Solved

Is YTD ( YouTube Downloader ) really infected with w32.downloader.gen?

  • 4 October 2014
  • 8 replies
  • 17429 views

I've been using this program for about three years. Last year after I started using webroot antivirus it detected w32.downloader.gen in the installer and uninstaller executables and I ignored it.
 
I recently upgraded YTD and got a fresh alert from webroot.  Should I be concerned?
icon

Best answer by Baldrick 7 October 2014, 20:50

Hi siridas
 
Would suggest that you uninstall YTD completely, get the latest version from the official/author's web site, install that, and see if you are getting the same alert from WSA.
 
If you do then I would Open a Support Ticket to let the Support Team know so that they can investigate the latest version and see if they need to whitelist it in the Cloud...sometimes new versions of established apps play like this with WSA.
 
If the issue has disappeared then it was most likely bundled software that WSA was objecting to...and you shouldavoid 3rd party download sites in the future where possible.
 
Regards
 
 
Baldrick
View original

8 replies

Userlevel 7
Badge +56
Hello and Welcome to the Webroot Community!
 
Is it a Extension in the Browser or a program you download from some where and can you post the link? Also can you please Submit a Support Ticket and they can look at your scan log to make sure.
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +58
@ wrote:
I've been using this program for about three years. Last year after I started using webroot antivirus it detected w32.downloader.gen in the installer and uninstaller executables and I ignored it.
 
I recently upgraded YTD and got a fresh alert from webroot.  Should I be concerned?
Hello sirdas,
 
Welcome to the Community Forum,
 
Where are you downloading this from? What Website may I ask because I'd be concerned about this w32.downloader.gen.
 
Maybe TripleHelix can address this as well!?
 
You can also Contact Support free of charge.
 
 
Best Regards,
Hi,
 
I am not sure where I originally downloaded it from...but probably from one of these two links:
 
http://www.ytddownloader.com/
 
http://download.cnet.com/YTD-Video-Downloader/3000-2071_4-10647340.html
 
Doesn't cnet expose malware programs?
 
Cheers,
 
Scott
 
 
Downloads from CNET often contain some kind of PUA like a toolbar or downloader. 


 
If you want to be sure I would also suggest you to contact support like @ and @ recommended. 
Userlevel 7
Hi siridas
 
Would suggest that you uninstall YTD completely, get the latest version from the official/author's web site, install that, and see if you are getting the same alert from WSA.
 
If you do then I would Open a Support Ticket to let the Support Team know so that they can investigate the latest version and see if they need to whitelist it in the Cloud...sometimes new versions of established apps play like this with WSA.
 
If the issue has disappeared then it was most likely bundled software that WSA was objecting to...and you shouldavoid 3rd party download sites in the future where possible.
 
Regards
 
 
Baldrick
Thank you for your help guys....I uninstalled YTD and have re-installed from a direct download from the developer and I am not getting the same alert.
 
YTD is installing a search extension (client.exe) that cannot be unchecked on install, which Webroot has put in quarantine.
 
Cheers
 
Userlevel 7
Hi siridas
 
Glad that we were able to help with the initial issue.  In terms of this new one all you need to do is go into Quanrantine, and restore the file that has been put there by WSA...IF you believe that the file is SAFE...but only if that is the case.  IF you have any doubts on this then Open a SUpport Ticket and let the Support Team know so they can check it out for you.
 
Regards, Baldrick
The "rocket tab" search extension is once again causing webroot errors.
 
This 6 minute video explains how to remove it completely.
 
~snip Removed link for administrative review. snip~
 
 

Reply