Solved

Browser Hijacker

  • 28 October 2012
  • 61 replies
  • 11649 views


Show first post

61 replies

Userlevel 7
Hi Charlotte
 
Welcome to the Community Fora...:D
 
Sounds like you husband should heed your advice, as should a good many others...it is sound  (apart from the bit about the Mac...;)...but then again, I am a diehard PC head and no fan of the Glowing White Apple).
 
Dispensing that sort of advice please do stick around...you will be most welcome.
 
Regards, Baldrick
Userlevel 7
Hi GettinBetter
 
So DON'T click on it.  http://www.emotiyou.com/galerie/films/animation/moi-moche-mechant/minions/201310250040YAU.gif
 
At this point it is worthwhile making sure that you are in possession of all the words of wisdom expounded in this thread so far, and that you may have missed (apologies if you have not...but thought it best to make sure...;)).
 
If you have not yet seen then them please see Daniel's wise words in this previous post...in case it can be of assistance.
 
Regards
 
 
Baldrick
Userlevel 7
Hi GettinBetter
 
I am sure that you qualify, even on a trail license, after all...they will want to make you a happy punter, I am sure...and what better way to convince than with great support...which is what the Webroot Support Team are renown for...amongst those who know.
 
Do keep us posted re. your experiences...and whether you decide to stick with WSA.
 
Regards
 
 
Baldrick
After hunting through the various posts regarding the Browser Hijackers, I learned a lot, as respects the terms PUP and PUA, so I went through all of the programs on my husband's PC, if something looked like an "odd" program name, I googled it, if it came up that it was a PUP or malware I deleted it. Thanks all of those posts were so helpful! Do have a question though about WebRoot. The scans said his PC was clean of malware, however, when I was looking for and deleting all of those PUPs/PUAs, quite often I'd get a pop up window from WebRoot saying it had identified a potential threat. But these threats weren't any of the ones I was deleting! It almost seemed as if the software was "thinking" and looking for patterns now that I'd been deleting stuff. Am I training WebRoot to be on the lookout for new patterns, or what?? It was interesting because all of a sudden it was finding things that it hadn't found or identified on the prior first scan.
Userlevel 7
Hi Charlotte
 
It is not so much that you are training WSA but rather that the Cloud that holds all the information on what is good and what is not good grows daily, what with all the Webroot Threat Researchers continually analysing new files and apps that are daily being released and/or new versions of existing files and apps.
 
So when your system is scanned the threat database in the Cloud will have changed, and things previously not flagged up will be, etc.
 
If you take a look at the excellent post that Daniel put up earlier you will see what all of that entails.
 
Hope that helps...and keep asking the questions. ;)
 
Regards
 
 
 
Baldrick
 
PS.  What I occassionally do is go into the Advanced Settings, Scan settings, and toggle off the Detect PUAs...setting, save the configuration, then go back in and toggle it back on, save once more and then run a scan.  This is a tip provided by one of the excellent Threat Researchers, as something that seems to 'bump' the detection of PUAs/PUPs...not sure how or why but it seems to, so yo many want to try it. :D
Userlevel 7
Hi BobbyBoswell13
 
Welcome to the Community Forums.
 
Thanks for your input into the Great Debate...if only it were that simple but unfortunately PUAs come in all shapes and sizes, i.e., from different sources, impacting the system in different ways, embedding themselves in browsers, installed as programs, chnaging the Registry, adding services, etc., or any permutastion of the aforementioned and more.
 
As I am sure that you must have read in numerous threads and posts on the topic WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA.
 
There are thos that that are intentionally difficult to locate and remove are. But having said all of that Webroot does have an official stance on these annoying programs, which you can read more on here is you are interested.
 
Also, one of our gurus @ has posted an Idea for Webroot to consider asking them to increase PUA detection.  Please go along, review this, add your comments (this is the best place as the Development Team frequently review what has been raised/posted in the Ideas Exchange) and even kudo the feature request...it will all help to get traction on improving WSA...and after all that is one of the things we want to do...help make WSA a better product.
 
Regards, Baldrick
...and that should have been search.conduit
Userlevel 4
Looks like a lot of fun.
 
http://www.ehow.com/info_12197330_search-conduit.html
Userlevel 7
There are plenty of paid for products that are extremely difficult to remove! A programs difficulty to remove doesnt indicate that its malware. I regularly test these toolbars and from time to time we do reclassify I only recently tested Conduit and it does require a number of checkboxes to be ticked in order to be installed.
 
Using Google as a reference to determine if a piece of software/file is malware isnt a good idea. As a test Google any legimate Windows process and I guarantee that a number of results will come back saying its malware. Its one of the reasons why I see people blocking Windows processes.
 
I have said on many of an occasion that I hate 99% of all toolbars (I dont use any) and I would love to block them all but a large number of people do use them. Just because a number of people dont like them doesnt mean that its malware. It is worth noting that we do block tens of thousands of PUA every day.
 
Userlevel 4
I wonder if the new 2014 version handles this differently with the new PUA detection. And if upgrading to the new 2014 version would solve this issue.
Userlevel 7
No the process in this case wont change as the files have to marked as PUA in order for them to be detected/removed. But the PUA detection in 2014 is something that we really looking forward to using over the coming months. 
Userlevel 2
I totally agree, I have spent several days on multiple computer,s removing conduit from my office environment because it kills my medical applications, and a couple of nights fixing home users that want to switch to linux now to save themselves from the constant barage of maleware they are seeing.   Even after all the other browser edits and registry hacks we do, I finally have to run MalwareBytes to finally get it to go away.  So I dont want to be buying MalwareBytes because Webroot my antiv of choice wont help me clean it out. 
 
At least give us an option to remove or protect against selected PUA's because the accidential install of these malicious pests cause hours of work to remove and return my systems to a functioning stage.
Userlevel 7
Badge +55
@ wrote:
Conduit has now been changed to PUA so we are blocking the installers. I still stand by my original point that a large number of these toolbars do require a user to click yes to install. We cant block every single installer of programs that people dont like, if we did that I`d guess that about 95% of software programs would be blocked!
Hi Roy I believe they all should be Blocked all As a PUA inside the software then if the user wants to install they can bypass the Block then it's out of Webroots Hands as they have been warned. Also if Conduit is on someone's system I hope WSA can remove this unrelenting (Adware, Crapware, Malware) in any case as I seen on so many security forums they are treating it as Malware. Just my opinion.
 
Daniel
Userlevel 7
On the flipside alot of programs include other downloads as part of the software so are we supposed to blacklist Java/Flash/Adobe etc? Google search results are a common thing that are shown as "Evidence" of malware just because a program is difficult to remove it doesnt mean its malware. I spent ages over the weekend trying to remove .net to get it reinstalled again. Does that mean its malicious because its tricky to remove? Of course not but you can see where I am coming from.
 
As I have always said with these topics arrive I detest toolbars and these "free" programs you see on a lot of well known sites.
Userlevel 2
This is great news as far as I am concerned.  We are baraged by toolbar bloat and accelerators that eventually corrupt out machines and steal resources.  the old webroot had a toobar blocker, that I always liked, but now even C-Net is bundeling crap ware with normal download, so if you are not vigelent with every click, you load things without knowing it.  this is a step in the right direction.  Thank you for you input for both sides of the argument.
Userlevel 4
It might be conduit because i've had a simular problem with conduit, remove the homepage and that might do the job!
Userlevel 1
This sounds remarkably like the same problem I'm having.  Is this Conduit you speak of the Conduit SDK for mobile applications by any chance?
Userlevel 7
Badge +55
We are talking about the Bad Conduit add-on.
 
HTH,
 
TH
Userlevel 1
Wow! the concepts the same.....
Get the user to install an addon of some description, then redirect... mm.... supose that's how they all work really.....
except mine fries to get me to install 'flash'. Obviously its NOT flash, but god knows what it will do if I click on it!!!!
Userlevel 7
Badge +55
If you feel your infected please Submit a Support Ticket and they can look at your Scan log and help you remove anything even PUA's.
 
Cheers,
 
Daniel 😉
Userlevel 1
Yeah, Cheers for that litle pearl Baldrick  😃 , I have now submitted a support ticket,  Not sure I qualify though I only have the trial version, but this could be a turning point as far as my security software goes.  I've been with ESET for years, but only because they were the only ones doing 64 bit software at the time.
 
Userlevel 7
Badge +55
:DI'm just going to follow friends on the community and add kudos....Learning everyday...
 
 
Userlevel 1
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Userlevel 7
Hi GettinBetter
 
Would you be able to clarify what you mean by "not approved"?  Has something been quarantined or set to 'Block' or 'Monitor'?
 
Regards
 
 
Baldrick
Userlevel 7
Badge +55
@ wrote:
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Download an install from here: http://www.adobe.com/products/flashplayer/distribution3.html
 
And much more info here: https://community.webroot.com/t5/Security-Industry-News/Adobe-Flash-Player-12-0-0-77/td-p/88640
 

Daniel

Reply