2019-02-07 at 20:24 #15625
I just tried to install the latest version of DisplayCAL 126.96.36.199 on my other Mac (10.14.2) through the usual link “get DisplayCAL” that then redirected me to the usual Sourceforge link. The downloaded file was unusually very small and called “DisplayCAL-0install.
pkg” (873KB, attached to this post). At first sight I didn’t notice the difference with the usual installer and at the end of the wizard I got the DisplayCAL folder, with all the apps inside, in the application folder, but when I opened DisplayCAL.app it asked me for other packages to be downloaded and installed and exactly: “org.pygtk.macosx-2.2 4.0.pkg”, “ZeroInstall-2.8.pkg” and then also some software called “esell hijack” (which also required a logout). What the hell is that?? Then I noticed that each app was just few KB big. Did I accidentally downloaded some malware? Unfortunately I don’t have any antivirus installed but usually I am VERY careful with pkg or dmg automatically downloaded from websites. But this time I didn’t notice the difference…
I googled it around but I couldn’t find any evidence of malware associated with those files. I also uploaded them all http://www.virustotal.com which gave me negative results to malware. Nevertheless I would like to be sure if: is this some kind of alternative installer for DisplayCAL or something else?
Thank you for your reply!!
Attachments:You must be logged in to view attached files.2019-02-07 at 20:28 #15628
the “0install installer” is indeed small, because it downloads the dependencies separately. I recommend using the standalone installer instead, since I’m going to phase out 0install support in the near future.
That sounds very suspicious. It’s definitely not part of DisplayCAL. It may be a good idea to run a malware scan on your computer.2019-02-07 at 21:55 #15633
thank you very much for the reply! So you confirm me that there is a 0installer version also for Mac (not only for Windows or Linux), right? I also then downloaded the standalone installer and everything went fine…2019-02-08 at 1:23 #15637
So you confirm me that there is a 0installer version also for Mac (not only for Windows or Linux), right?
I also then downloaded the standalone installer and everything went fine…
Did you scan the computer? Googling seems to indicate “eSell Hijack” (apparently some kind of hacking/cracking software?) might hijack the “.pkg” file extension (normally, .pkg files should open with the normal Apple installer application that comes with macOS).