This evening I discovered a program called MediaGet in my son's limited user account. It had an icon on the desktop and was on the Start menu. It doesn't appear under any other accounts and does not appear on the list of installed programs under Control Panel accessed from the admin account. Spybot, Malwarebytes, and Norton Internet Security run from the admin account don't seem to notice it as a threat. The fact that it apparently bypassed Windows 7 security and installed itself seems like malware behavior to me. I googled it and found mixed opinions. Is this malware or not? Thanks.

John

Sorry if I posted in the wrong forum - not sure where to ask questions like this.

Hello jdb523,

This evening I discovered a program called MediaGet in my son's limited user account. It had an icon on the desktop and was on the Start menu. It doesn't appear under any other accounts and does not appear on the list of installed programs under Control Panel accessed from the admin account..
Does your son use file sharing clients?

In task manager do you see a process running called mediaget32.exe. Also, if you right click on the icon does a menu show with the option to uninstall?

Best regards.

Tashi,
Thanks for the quick reply. I don't think my son intentionally uses file sharing software. I think he may have clicked "OK" at the wrong time. He says the doesn't remember anything about the software or how it got installed. There appeared to be some kind of installer that I found and deleted but it's in the trash and I'll get the file name.

I'm not at the home computer so I'm replying from memory. Will get a little more info later when I get back to it. I deleted the desktop icon to keep the app from being run. There is a start menu folder. In it were the app and a MediaGet Uninstall app. I clicked on that and got a message saying the shortcut/file had been moved. After that the link to the Uninstall app disappearer. I did find an .exe for mediaget through Task Manager and killed it. Can't say for sure if it was mediaget32.exe.

I'm concerned that this software was able to install itself in a limited user account without sysadmin permission. I thought that one of the main reasons for limited user accounts was to prevent changes to the system without sysadmin authorization. Plus this happened while Norton and TeaTimer were watching. Oh well. Will post more later.

John

Some additional info.

The name of the installer was naruhotsunadenoinsettai.exe.

I found the MediaGet app on the list of programs installed under Control Panel in my son's standard user account. It does not show up in the list accessed from other accounts, including the admin account. I didn't think this was possible under Windows 7. IMHO it shouldn't be possible. However, the definition of a standard user account in Windows 7 is vague and seems to allow for the possibility for them to install software in their own account.

Right clicking on the MediaGet icon does not provide a choice to deinstall. Clicking uninstall in Control Panel yields a message "An error occurred while trying to uninstall MediaGet. It may have already been uninstalled. Do you want to remove MediaGet from the Programs and Features list?"

Also, the name of the MediaGet executable that appears in Task Manager is mediaget.exe.

John

Hello jdb523,



The name of the installer was naruhotsunadenoinsettai.exe.
A search shows that broken down into naruho-tsunade-no-insettai, offered as a download from megaupload and torrent sites.

For instance, at one such site.

Download naruho tsunade no insettai descargar using MediaGet
Automatic file download via new free torrent client MediaGet

Right clicking on the MediaGet icon does not provide a choice to deinstall. Clicking uninstall in Control Panel yields a message "An error occurred while trying to uninstall MediaGet. It may have already been uninstalled. Do you want to remove MediaGet from the Programs and Features list?"

That error could be because the program was not removed in the correct sequence.


I deleted the desktop icon to keep the app from being run. There is a start menu folder. In it were the app and a MediaGet Uninstall app. I clicked on that and got a message saying the shortcut/file had been moved. After that the link to the Uninstall app disappearer. I did find an .exe for mediaget through Task Manager and killed it.

There does appear to be some user input needed to start a download of the MediaGet client at places like CNET or SoftPedia.
http://www.softpedia.com/get/Internet/File-Sharing/MediaGet.shtml