I purchased a software product Aimersoft DRM Remover at Staples that turned out to be fake/malware. The software was a DRM removal product that was supposed to convert multiple files at once. It works when first installed but after a forced reboot, through malicious means the software forces you (or tricks you) into rebooting, it only converts one file at a time, does it by a different much slower method, and also starts to give problems. I worked on this and some other similar products for a week or so 6-8 hours a day to figure this out. I uninstalled and reinstalled the product 40-50 times during this process. It uses a file called screencapturefilter.ax which in turn uses a windows dll file located at C:\Windows\SysWow64\WS_ATLMovie.dll to place a black dot on the screen making you think something is wrong so you reboot after which the behavior changes and it only converts one file at a time. [continued below]....
..... It also makes modifies the registry settings which you cant actually see in regedit but they show up with most registry cleaner products. It gets some code from the mother site each time you install or uninstall via the address
http://cbs.Aimersoft.com/go.php?pid=%s&m=%s (very suspicious). I can't believe Staples is selling this. How Ridiculous!! I complained to there chat guy (from India ) and he proudly informed me that they don't give refunds for software downloads and that I needed to contact tech support. But knowing full well that the software that would have been given to Staples when they evaluated the product DID NOT DO THIS!!!!! So Obvious. Furthermore, this may be what the internet code via cbs.aimersoft.com does. That is, when staples techs download the software from protexis they get a different file. Besides, who cares right? We all have 25-35 to send to russian and china to support their criminal activity.
This software and most if not all others like it do the following; modify registry entries in windows for malicious purposes (common trick of hackers), uses windows to display black dots on the screen to force a reboot, when installing and rebooting the software obtains a code from their website (not sure what it does). It may do other more sinister things such as redirect com ports in order to establish a botnet (I cant confirm) this). It does modify an activex/com registry entries which could probably do what I'm talking about since this registry entries never actually shows up in regedit.
By the way, in case you think I'm some crazy guy, I am a grad student in Mathematics with a great deal of computer/programming exp (25 yrs) as well as having sat in on some graduate courses in the computer science dept. Also, please not that this is much more sophisticated than just staples. The way it seems to work is you purchase the software through a US company (ecommerce co) and then dowload some code written by someone in Russia or Ukraine I suspect as well as China. I know this because some of the dll file used in my converter were chinese (i looked at their certificates and other info). I suspect that these products are infecting millions of us computers to be part of a botnet of some type but I have no real proof of this. I also purchased other products on the internet (almost 100 bucks in total) and found the exact same thing. In fact most of the software looks like the same code with a different wrapper (when decompiled). A computer security expert should look into this but I'm complaining here because Staples is selling a product which could be harmful and does not function as advertised. I filed a complaint with the FTC but I dont really expect anything from this.