Trojan?

I have installed CursorFX and I don't have this. I am pretty sure more people would have report in with similar issue if it is not a false positive. And, I am sure you have something else on your system causing all those, but, I am sure it is not from CursorFX.

Thank you,

Basj,
Stardock Community Assistant

I understand what you are saying Basj, but it really all started with the report of a trojan by Malwarebytes when updating CursorFX via Object Desktop Manager like I wrote, a couple of months ago to (I believe) version 4.04. I never got a similar report before when updating software via Object Desktop Manager, so it is really strange. 

Do you know, is the domain cdn.stardock.us the legit Stardock server?

Thanks,

Arnoud

From what I know, it is legit Stardock server. However, I have forward your problem/question to Stardock Support Team for their assistance. Please keep an eye on this thread for any updates. We appreciate your feedback and patience.

Basj,
Stardock Community Assistant

Ah nice, thank you Basj, and, I will do that.

Best,

Arnoud

Any server could be hacked, but I too use the program with no issues. This is an odd one.

Thanks. The program still works on my pc too, but it is odd indeed.

I am still hoping someone has had as similar experience..

Arnoud

Hello,

Sorry to hear you are having trouble.

When and app is 'new', AV \ Malware apps will often flag them just because it does not know what it is. Like your experience with HitmanPro.Alert, some are more aggressive than others.

I would be surprised if you still needed to whitelist CFX.  Any app downloaded from our site is virus \ trojan free.

Sean Drohan
Stardock Support Manager

I also use CursorFX and Malwarebytes (free) and have never gotten and messages at all. I update via app versus Object Desktop Manager.

Mhh i use Malwarebytes myself and can only recommend it besides Sophos...
In my consideration any AV is pretty much useless since the only thing that will actually protect you is updates and more updates ultimately but malwarebytes is one of the very few that actually does a pretty good job detecting malicious activity, it does not extract the files and executes them on #root or C:  with admin priveledges (as many others do), it actually does this in a sandbox and then determines if a file shows (bad behaviour).

CLEANING UP:

BEFORE YOU START:
You should not trust me out of the blue, please make sure that you read about the tools that i listed beforehand make yourself familiar with them before you download them.
Before you enter your email adress somewhere where you are not sure what consequences this might have for you!


I wont provide a link for FRST
since it had adverstisment in it and therefore got flaged by defender a couple of months ago:
You should read about it and then make the call for yourself:
If you make the decision to download it you should do so via bleepingcomputer

But you could just proceed to MBAM0:

What you should do is create an FRST log using Farbar Recovery Scan Tool

Check the log for applications that seem unfamiliar - if you find some your system might be infected.
Use google to get further info of the line thats shows an unknown application in the log 

MBAM0:
Get a to a second computer 
You should download a fresh new setup from the Homepage
https://malwarebytes.com
https://de.malwarebytes.com/
...
MBAM  you can also download a fresh installer from here.

On the target device:

Unplug your WAN/WIFI from the Computer that shows the mentioned strange behaviour.
Uninstall the current Malwarebytes version.
Reboot your system.

Now start the system in safemode
Install the new downloaded version of MBAM...
Make a scan and delete the crap that is found or set it to quarantine for the meantime.
Restart your computer and boot up.
Reconnect to your WAN/WIFI and check for additional updates of MBAM.
If updates are available, download those and make another scan afterwards.

Now download and run MB AdwCleaner
https://malwarebytes.com/adwcleaner/
https://de.malwarebytes.com/adwcleaner/
Clean if it finds something.

To make sure that MBAM + MBAC cleaned up correctly -
RogueKiller 
https://www.adlice.com/roguekiller/
If there are no more positives found you should be good.

Note: Check your host file!
https://blog.malwarebytes.com/cybercrime/2016/09/hosts-file-hijacks/

and also check if your email has been compromised.
https://haveibeenpwned.com/
In that case change your password make sure to generate a strong one.

Hi Sean, I understand what you are saying, and thanks for your answer, but I use CursorFX for a long time (many years) so it isn't new for my pc and/or AV software, that's what is the strange thing, I didn't install new AV software recently, all have been on my pc for years. And never before did I get such a Trojan warning, when updating software via Object Desktop Manager. 

Best,

Arnoud

Thanks for your comprehensive answer.

I have already made a log some time ago with the Farbar Tool, it didn't seem to show strange things.

And about Malwarebytes, I already use Malwarebytes Premium (for a long time), it was this software that warned me for 'the trojan' when updating CursorFX... (for the first time ever, I use Object Desktop (and OD manager) for a long time, and never got a red flag before when using it to update OD components like now with CursorFX)

I am still contemplating your other instructions, but thanks anyway!

Best,

Arnoud