Hi CRC,

When being launched, Foxit Reader will try to connect to internet to check for updates. That should be the problem. To advoid it, you can open Foxit Reader->Go to 'Tools'->'Preferences'->'Updater'->select 'Do not download or install updates automatically'.

No, that is not it

The problem (which affects all users) is that the latest Foxit reader MSI file (version 5.31.0606, dated June 7, 2012) now contains and runs not one, but two pieces of dubious software during installation:

1. The AskStub deceptive browser "toolbar" installer, which Foxit Software is apparently paid to include. I call it deceptive because the use of sponsored inclusion in 3rd party installers makes it obvious that this software does nothing that users would consider good enough to voluntarily install it.

2. New in latest MSI: "CountInstallation.EXE", a program written by a semi-competent Chinese developer (semi-competent because he/she didn't bother to change the default program description and icon generated by Microsoft's Visual Studio 98 developer tool, Chinese because the Visual Studio 98 version was obviously localized for Simplified Chinese), which tries to call one of two Foxit web servers (one in the US, one in Beijing) behind the users back. This program also contains references to both Ask! and Baidu search engines. The program uses slightly less polite words to describe its own actions, but I cannot use those words on this forum (and I suspect the Chinese developer just didn't know English well enough to realize the "impolite" meanings of the words used).

At least two antivirus tools (AVG and MalwareBytes) have apparently been detecting the new code as "malware" but have been somehow talked into white listing it.

Fortunately other security software detects the actions of these programs and prompt users to decide what to do.

I keep using Foxit Reader because Adobe Reader X is even worse.

P.S.

No reverse engineering was needed to spot the above information, just skill and experience.