Thought I'd do a post here to warn the users and owners of this. I downloaded the newest K-Lite Full pack here today. The non-mirror link(top link) pointed to an URL with a modified installer(about 37 MB if I recall correctly). This creates a "Lenovo" folder in a the Common Files folder, which seems to contain a modified portable version of Firefox. It also starts a data.js(modified from the well-known one), which calls a modified browser with the process name dmw.exe(in the Lenovo folder), opening some infected sites. Luckily my Avast AV stopped it from opening sites, so it seems further damage was avoided. So far removing it seems be just a matter of removing the Lenovo folder, and removing the registry calling data.js with wscript.exe at startup. Doing a full sweep now, but I don't believe it does anything else. I guess the goal is to open some infected sites with the modified browser, which then will wreak havoc.
I downloaded the pack again from a mirror, and there is was clean. Have it installed on my system now.
Edited by zeNmaster, 10 December 2013 - 10:56 AM.
The website is ok :)