Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on November 28, 2013, 07:22:50 PM
-
See: https://www.virustotal.com/nl/url/2ed3415f6628cfbceaa3a217dcab7e4969b078dd2690ebc1e514dbb83f7fc06a/analysis/1385662783/
and https://www.virustotal.com/nl/file/b22df56b66b6a6fe43294525a848b12acd14b79154aeb057f4df40618022a7f7/analysis/1385646016/
and http://urlquery.net/report.php?id=8047417
This is what DrWeb's URL checker detects: htxp://unlimitedhacks.com/downloads/BinWeevils_Mulch_and_Dosh_Generator.exe contains an advertising software Adware.Conduit.13
polonus
-
Polonus just to let you know - I got this Conduit thing today with a CNET download even though I declined all the add-ons
took a while to remove it - I did UNINSTALL - now my new scan lists it (not a threat ) but says:
C:\Program Files \Connect_DLC_5 Error:the system cannot find the path specified (3)
-
I was able to detectec and remove using malwarebytes.org free down load...took about 10 minutes from state to finish
-
Hi Codetrader and Karen R,
Thanks for reporting here in this thread. Indeed bundled crap/junkware that comes with almost every free download now (so watch where you download from or go to the original download site) is becoming more and more of a nuisance. According to the (profit) bundlers this crap junkware is only slightly bordering on being real adware malcode, but the reason for detecting should be that removal is not quite that easy for the unadvanced users and the bulk of these additional "goodies" comes unsollicited and unwanted. Those in need of help to remove could always reckon on the help of a team of volunteer qualified removal experts we have here in these forums, see: http://forum.avast.com/index.php?topic=53253.0
polonus
-
Maybe in the future this will help:
Unchecky
http://www.softpedia.com/get/System/OS-Enhancements/Unchecky.shtml
Review:
http://www.ghacks.net/2013/11/27/unchecky-protects-unwanted-third-party-offers-software-installations/
I didn't try it.
-
Thanks Polonus...I used the reputable CNET and chose NOT to accept their additional ADD ON choices. This CONDUIT got in somehow uninvited.
I UN INSTALLED it yesterday when I saw it hijacked my browser home page and it is still there and told Firefox to REMOVE but still there - I also aborted the actual program I was downloading from CNET - a well rated PDF to Word converter for fear
...if not CNET then who can you trust?
Anyhow Polonus you are helping me on another thread for something else I reported from an Avast scan ...and it could be related
Appreciate all you do for your customers!
Thank you
Karen
-
I don't know if this helps but I'd like to share my experience.
I spend quite a lot of time installing free software if I think that it will be useful and remove it when it's found to be of no use. I've been caught out by toolbars that come bundled with free software more than once. I can assure you that some software does come bundled with unwanted toolbars that don't give the user the choice to opt out of during installation or at a minimum the opt out is hard to spot.
A couple of solutions that work for me (and still allow clean installation of the software that you wish to install) are as follows.
I've used a program called Image Hijacker to block toolbar installer executables from running but it requires knowledge of the file that you want names to block. It involves adding the file name to the hijacked list and substituting a fake message. Once it's set up it works a treat. I'm not sure how it works as there appears not to be any running process. Ironically it's actually pretty hard to find a safe download link for this software. I've tested it on the following software:
PhotoFiltre - bundled with Ask Toolbar.
Sardu Multiboot USB and DVD creator - bundled with Babylon toolbar
Both programs clean installed and toolbar installation was blocked by Image Hijacker.
I've also used Smart Windows App Blocker that does pretty much the same thing. It allows a user to block any process from running but it needs to run in the background the whole time and for this reason I stopped using it.
I'm guessing a little here but when you attempt to install a program you generally get asked if you wish to allow or block installation. For programs that are bundled with toolbars that will install by default - they're going to install. I suppose that some people might actually want these toolbars and as far as I can work out - security software sees nothing malicious in them. They just change the way your browser behaves.
-
Hi Callender,
Thank you very much for sharing this info with all of us here.
Even it it helps some to stay clear of any unwanted crap- and junkware it is very welcome information.
polonus
-
delta search is another particularly tenacious bit of stealthware.
It's attached itself to my Chrome browser, but somehow not Firefox or Iexplorer.
I followed all the delta search instructions for removal and It's still there.
I uninstalled Chrome. When I re-installed chrome - it was back.
major phooey time.