Browser Hijacker

I recently downloaded a copy of imgburn, the excellent CD/DVD burn freeware. I thought I was careful to uncheck the "make this funny stuff my search engine and home page" boxes, but maybe I didn't. I sure thought I did.

In any case, the Conduit stuff took over the homepage and search engines of IE, Chrome, and Firefox. It was quite persistent, reappearing each time I removed it or thought I did. I finally went through a process recommended by Microsoft forum using three different malware programs. Hitman Pro even found the executable of imgburn.exe suspicious and wanted it removed. Anyway. I am clean now.

Has anyone ever heard of a firm so sneaky (I am speaking of this Conduit outfit) that they would install this even if the check box was clear?

 

>> Has anyone ever heard of a firm so sneaky (I am speaking of this Conduit outfit) that they would install this even if the check box was clear? DukOfURL <<

Yes, I would believe it... ImgBurn which is developed by a company called "Lightning UK!" is quite notorious throughout the Internet for its numerous very nasty, persistent and hard to remove adware programs; which are generally installed onto the (usually unsuspecting) users' computers throughout the ImgBurn installation process with little or no warning at all.

It therefore does not surprise me to hear that you encountered the "Conduit Search" which is an adware program that persistently changes the users' home page and default search engine to search.conduit.com. As an example how prevalent this problem is: The search terms "Conduit Adware" using the Google search engine garners: About 3,540,000 results.

Something else that has always bothered me about this ImgBurn adware-sponsored program; is the fact that there seems to be quite a suspicious number of "first time posters" on many of the software download websites out there, who seem to post glowing (and yet almost entirely similar) reviews of this software program - sometimes even word-for-word and on the same dates as well.

Good Luck! -- COMP​

 

I normally get my downloads from MajorGeeks.
http://www.majorgeeks.com/files/details/imgburn.html
If you scroll all the way to the bottom, you will see a warning in red about what you experienced.

 

I did use MajorGeeks to download it. And I thought I was careful to unclick the "load me up with PUP's" boxes but maybe I wasn't. I was wondering if anyone had come across instances where the "don't install this" was ignored and the stuff installed anyway.

 

I am new to this Forum, so please forgive me if I have missed an answer to my query, even though I did use the search facility.

Re. Imgburn, can anyone confirm unequivocally whether a download from MajorGeeks of Imgburn, when all the boxes to include adware, toolbars etc are ticked or unticked to deny the offensive add-ons, results in the adware being installed (or not)?

(Note : it seems from web searches that downloads from some sites DO result in adware, even though the options to deny are correctly entered. Hence I ask specifically about downloading from MajorGeeks, which I take to be a trustworthy site.)

 

I don't think it has anything to do with Majorgeeks. I believe it is the same from any download site. And I cannot unequivocally confirm that I had the boxes unchecked. I thought I did, as I always uncheck those offers. But in the interest of science, I am going to reinstall it and make sure this time. Then I will report back if the Conduit stuff is installed in spite of me telling it not to.

In the meantime, I think you can use BurnAware Free, a very good burner itself.

 

Hey Kes, did this earlier today as well.
1. The crap offer for snap.do
2. An offer to install Nitrous PDF viewer.
I went custom and installed.
Ran a scan with MBAM and it flagged the PUP OpenCandy. Zapped the ImgBurn installer right off the desk top. :-D
Nothing terrible though.


Cheers..

 

With all OpenCandy bundled installers, if you disconnect from the internet or block the outbound communication with a firewall, you won't be offered any other junk.
After installation, you'll still have a couple of instances of rundll32.exe running that host ocsetuphlp.dll
You can either kill these rundll32 instances or do the easy thing and reboot. The OC related files are automatically queued for the Windows Session Manager to delete on boot.

 

So it looks like the consensus, though not unanimous, is that the download is contaminated, even from this site! To be avoided ?