Best answer by Rakanisheu Retired
View originalConduit and friends
Userlevel 3
Alright, so I am a tech at a local shop and we have not came across a virus or really any kind of issue we wasn't able to fix. Now I have four computers in my house, two of which have Viper and I have it set pretty moderate as they are gaming rigs and used for after hours support. The other two are laptops, one with webroot running full blast and it seems to do rather well minus one thing.... That one got conduit on it about five days after my girlfriend which I know her habits and have set up her protection accordingly, took possession of it. Webroot missed about everything which I understand since its technically not a virus its just like the hemorrhoids of computers. But why is it that once I started removing it after I got down to I believe two last .dll's that it finally noticed it? I'm a firm believer in web root but that to me was kind of a low blow to not cover, is there any chance you guys could patch that up? Because normally it comes along with something that was meant to be downloaded. The most common download I see if come from is when someone installs gimp and they don't do advanced install to uncheck everything not needed. So maybe you could implement a scanner that scans through the windows installer to see if anything is being installed along with the known component that they want? I can say one thing though that I will forever love about webroot and that's simply that I can use d7 with it and it doesn't flag all my tools and it doesn't slow down my computers alot. So please try to implement that protection as I stated above to try and fight it more, and something else that I have noticed is lately alot of viruses are installing drivers and duplicating old drivers, so maybe use the logger to check drivers at startup for changes?
Userlevel 7
+56
Hello JHLittleDogTech and Welcome to the Webroot Community Forums.
Please see this thread: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Browser-Hijacker/td-p/14036#.UpIn9-LZG_o & this one https://community.webroot.com/t5/Tips-and-Tricks/Webroot-s-position-on-PUA/m-p/40362#M446
Thanks,
Daniel 😉
Please see this thread: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Browser-Hijacker/td-p/14036#.UpIn9-LZG_o & this one https://community.webroot.com/t5/Tips-and-Tricks/Webroot-s-position-on-PUA/m-p/40362#M446
Thanks,
Daniel 😉
Userlevel 3
Yes I did read that and I was just wondering if they will ever make it catch conduit or maybe during install of webroot have it give advanced users an option to not allow them to be installed even along with software you wanted, I'd like that if they would let the end users choose whether to allow pua's or pop's or not so that it kinda removes the having to rely on end users to understand what's good and what's bad.
Userlevel 7
+6
Conduit is now being detected.
Webroot's focus seems to be on disrupting the ability of PUA to function correctly, rather than strictly preventing the installation of software that dumps it on the computer.
Webroot's focus seems to be on disrupting the ability of PUA to function correctly, rather than strictly preventing the installation of software that dumps it on the computer.
Userlevel 7
+56
Conduit is now being detected as a friend tried to install a program which had Conduit and was block from installing Nov 22.
Daniel
Picture from online console!
Daniel
Picture from online console!
Userlevel 7
I am glad that Conduit is now being detected. It does go back to that link regarding Webroot's stance on PUA's:
" PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad"
Rakanisheu Threat Researcher.
Conduit generally does not have a clear uninstaller that actually really works... so it should fall under malware instead of PUA. As others have said, hopefully more and more of the really hard to uninstall PUA's will be reclassified as Malware 🙂
" PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad"
Rakanisheu Threat Researcher.
Conduit generally does not have a clear uninstaller that actually really works... so it should fall under malware instead of PUA. As others have said, hopefully more and more of the really hard to uninstall PUA's will be reclassified as Malware 🙂
Userlevel 7
+6
Webroot seems to have had somewhat of a change of heart regarding PUA. They are adding new detections and being more aggressive about it all the time. I can see the new detections going into effect everyday against groups of computers we had that are not fully managed.
I don't think they'll ever be as aggressive as consumers want, that's not really their style, but they are targetting the core components.
Userlevel 3
Yes, thank god I just got that update where it notices it, and yea the uninstaller doesn't do hardly anything. That's why I just blow it away with revo, works wonders against conduit and other crapware
Userlevel 7
+56
I use Revo Pro and it is great!
Cheers,
Daniel
Cheers,
Daniel
Userlevel 7
While I was quoted in this thread I have also said many times that our stance on certain PUA`s isnt set in stone, it may change and in conduits case it has changed and we now flag it as bad in our database.
Userlevel 3
Thank you! Lol, cuz my girlfriend downloads it like candy..... I swear that computer is going to "randomly" go missing haha, but now it doesn't have to.thank you, and please if you could private message me whenever you come across new threats so I can be in the front line for trying to prevent them and also because I always love a good challenge, and also I was told before that webroot flags and removes cryptoprevent from foolish it.... If so is there a script or command I can run so it does not flag it? I just want to be able to use it since I'm currently going to school at ITT for software development and I'm actually going to do a presentation over cryptolocker by downloading it and after downloading and wiping it and my corrupted files showing three different ways of preventing it, webroot, pandausb, and cryptoprevent. And I'm also going to show two recovery options, bitcasa and once again webroot. So please consider doing so, as I am also trying to get my boss to start carrying webroot secure complete as another option for a/v to sell after doing a virus removal and after telling him it catches conduit now he's getting interested
Userlevel 3
And sorry I didn't get the update on her computer till yesterday since currently I do not have internet ?
I feel lost without it lol. But I still have it on my phone and luckily a windows phone, so I'm still able to remote my workstations lol
I feel lost without it lol. But I still have it on my phone and luckily a windows phone, so I'm still able to remote my workstations lol
Userlevel 7
+56
It's not really and update as they made the changes in the Cloud Database nothing to the client.
Daniel
Daniel
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.