Instead it extracted a bunch of files into a temporary directory %Temp%\ which happens to contain the OCSetupHlp.dll. When the PDFCreator installation package is invoked with network disconnected, it does not invoke the DownloadUpdateInfo.exe.
#Pdfcreator 1.7.3 pup install#
Often, it is advisable to install downloaded software with network disconnected to see if it calls home. In this case, AVG will destroy InstallManager.exe and its subsequent operations. If you are running AVG and feel uncomfortable when it raises the alert, it will not harm the operation of PDFCreator if you ask AVG to protect you. In all fairness, one can safely consider the alert from AVG for InstallManager.exe as a false-positive and can ignore it. Whatever this file is, it installs two services, namedly, LavasoftTcpService.exe and, which are part of the Web Companion software. Strange, asking user to install an Ad-Aware component results in being classified as a Malware! What this does is to then invoke the Mntz_Installer.exe, which seems odd as most people on the Internet identifies this as the Opera Network Installer. What this file does is to offer user a chance to install Ad-Aware Web Companion: They disappear after successful installation and one needs some trickery to capture them.Īccording to VirusTotal, there are 10 out of 56 Anti-virus tools reporting this file as infected. is a randomly generated temporary directory name. This file, together with its companion file, inetc.dll, which appears to be doing the HTML get, put, post, and head operations, are deposited in the %Temp%\. It alleges that it is infected with MalSign.Generic.5E6. It is at this point that the resident shield of AVG 2015 alerts the user of the presence of a Malware ladden file. When the installation package, PDFCreator-2_0_1.exe (MD5:1464dab853dfac75097e6f81fa060c9a), is invoked, the first thing it does is to spawn a process called DownloadUpdateInfo.exe and this runs its twin DownloadUpdateInfo.tmp for a brief moment and then closed down.Īfter soliciting inputs from the user, it then invokes CBStub.exe which controls the invocation of the process InstallManager.exe. My experiments with installing PDFCreator do not install Image2PDF and PDFArchitect. I use two installation scenarios - with network access and without network access and they have different behavior causing AVG to report different alerts. My investigation used 2.0.1, the latest release to determine what's going on.
#Pdfcreator 1.7.3 pup pdf#
First of all, I went to PDF Forge site to obtain the MD5 of the installation package to make sure I was not using a tainted package. Since PDFCreator's installation script trips my AVG, I have decided to investigate this further in a controlled environment. It is nice to see the installation script offering a feature to skip all the PUP. The installation of CutePDF Writer 3.0 went without tripping my AVG but one has to be on the wit about its attempt to slip in some PUP and toolbars. I will come back to this.Īs a result of this alarm, I revisited my trust old friend CutePDF Writer, which has fewer feature than PDFCreator. The installation experience left me with a sense of unease as it triggers the resident shield of my AVG 2015 flagging some files as being a Malware/Trojan/Adware.
#Pdfcreator 1.7.3 pup upgrade#
I have been a long term, though slow to update, user of PDFCreator and recently I have decided to upgrade it to 2.0.0 from 1.7.3.