 has mentioned.
As I mentioned above, I've contacted W3i and await an explanation.
Core Temp does come with "bloatware", but it SHOULD NOT install trojans, keyloggers or any other kind of spyware/maleware.

In any case, if you click on "More downloads..." you can download a standalone zipped version, so there is no installer at all.

 

[caddi daddi]

i just found it again.
1 download and -SAVE- the exe file.
2 right click and choose scan with spybot search and destroy.
mine finds it right away.
3 DELETE file.
4 EMPTY THE TRASH.
5 RUN CCLEANER.
6 reboot.

I do this with ALL downloads with a second pass with malwarebytes.



I still wil not use it at this point, i cant read and write code so im going to trust the anti spyware i have used and trusted over time.

 

[The Coolest]

Here is the official response from W3i:

I am truly sorry to hear that users are associating these things to InstallIQ.

We are the only 100% opt-in installer in the industry therefore nothing is ever downloaded unless a user has accepted it. We do heavy compliance to ensure that our advertiser offers do not have Trojans, spyware, etc. We also require and test to ensure these applications are easily removed using Add/Remove programs. In accordance with our TRUSTe certification, we also test to make sure that nothing is left behind when an application is removed. When false flags arise we work directly with the security companies to get these re-reviewed and the false flags removed. We are safe according to top security companies, a few of which are shown below:

Ad-Aware
avast!
AVG
MalwareBytes Anti-Malware
McAfee
Microsoft Security Essentials
Norton/Symantec

I hope that this clears everything up.
The fact someone's account got hacked, and he having installed Core Temp is most likely a coincidence.
Core Temp has a very big user base with thousands of daily downloads.
If the installation was infected with anything I would know about it, believe me, and I have yet to hear any complaints of this sort.

 

[Frosty18]

I am still not willing to simply write it off as a coincidence.

I have ran every virus scanner and malware search under the sun, and the only thing malicious ever discovered was the W3i.IQ5 Fraud. Strangely, two separate email accounts (one which I do not care about) start spamming anyone on my contact list.

That tells me that they either:
1) Brute forced two separate passwords (unlikely as both were alphanumeric, one at 10 chars, the other at 8)
2) Used a keylogger and got the passwords that way.

Since removing the W3i.IQ5 Fraud, I have changed both passwords and logged into my email account several times. No more spam is being sent. That to me as a good indicator that the keylogger is gone.

 

[The Coolest]

My email account got hacked once, and spammed everyone on the contact list.
Seemingly randomly. Changed passwords and enabled SSL. And haven't had a problem since, knock on wood.
I scanned my PC with whatever there is and found nothing.
The only connection I could think of was that I accessed said account from my workplace a couple days prior.
How do you explain this?

Just as a note, the InstallIQ simply downloads and executes the standard Core Temp installer behind the scenes.
I don't know which offer screens the user will see, but I'm 100% sure what goes into my own installer, so you can rest assured that it is NOT tampered with in any way.