Community
    • Login

    Fake Notepad++ website

    Scheduled Pinned Locked Moved Security
    16 Posts 8 Posters 13.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Marvin LorenzoM
      Marvin Lorenzo
      last edited by PeterJones

      I just unwittingly downloaded notepad-main.zip from notepad DOT di-kr DOT com and executed the exe file in it. Nothing happened. I scanned my PC using windows defender and malwarebyte and it did not detect anything. Can you advise what should I do?

      moderator edit: change the URL to a hint about the site instead of a link, to avoid directing a lot of traffic to that other site; no need to boost the numbers on a non-official source

      PeterJonesP Alan KilbornA 2 Replies Last reply Reply Quote 1
      • PeterJonesP
        PeterJones @Marvin Lorenzo
        last edited by PeterJones

        @Marvin-Lorenzo ,

        Delete it. Only install Notepad++ from official sources. Even if you were lucky enough to not get a virus or malware, the Notepad++ developers do not support copies of Notepad++ downloaded from anyplace that’s not on the official github repo (https://github.com/notepad-plus-plus/notepad-plus-plus/) or from the notepad-plus-plus.org domain (https://notepad-plus-plus.org/downloads/ or http://download.notepad-plus-plus.org/repository/).

        IJmert de VriesI 1 Reply Last reply Reply Quote 2
        • Alan KilbornA
          Alan Kilborn @Marvin Lorenzo
          last edited by

          @Marvin-Lorenzo said in Fake Notepad++ website:

          unwittingly downloaded

          This is dubious.
          You knew what you were doing.
          If you are going to download Notepad++, why would you not go to its site and do it there?

          Marvin LorenzoM 1 Reply Last reply Reply Quote 2
          • Marvin LorenzoM
            Marvin Lorenzo @Alan Kilborn
            last edited by

            @Alan-Kilborn at that time, that fake notepad++ website was first in the google search result. The download page looks exactly the same and I didn’t bother check the url.

            Alan KilbornA Lycan ThropeL 2 Replies Last reply Reply Quote 2
            • Alan KilbornA
              Alan Kilborn @Marvin Lorenzo
              last edited by

              @Marvin-Lorenzo

              Ah, okay, that makes more sense I suppose.
              I would seriously suspect that your system is compromised now, perhaps very compromised.

              1 Reply Last reply Reply Quote 1
              • Lycan ThropeL
                Lycan Thrope @Marvin Lorenzo
                last edited by Lycan Thrope

                @Marvin-Lorenzo ,

                Hmm, I just did two searches, in both Google and DuckDuckGo on Notepad++ and both had the listing on the left start with the official site, plus on the right hand a link to the official site with some Wikipedia information.

                What kind of search are you using? What was the search term? Also, what are your settings and what is the browser you’re using? I don’t use anything but Mozilla Firefox with adblocking.

                Ajdin AlibegovicA 1 Reply Last reply Reply Quote 0
                • Ajdin AlibegovicA
                  Ajdin Alibegovic @Lycan Thrope
                  last edited by

                  @Lycan-Thrope said in Fake Notepad++ website:

                  @Marvin-Lorenzo ,

                  Hmm, I just did two searches, in both Google and DuckDuckGo on Notepad++ and both had the listing on the left start with the official site, plus on the right hand a link to the official site with some Wikipedia information.

                  What kind of search are you using? What was the search term? Also, what are your settings and what is the browser you’re using? I don’t use anything but Mozilla Firefox with adblocking.

                  This is major.
                  I just did what original poster did. And I used google search.
                  Screenshot 2022-12-26 192039.jpg
                  printscreen attached.
                  I can now only hope that my AV solution stopped this thread as it said it did.
                  but it was a multiple minute fight between my AV and this file.

                  Lycan ThropeL PeterJonesP jonathandl2J 3 Replies Last reply Reply Quote 1
                  • Ajdin AlibegovicA
                    Ajdin Alibegovic
                    last edited by

                    and threat detected is
                    \Desktop\Notepad++Setup\Notepad++Setup_1.exe has been detected as infected with Gen:Suspicious.Cloud.4.@xZ@ayqe0Kni.

                    1 Reply Last reply Reply Quote 1
                    • Lycan ThropeL
                      Lycan Thrope @Ajdin Alibegovic
                      last edited by

                      @Ajdin-Alibegovic ,
                      I should have mentioned, that I also use DuckDuckGo, instead of Google, most of the time, anyway…just because of that kind of tomfoolery.
                      As you’ll notice from my below screenshots, both using FireFox with AdBlock on, using Google and DuckDuckGo, I get basically the same result. Besides the misname sites, I hate Ads on the wire I pay for on the computer I pay for…and if my wife would let me, I’d cancel Philo on the Roku because I have to pay for that, and I get ads. Could you tell I hate ads free riding on my dime? :)

                      Google:
                      GoogleNPP_W_AdBlock.PNG

                      DuckDuckGo:
                      DuckDuckGoNPP_W_AdBlock.PNG

                      I hope this will help other users to start being proactive about avoiding phishing links in a commercially motivated search site. :) DuckDuckGo, won’t even let you open a window when you right click on one that is listed as an “ad”. :)

                      datatraveller1D 1 Reply Last reply Reply Quote 0
                      • datatraveller1D
                        datatraveller1 @Lycan Thrope
                        last edited by PeterJones

                        Another hint: If I google for Notepad++, the first result I get is https colon slash slash notepaad dot masterkariyer dot com slash
                        Does anybody know anything about this website?

                        edit: moderator obfuscated link to potentially dangerous external website

                        PeterJonesP 1 Reply Last reply Reply Quote 0
                        • PeterJonesP
                          PeterJones @datatraveller1
                          last edited by

                          @datatraveller1 said in Fake Notepad++ website:

                          Does anybody know anything about this website?

                          it’s not Notepad++'s official website, and thus you shouldn’t visit it.

                          And please do not post links to suspect websites in the forum. That just increases their “score” for search engines, and directs more traffic to them.

                          1 Reply Last reply Reply Quote 2
                          • PeterJonesP
                            PeterJones @Ajdin Alibegovic
                            last edited by

                            @Ajdin-Alibegovic , @datatraveller1 , and others:

                            I cannot replicate your search results. Whether I use my normal Chrome instance (which has all my cookies) or whether I use an Incognito Chrome (which has no cookies, and the Google search engine thus thinks I’m a fresh victim) or whether I use a Firefox In Private window (again, no cookies, so the search engine sees an unknown user), or whether I use a portable browser that doesn’t have any cookies set from any normal site, I get an official Notepad++ URL as the first result on Google, without any of those ads for dangerous sites.

                            (I might say that in Chrome, it might be because my adblocker software protects me; but I just confirmed that in the Firefox In Private window, there are no extensions/plugins/etc installed, so it cannot be an ad-blocker there; and my portable browser doesn’t have such, either.)

                            The only thing I can think is that your collection of cookies in your browser of choice, plus your browsing history on Google, has trained the Google-AI that you like going to those dangerous sites, and you like getting the ads for spoof download sites. So my advice to you would be to clear your browsing history, cache, and cookies… and see if you can convince Google to forget your search history, and see if you can start with a blank slate and see if your search results get cleaned up. (This has the negative side effect of requiring you to re-login to a bunch of sites, and will clear your Wordle stats, which would be rather unfortunate. But it might be worth the hassle if it cleans up your search results. Maybe try from an Incognito/Private window first, before doing something that drastic). If it doesn’t clean up your search results, then you might want to install (better) adblocker software on your browser and (better) antivirus/antimalware on your computer, and to start taking an active approach in not clicking on links that don’t look like the official site for the application.

                            datatraveller1D 1 Reply Last reply Reply Quote 1
                            • datatraveller1D
                              datatraveller1 @PeterJones
                              last edited by datatraveller1

                              Hi @PeterJones
                              Yes, strangely I also don’t get these “Ad” links anymore I used to get a few hours ago with my google search.

                              PeterJonesP 1 Reply Last reply Reply Quote 0
                              • PeterJonesP
                                PeterJones @datatraveller1
                                last edited by PeterJones

                                @datatraveller1 said in Fake Notepad++ website:

                                Hi @PeterJones
                                Yes, strangely I also don’t get these “Ad” links anymore I used to get a few hours ago with my google search.

                                I think you can “report” such ads to Google, and they can take action, because it is in Google’s best interests to not be advertising dangerous sites and malware-“copies” of real software. presumably something like that happened. In the future, you might look into the ▼ menu that Google provides on such ads, and see if it has a “report” option.

                                1 Reply Last reply Reply Quote 1
                                • IJmert de VriesI
                                  IJmert de Vries @PeterJones
                                  last edited by

                                  This post is deleted!
                                  1 Reply Last reply Reply Quote -1
                                  • jonathandl2J
                                    jonathandl2 @Ajdin Alibegovic
                                    last edited by

                                    These were paid ads… malware developers sometimes buy advertising on Google

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post
                                    The Community of users of the Notepad++ text editor.
                                    Powered by NodeBB | Contributors