Be so careful updating or downloading free software.
I just had the experience of updating my Fox It Reader, which I use as my default PDF instead of Adobe Reader. At the end of the download it added Search Protect. NIS refused to let me install it, so I did not. But it surprised me how easy it would have been. I was downloading directly from the Fox It site, so doubly upset.
Here is info on Search Protect:
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/search-protect-conduit/7b0c62d9-1819-414a-96c8-a512f24b3a5b
One article says:
See: http://malwaretips.com/blogs/conduit-search-removal/
Yes, you should remove it.
It is a browser hijack in that it changes your home page and search provider. This component insures that any changes made to the search provider subsequently will revert back to Conduit.
Then after I finished the update, I restarted the computer. Trojan Killer pops up with two more.
PUP.Optional.Conduit.A.an!L
And Open Candy. Both appear to be hijackers.
Link:http://www.crn.com/news/security/240155643/microsoft-warning-free-software-could-contain-hidden-malware.htm
Microsoft recommends users download software directly from the software maker's official website. Avoid links from forum posts because they can lead to repackaged, malware-laden software, Pornasdoro said.
Version 13 of the Microsoft Security Threat Report highlighted the technique of bundling malicious software in legitimate software applications. The technique has been popular with adware designed to send system data and an individual's browsing habits to an aggressive ad network without the victim's consent.
OpenCandy, an adware program, was detected running with some third-party software last August. DealPly, another program that displays search results based on a user's browsing habits, was labeled adware by Microsoft. It was being bundled with third-party applications as an browser add-on.
Mobile devices are also not immune, with freely available versions of legitimate mobile applications sometimes packaged alongside mobile spyware. Microsoft warned Android users earlier this year that a rootkit was detected bundled in a legitimate Android application. Gingermaster, a threat detected with certain clean applications, apparently contained a malicious image file that could root the device. A Google update now blocks the attack. The notorious DroidDream infection was also detected embedded in otherwise harmless applications.
Full scans by Trojan Killer, Norton Internet Security, and Malwarebytes (free) indicate it's all clean now.
I followed every direction about downloading direction from the website. I probably wouldn't have downloaded the Search Protect, but Norton jumped it before I even had time to think. Since it is IN the update for Fox It, I assume they know it is there. Right?
This is really getting a little scary. I have never had problems like this.
All this after getting rid of a bad hijacker infection I got when downloaded VLC Media, being diverted to the Cnet site, which I trusted.
I am getting edgy about this now.
elifino
(366 posts)I work in IT, this is becoming a real problem with several other program updates. Examples are Flash Player, Java, and Chrome install. I have several everyday to remove from users workstation. Some things to look for in the Program Files Directory are My PC Backup, anything about shopping or games. You are correct that Malwarebytes can detect and remove most of this type of mal-ware, other programs I have found useful are JunkWare Removal Tool and Vipre anti-virus.
madfloridian
(88,117 posts)Would not let me download it. Finally Secunia PSI noticed it needed updating, and I let them. It worked. Will have to look at the log files to see what trojan Norton named.
Do these websites know, or they aware, that this malware is in their download? Do they do it on purpose?
hobbit709
(41,694 posts)To me Norton's about as useful as a screen door on a submarine.
madfloridian
(88,117 posts)generics.exe contained the Trojan.ADH.2
I looked up both:
Trojan.ADH.2
http://www.bing.com/search?q=trojan.adh.2&FORM=HDRSC1
genericss.exe
http://www.bing.com/search?q=genericss.exe&qs=HS&pq=genericss.exe&sc=3-13&sp=1&FORM=QBRE&cvid=f6f46a4656dd4e09a322075e5a82bd8c
About all that appears is just for generic.exe. I actually had a file called genericss.exe, and I see nothing much about it.
I don't think it is a false positive.
hobbit709
(41,694 posts)MacAfee once identifed an .exe file I had as a particularly nasty trojan. MSE, Malwarebytes, Kaspersky and Avast all said nothing wrong with it.
douglas9
(4,358 posts)Simple program that provides some help.
http://unchecky.com/
madfloridian
(88,117 posts)That's been the case. The Search Protect was actually part of the installation itself, although at the end of it. It gave me no option until Norton caught it, then I had the option of just finishing the installation without it. It really wasn't a choice. Would that program catch things added on like that?
I may try it. I am getting to the point I don't trust any websites.
douglas9
(4,358 posts)Like yourself became fed up with Foxit after a couple of years. Always had to be careful of the updates. Dumped Foxit and went with PDF-XChange Viewer. Smaller size and far superior to Adobe or Foxit. No regrets.
http://www.tracker-software.com/pdf-xchange-products-comparison-chart
gvstn
(2,805 posts)madfloridian
(88,117 posts)Will probably change from Fox It after all they have put me through recently.
gvstn
(2,805 posts)They don't add anything and they usually disclose if there are additional programs included and warn you to pay attention during install.
For example imgburn which is a good program but comes bundled has a warning at the end of the description in red typeface warning you to pay attention during install. http://www.majorgeeks.com/files/details/imgburn.html
gvstn
(2,805 posts)Has been around for quite a while. The installer is very good at keeping the "extras" out of the download.
http://ninite.com/
The unchecky program someone mentioned is probably very similar.
madfloridian
(88,117 posts)I have been using Secunia PSI, and it works to update the programs.
whistler162
(11,155 posts)since you can select not to add the shortcut and/or not check for updates.
wandy
(3,539 posts)In case you forget to "just say no" to all of the bloatware garbage, this may help.
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
It is a transparent install (simi standalone with no register entries) just makes a log and qurantine folder.
It will remove that if you tell it to.
It's process will detect first then allow you to decide what to get rid of. This is good as it is intensive and may mistake things like the Express Gate updater as a problem. It will let you decide.
It will also remove unwanted browser add ons; register entries et all.
The downside is it's native language is not exactly one I speak. Pick around the web page and you will find other translations.
It is a standalone tool and as such, at least the last update, it will complacently remove itself and take you to the web page to get the latest level.
Worth trying. Remember to read the instructions first.