After "step2.exe" exits, the installer deletes "step1.exe" and "step2.exe" from the temp folder, and then displays the EULA (see below). The only thing accepting the EULA (the acceptance/rejection of which has no effect on the changes to the dns settings or the rootkit/advertising code) does is copy "Uninstaller.exe" to "c:\program files\VideoAccess\". This uninstaller's only function when run is to delete itself and the folder it is in.
EULA (void due to malicious/hostile code)
note typos in blue
things that are just bad in red
QUOTE
LICENSE AGREEMENT
PLEASE READ THE FOLLOWING TERMS AND CONDITIONS AS CAREFULLY AS POSSIBLE BEFORE USING THIS PRODUCT. THIS IS A LEGALLY BINDING AGREEMENT WHICH REGULATES THE USE OF SOFTWARE, ISSUED TO THE CUSTOMERS FOR THEIR OWN USE ONLY AS SET FORTH BELOW.
YOU ARE OBLIGED NOT TO USE THIS SOFTWARE OR ANY PART OF IT IN CASE YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.
USING ANY PART OF THE SOFTWARE CONFIRMS THAT YOU ACCEPT THESE TERMS.
That's kinda hard considering the only persistent program (excluding the "uninstaller") is hidden by a rootkit.PLEASE READ THE FOLLOWING TERMS AND CONDITIONS AS CAREFULLY AS POSSIBLE BEFORE USING THIS PRODUCT. THIS IS A LEGALLY BINDING AGREEMENT WHICH REGULATES THE USE OF SOFTWARE, ISSUED TO THE CUSTOMERS FOR THEIR OWN USE ONLY AS SET FORTH BELOW.
YOU ARE OBLIGED NOT TO USE THIS SOFTWARE OR ANY PART OF IT IN CASE YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.
USING ANY PART OF THE SOFTWARE CONFIRMS THAT YOU ACCEPT THESE TERMS.
QUOTE
LICENSE GRANT: The software is made available to you for your non-commercial use only. The licsense is personal, limited, non-exclusive, non-transferable and non-assignable. This license does not entitle you to receive any hard-copy documentation, support, telephone assistance, or enhancements or updates to the software
ASSENT: By installing the software, you agree to all paragraphs of this this Agreement and that it is a legally binding and valid contract, agree to abide by the intellectual property laws and all of the terms and conditions of this Agreement, and further agree to take all necessary steps to ensure that the terms and conditions of this Agreement are not violated by any person or entity under your control or in your service.
SOFTWARE DESCRIPTION This software grants you access to many different video files, provided by the Licensor on its sites.
No site of theirs with any kind of video content appears to exist.ASSENT: By installing the software, you agree to all paragraphs of this this Agreement and that it is a legally binding and valid contract, agree to abide by the intellectual property laws and all of the terms and conditions of this Agreement, and further agree to take all necessary steps to ensure that the terms and conditions of this Agreement are not violated by any person or entity under your control or in your service.
SOFTWARE DESCRIPTION This software grants you access to many different video files, provided by the Licensor on its sites.
QUOTE
The software is not any kind of Media Player Add-On or plugin, it does not implement any additional compressor/ decompressor or any other additional video software.
The fake codec now (after its malware payload is already delivered) admits that it is not even remotely connected to decoding video.QUOTE
RESTRICTIONS:
1. You are obliged not to copy, modify, merge, sell, lease, redistribute, assign or transfer the software or any of its part in any matter
2. You may not reverse engineer, decompile, or disassemble the software, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
3. You may not remove, alter, deface, overprint or otherwise obscure Licensor patent, trademark, service mark or copyright notices.
4. You warrant that you will use the software only for lawful purposes and in accordance with this Agreement, and that you will not use the software in violation of any law, regulation or ordinance or any right of Licensor or any third party.
TERM: This Agreement is effective until terminated. You may terminate this Agreement at any time by uninstalling the Licensed Works and destroying all copies of the Licensed Works. Upon any termination, you agree to uninstall the Licensed Works and return or destroy all copies of the Licensed Works, any accompanying documentation, and all other associated materials.
SEPARATION OF COMPONENTS: The software is licensed as a single product. Its component parts may not be separated for use on more than one computer.
THIRD-PARTY SOFTWARE As the Software is freeware, the Licensor reserves the right to install third-party software in conjunction with the main Software product, if you disagree with this please do not install the main Software.
Now they reserve the right to essentially install any software (malware) from any third party they feel like. The "main" software (or at least the only software they install, I guess that makes it main) was installed before the EULA was even displayed, so how can you decline?1. You are obliged not to copy, modify, merge, sell, lease, redistribute, assign or transfer the software or any of its part in any matter
2. You may not reverse engineer, decompile, or disassemble the software, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.
3. You may not remove, alter, deface, overprint or otherwise obscure Licensor patent, trademark, service mark or copyright notices.
4. You warrant that you will use the software only for lawful purposes and in accordance with this Agreement, and that you will not use the software in violation of any law, regulation or ordinance or any right of Licensor or any third party.
TERM: This Agreement is effective until terminated. You may terminate this Agreement at any time by uninstalling the Licensed Works and destroying all copies of the Licensed Works. Upon any termination, you agree to uninstall the Licensed Works and return or destroy all copies of the Licensed Works, any accompanying documentation, and all other associated materials.
SEPARATION OF COMPONENTS: The software is licensed as a single product. Its component parts may not be separated for use on more than one computer.
THIRD-PARTY SOFTWARE As the Software is freeware, the Licensor reserves the right to install third-party software in conjunction with the main Software product, if you disagree with this please do not install the main Software.
QUOTE
WARRANTIES AND DISCLAIMER: EXCEPT AS EXPRESSLY PROVIDED OTHERWISE IN A WRITTEN AGREEMENT BETWEEN LICENSOR AND YOU, THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THE WARRANTY OF NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, LICENSOR MAKES NO WARRANTY THAT (1) THE LICENSED WORKS WILL MEET YOUR REQUIREMENTS, (2) THE USE OF THE LICENSED WORKS WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (3) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE LICENSED WORKS WILL BE ACCURATE OR RELIABLE, (4) THE QUALITY OF THE LICENSED WORKS WILL MEET YOUR EXPECTATIONS, (5) ANY ERRORS IN THE LICENSED WORKS WILL BE CORRECTED, AND/OR (6) YOU MAY USE, PRACTICE, EXECUTE, OR ACCESS THE LICENSED WORKS WITHOUT VIOLATING THE INTELLECTUAL PROPERTY RIGHTS OF OTHERS. SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY MAY LAST, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IF CALIFORNIA LAW IS NOT HELD TO APPLY TO THIS AGREEMENT FOR ANY REASON, THEN IN JURISDICTIONS WHERE WARRANTIES, GUARANTEES, REPRESENTATIONS, AND/OR CONDITIONS OF ANY TYPE MAY NOT BE DISCLAIMED, ANY SUCH WARRANTY, GUARANTEE, REPRESENATION AND/OR WARRANTY IS: (1) HEREBY LIMITED TO THE PERIOD OF EITHER (A) THIRTY (30) DAYS FROM THE DATE OF OPENING THE PACKAGE CONTAINING THE LICENSED WORKS OR (B) THE SHORTEST PERIOD ALLOWED BY LAW IN THE APPLICABLE JURISDICTION IF A THIRTY (30) DAY LIMITATION WOULD BE UNENFORCEABLE; AND (2) LICENSOR'S SOLE LIABILITY FOR ANY BREACH OF ANY SUCH WARRANTY, GUARANTEE, REPRESENTATION, AND/OR CONDITION SHALL BE TO PROVIDE YOU WITH A NEW COPY OF THE LICENSED WORKS.
IN NO EVENT SHALL LICENSOR OR ITS SUPPLIERS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT LICENSOR HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE LICENSED WORKS. SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
SOFTWARE TRANSFER: You may permanently transfer all of your rights under this EULA, provided the recipient agrees to the terms of this EULA.
All trademarked names mentioned in this document and software are used for editorial purposes only, with no intention of infringing upon the trademarks.
No part of this publication may be reproduced without written permission from the Licensor
Also note that they must change sites/names so often that they don't even mention a company name, product name, or website in their EULA.IN NO EVENT SHALL LICENSOR OR ITS SUPPLIERS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT LICENSOR HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE LICENSED WORKS. SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
SOFTWARE TRANSFER: You may permanently transfer all of your rights under this EULA, provided the recipient agrees to the terms of this EULA.
All trademarked names mentioned in this document and software are used for editorial purposes only, with no intention of infringing upon the trademarks.
No part of this publication may be reproduced without written permission from the Licensor
Other (unmentioned) IPs connected to by the malware: 85.255.115.245, 85.255.117.108
Seems like blocking access to the IP range 85.255.112.0 - 85.255.127.255 wouldn't be a bad idea (haven't seen anything in that range that would be bad to block).
