Super Encoder

From The D.U.C.K. Project
Jump to: navigation, search

Super Video Converter allows you to convert or join files among AVI, MPEG-1, MPEG-2, VCD, SVCD, DVD, WMV, and ASF formats. The program supports the conversion of AVI to MPEG-1, MPEG-2, DVD, VCD, and SVCD; all media formats to DivX (MPEG-4) and AVI; and PAL-to-NTSC conversion and vice versa. You can change the codec or system type, including PAL, NTSC, DivX, Cinepak, and support for streaming media (WMV and ASF) is included. Supports H.264 / MPEG-4 AVC.

What's new in this version: Version 5.8 includes VIRUS PAYLOADS, TROJANS, MALWARE, AND SPYWARE!

DO NOT INSTALL SUPER. THE DEVELOPERS SHOULD BE BLACKLISTED. THIS IS A VERY BAD LITTLE PROGRAM. Even if they do clean their act up, they need to face consequences in the form of civil liability.

On their website they insist that their program is spyware free. Some antivirus software report back to the user that there is a trojan in this program, but it has been addressed by VideoHelp.com that this is a false positive.

IT IS NOT A FALSE POSITIVE THAT IS BEING DISCUSSED HERE.

This has been used as a subterfuge to distract from the real malware payloads delivered during installation, that are unrelated to the specific element of the installer that triggers the aforementioned false positive. This report should NOT be confused with the DR/Delphi.gen false positive.

User Comments

In recent installers, (The Super Installation Program) started asking "Would you like to install this?" Totally optional, understandable that they needed funds. However, (the)last installer crossed the line. They gave no options to prevent the bloatware. In installed "iNTERNET Turbo," which had some things like wajam, Inminmit, and (2yourface).

After uninstalling, (there remained) files neatly packed and still clearly running (from) a folder. A file called "TBhelper2.exe" (was in) task manager, (pointing to) C:\Config.MSI\ This folder is completely invisible and locked.

Reference: http://forum.blockland.us/index.php?topic=191602.0

This is a similar experience reproduced in our laboratory.

THE VIRUS PAYLOADS INSTALL WITHOUT ANY OPTION PRESENTED TO END USER.

10208321894-orig.jpg

The dialog shows a "By Clicking Accept..." message. However, there is nothing to click. The installer automatically launched and all of the malware payloads were installed without any option being accepted.

Payloads

  • IMinent Toolbar
  • Wajam
  • iNTERNET Turbo
  • 2YOURFACE
  • TBhelper2.exe

Example Files found on infected system

IMinentToolbarInstallerFF.exe is-B0I40.tmp9A.exe Au_.exe 2YOURFACE_101_S.EXE-004FCBA7.pf

2YOURFACE.EXE is Trojan/Backdoor

2yourface malware Win32.2UrFace.bho has been identified. Win32.2UrFace.bho is a browser helper object that gets installed without user consent along other malware and adware. It loads with the Internet Explorer and can control its Internet traffic in background.

source: http://forums.spybot.info/showthread.php?t=65324

2yourface web site - http://6point7.com/

Other questionable spyware practices

Super installer has been using something called OpenCandy for several versions now. OpenCandy is a type of spyware.

Multiple Installers / Versions

There are multiple installers in the wild for the same release of SUPER, some containing the malware payloads and others free of them. This appears to be a tactic in order to comply with the policies of certain web sites that have agreed to distribute the freeware.

The specific version we found to be infected when tested in our lab was obtained from the Official Website. Even the official site has two different sources serving SUPERsetup.exe. The 48.6 MB file obtained from the link labeled "Download SUPER © setup file from our 2nd dedicated server" is verified to carry the malware payloads.

External Sources