Bd Needs To Consider Browser Hijackers More Seriously And Block Them.

busterbuddy
edited September 2013 in Antivirus

This week my PC got infected with malware that hijacked the home page of my I.E. It was the Conduit Search project that removes your home page, typically Bling, Google,or FF Home page and substitutes its own search engine that leads you to pay for rank search results of a suspicious nature. BDIS 2014 did not block it. It was difficult to get rid of despite using BDIS, Hitman Prto, and MalwareBytes. Hitman Pro found over 30 pieces of it on my PC. A scan by BD deleted 15 uidentified threats from my PC. But after the BD scan Hitman pro found about 15 pieces remaining and Malwarebytes found another 3.


Evidently BD does not consider it malware despite it's fitting into that definition by taking control against your will over a part of your system and leading you to suspcious websites. The search page itself contains very suspicious looking ads that use social engineering to get you to click on what clearly appear to be highly suspicious ads.


BD considers the Conduit Browser Hijacker to be Adware, not Malware and is under the misunderstanding that you have to consent to allow it to be downloaded to your machine. BD is also impressed by the fact that it has a EULA. Well let me give you my assurance that I was never given an option to prevent it from being downloaded to my PC and I never saw a EULA. I only download freeware in the form of Demos from respected software companies.


See the second post in this thread explaining why BD considers this difficult to remove hijacker not to be malware. The BD person is parroting a blurb about this malware from an old spyware program's description.


http://forum.bitdefender.com/index.php?showtopic=42355


Are browser hijackers difficult to block? Does BD call it Adware and not Malware because it can not block it????


I expect my internet security to prevent browser hijackers from infecting my PC. Is that such an unreasonable expectation?????

Comments

  • busterbuddy
    edited September 2013

    Compare this description of Conduit to the naive description provided by BD in the post immediately above. This is what BD considers to be Adware not Malware.


    "What Is a Search Conduit?


    By Kefa Olang, eHow Contributor


    If your Web browser is constantly redirecting to Search.conduit.com without your consent, your computer is infected with the Search Conduit browser hijacker. Search Conduit is a malware program that modifies registry entries and attempts to steal vital information such as credit card data by redirecting searches to Search.conduit.com. Search Conduit promotes malicious activity, so to avoid damage to your computer and its files, remove it quickly and safely. Have a question?


    Description


    The Search Conduit malicious browser hijacker secretly installs on your computer without your consent. It usually installs when you download video codecs and ActiveX updates. It also spreads through a.dult websites. Search Conduit also goes by other names, such as feed.ndot.com, findsoul.info, search.good-search.net and bee-find.com.


    Function


    Search Conduit is primarily designed to reconfigure settings for browsers such as Firefox and Internet Explorer. Once reconfigured, Search Conduit redirects searches performed on popular search engines such as Google and Yahoo to Search.conduit.com. Search Conduit opens ports that drop additional malware onto an infected computer and affects DLL files used to improve a program's functionality. Removal


    If your browser keeps redirecting to Search.conduit.com, run antivirus and anti-spyware scans to remove Search Conduit and related browser hijackers. To increase the chance of detection, update your security programs virus or spyware definition list before running system scans. In addition, run weekly scans to improve computer and online security. Manually removing Search Conduit and related malware is difficult because they hide in system folders and the registry, so using a security program is a safer alternative.


    Warnings


    To avoid accidentally downloading Search Conduit and other malware, download content such as video codecs and programs from trusted sites. Some sites, especially those that promote pirated software, secretly package downloads with Trojans and spyware that cause computer problems."


    http://www.ehow.com/info_12197330_search-conduit.html

  • I'm afraid Christian is correct and wasn't just parroting. It is not malware, a far too liberal term applied to pretty much everything these days. a more accurate definition is a potentially unwanted program (PUP). As already stated by Christian they are installed at the user's will along with other programs unless opted out of. respected software companies do give the chance to opt out of installing such browser bars, search engine changes.


    Turn Firewall IDS to aggressive. It prevents homepage changes etc. at that level.

  • busterbuddy
    edited September 2013
    I'm afraid Christian is correct and wasn't just parroting. It is not malware, a far too liberal term applied to pretty much everything these days. a more accurate definition is a potentially unwanted program (PUP). As already stated by Christian they are installed at the user's will along with other programs unless opted out of. respected software companies do give the chance to opt out of installing such browser bars, search engine changes.


    Turn Firewall IDS to aggressive. It prevents homepage changes etc. at that level.


    antikythera as you know I have always been appreciative of your help in other matters and will follow your advice to up my firewall to aggressive from normal. But I will respectfully have to disagree that this is a program that asks permission to be downloaded or installed. I have downloaded too many Yahoo toolbars in my time so as not to be extremely carefull when installing ANY software from ANY company. Even legitimate companies on occasion ask about installing Yahoo and Ask toolbars or a Norton or McAfee quick scan of some type.


    I can assure you that this browser hijacker or any program that carried it DID NOT offer so much as a hint of its co-existence and definitely did not include any screens with checkboxes to opt out. My PC crashed last Sunday so I did have to download some programs that I had neglected to back up. Only one of these programs was freeware-the new winrar 5 that I downloaded from Softpedia.. The others were from BD, Acronis, Adobe,and Iolo for System Mechanic. I believe one of the programs had an opt-out for the Norton Quick Scan. None of these sources would include a browser hijacker in their download even with opt-out availability.


    The fact is that this program is malware because of what it does and how it does it all done WITHOUT my permission or giving me an opportunity to opt out of it's installation. And if it was so benign why did it take 3 anti-malware engines to remove it why did I have to remove at least a dozen pieces of it before IE could disable it through IEs standard disabling add-on and change home page features?

  • busterbuddy
    edited September 2013

    Also I failed to mention that uninstalling it via the Windows Uninstaller did nothing to remove it or to keep it from reappearing after initial attempts to disable it via IE's add on manager. The only place Windows uninstaller removed it from was from the Windows Uninstaller Program List.

  • Once again antikythera, thank you for your advice. I was not aware that the aggressive firewall setting explicitly states that it flags attempts to change your IE's homepage, among other things :-)

  • This week my PC got infected with malware that hijacked the home page of my I.E. It was the Conduit Search project that removes your home page, typically Bling, Google,or FF Home page and substitutes its own search engine that leads you to pay for rank search results of a suspicious nature. BDIS 2014 did not block it. It was difficult to get rid of despite using BDIS, Hitman Prto, and MalwareBytes. Hitman Pro found over 30 pieces of it on my PC. A scan by BD deleted 15 uidentified threats from my PC. But after the BD scan Hitman pro found about 15 pieces remaining and Malwarebytes found another 3.


    Evidently BD does not consider it malware despite it's fitting into that definition by taking control against your will over a part of your system and leading you to suspcious websites. The search page itself contains very suspicious looking ads that use social engineering to get you to click on what clearly appear to be highly suspicious ads.


    BD considers the Conduit Browser Hijacker to be Adware, not Malware and is under the misunderstanding that you have to consent to allow it to be downloaded to your machine. BD is also impressed by the fact that it has a EULA. Well let me give you my assurance that I was never given an option to prevent it from being downloaded to my PC and I never saw a EULA. I only download freeware in the form of Demos from respected software companies.


    See the second post in this thread explaining why BD considers this difficult to remove hijacker not to be malware. The BD person is parroting a blurb about this malware from an old spyware program's description.


    http://forum.bitdefender.com/index.php?showtopic=42355


    Are browser hijackers difficult to block? Does BD call it Adware and not Malware because it can not block it????


    I expect my internet security to prevent browser hijackers from infecting my PC. Is that such an unreasonable expectation?????


    I had a problem with Conduit at one time also. I found it very difficult to remove all traces of it from my system. There's a little program called adwcleaner from a French company called Xplode. It got rid of Conduit and a few other things as well.