XWidgetSoft Forum

Just installed xwidgets from cnet after following the download link on your update tool.

I installed but declined the initial safesearch adware installation and proceeded to the Xwidget installation.

After installing xwidgets my machine was immediately infected by penwes.

This malware/software was installed by the cnet installer and was stopped and identified by my firewall and malware tools. Penwes fired up immediately the xwidget software installation was completed - it was attempting to connect to the internet.

The malware was trapped and removed. The penwes software is malware that forces a DNS change.
It seems to attempt to configure network interfaces with static DNS servers whose addresses are:
178.33.41.181 ns2.penwes.com.
46.4.70.20 static.20.70.4.46.clients.your-server.de

It is malware. After it was installed the browser was disabled and I was unable to access the internet. As a result of this infection I have had to spend time fixing this and I no longer trust the installations on CNET.

The way CNET is packaging your software with these 'malverts' is really bad for your reputation and it MUST stop. We have some influence in the widget world and we could spread the word that installing your widget engine via CNET could lead to infection by malware. We don't want to do this but you MUST remove the 'MALverts' or links to same in the CNET packages. If it is CNET that is bundling this rubbish then abandon CNET now.

I re-installed the CNET package again under a sandbox (which I will do every time with any CNET future installations) and I saw that after the safesearch installation there was another installation of some 3rd party software that I may not have noticed (very surprising but possible) the malware could have been installed at this point. I did not proceed further.

This needs to be fixed, you need to offer your own download, ad free and free of 3rd party software. Don't point people to cnet if downloading of malware is the result.

What was the removal method? - Penwes requires a complete scan by malwarebytes to remove the infected files and registry entries with a reboot followed by another scan to be sure all traces were gone. With writing this post - two hours of my time wasted by you CNET.

This isn't good enough - it is bad for your reputation which I know has been maligned before. I myself found a malware infection on your site a year or two ago and reported it to you. You need to take this stuff more seriously to be considered professional. Response Required.

My suggestion - if you have just installed xwidgets via a package from CNET, run a malwarebytes scan NOW.

Hi yereverluvinuncleber ,
Thank you very much, I had sent email to CNet to ask to disable their installer .
You can download xwidget from http://xwidget.com mirror server with no cnet installer: http://www.xwidget.com/download3.php
or downloade portable version ,not need install,just unzip and run xwidget.exe : http://www.xwidget.com/download2.php

Best Regards,
Tony

_________________
XWidget Software Developer
[] [] []
[]

Just ran the full installation through via the sandbox and it is confirmed the malware is in the download from CNET.

Penwes changes your DNS configuration routing ALL your internet searches through the Penwes servers.

This is a MAJOR change to your system configuration that could render your internet connection inoperative and could make you seriously liable to infection/intrusion via your internet connection.

Xwidgets has bundled this malware with the latest version of the widget engine. The installation preamble for the penwes software is disguised as part of the Xwidget installation process. It looks as if it is the preamble to the Xwidget installation. It is NOT.

How could CNET place such an intrusive piece of software into one of your software bundles?

This is an APPALLING thing for CNET to have done.

Everyone - check your system NOW with malwarebytes. Download from a trusted source, do not trust the machine you have installed xwidgets upon.

[I've removed the text here]

Thank goodness you are on the case - DUMP CNET NOW!

Tony - Please make a statement about this on the top of the forum and make sure that everyone knows that they MUST scan their system with malwarebytes to remove a possible infection. It is probable that many people have been infected so take this VERY seriously.

Everyone - you can try another malware tool but the only one I have tested and found to be useful in getting rid of it was malwarebytes. Penwes remained undetected by clamwin or avast a/v tools.

Thank you yereverluvinuncleber, I had change the download link point to SkyDrive http://www.xwidget.com/download.php

_________________
XWidget Software Developer
[] [] []
[]

Wonderful, glad you've caught it!

I have to say that CNET is no longer on my list of reputable sites - I will not be visiting it ever again. World beware: avoid CNET at all costs!

I've modified the above posts in the light of the above information.

Potentially Unwanted Software, Also caught by WinDefener. I agree, never trust CNET. If you ever get someting exciting there (as I got XWidget) try their direct download link.

**However, penwes is NOT MALWARE. It is just a PUP due to the ways it installs itself. It is a complete legitimate program that works as an adblocker. (like ABP but for full system). Mostly bundled by ad supported third-party software distributors like CNET.

_________________
Life is a myriad game... Just play it!

well it changed my DNS so it is malware for certain.

Nice, makes me reconsider using this software.

XWidget is 100% safe! Use it without second thoughts @rolldog.

_________________
...and remember: don't take life too seriously...
My profile on Deviantart: http://jimking.deviantart.com/

Absolute ROT - the installation executable has been and still continues to be bundled with adware/MALWARE (PUP Monetizer) that then allows installation of more MALWARE (Conduit, Anysend, Mystartsearch, Penwes as above).

The bundling of malware was NOT done by CNET it is part and parcel of XWIDGET team's methods of obtaining money for paying for Xwidget development.

See Tony's statement to this effect in 2012:

Jim, If you knew this but were happy to mislead us into thinking all is well with the Xwidget installation executables then I am shocked. I am already in disbelief as to Tony's abandonment of our PC security by allowing this malware into the Xwidget installation. It is a disgrace.
I will no longer recommend XWIDGET to anyone while this appalling act of treachery is allowed to continue.

Tony, You put all your clients machines at risk just to earn some money from Xwidgets. Utterly unprofessional. I have never, ever uttered words such as these on any forum before. I am in disbelief.

The conversation is continued here:

Read this:
viewtopic.php?f=6&t=36

_________________
...and remember: don't take life too seriously...
My profile on Deviantart: http://jimking.deviantart.com/

NEWS: The monetize pup is being removed! The downloads from the site will be free of adware.

Who is that question to? What is the question trying to achieve?

Assuming it is a general question to the world I will try to answer it (if it is for Tony then you'll have to wait ) For me, it is far important to identify the sites that are showing as positive for malware and correct those. ALL sites should eventually show that Xwidgets is clean.

"Can you tell me why these sites say that I don't beat my wife anymore?" - this implies some/many DO!

a. Some organisations/groups will follow the defininition of PUPs as malware, some as adware, some take a much stricter line on what is defined as malware.
b. Some anti-malware engines are better/poorer at identifying threats, it depends what core signature source they use.
c. Most databases are human triaged with the results based upon the personal likes/dislikes of the individual/group that did the rating.

You could easily find a list like that at virus total which found several anti-malware engines identifying Xwidgets as containing PUPs.

This thread is good place to list these: