Utorrent tool/browser bar

[V?rbris]

Vil bare opplyse om at Utorrent inneholder Maleware nå for de som ikke vet dette.

 

Startside blir highjacket, man får en masse filer på maskinen som "nesten" blir umulig å få fjernet.

 

Filene lar seg ikke fjerne med Malwarebytes filassasin eller Lockhunter.

 

De må fjernes manuelt, og de ligger under skjulte mapper.

 

Står noe om dette her:

 

http://forum.utorrent.com/viewtopic.php?id=90082

 

Programmet inneholder også en toolbar

 

Innlegg fra tidligere brukere:

 

I've been using uTorrent for years, as it has clearly been the lightest, safest, and cleanest torrent program out there. I'm not normally one to complain about things, let alone go through the trouble of creating yet another account on the internet just to do so, but I registered today purely to come here and let you know how furious I am about this fucking browser bar.

 

I open uTorrent a bit ago, and it tells me there's an update with improvements and whatnot, so I figure, "hey, why not" and click okay to proceed with the update. During the update process not one time was I asked or even told that a browser bar, which seems dangerously close to a browser highjacker, would be installed.

 

When I reopened Firefox, my homepage had been changed, my search bar was changed, a new ugly toolbar had been added, and on top of that, when I removed the toolbar I discovered it had left another extension installed behind it.

 

This is absolutely unacceptable, and you guys should know better. I'm honestly concerned as to what else was installed on my system without my knowledge, and how my other browsers may have been highjacked or compromised. Should I be worried that I unknowingly gave permission for some kind of trojan to be installed on my system as well? This is disgusting, and really not something I have time to deal with today.

 

At the absolute least, we deserve a full disclosure of everything that was installed with the update, or could have been installed with the update. In addition, right fucking now you guys should be working on an emergency patch for this update, and the current update should be pulled until then.

 

I'm sure I sound a bit sanctimonious here, but seriously, this is a major breach of privacy and trust, and you will lose a lot of users over this. I hope you guys can resolve it soon.

 

 

Update: It highjacked IE as well, changed the homepage and the search provider, and installed god knows what else.

 

Thanks uTwat for posting the HijackThis tips. For those that aren't familiar with it, cnet has a clean download and a tutorial for it here.

 

The very fact that we have to use HijackThis to remove this shit has officially moved uTorrent into the realm of malware. You guys should be better than this.

 

Edit: oh, and it's real nice that the homepage it changes your browser to is mocked up to look as much like Google as possible. Hoping some of the less tech-savvy users won't notice? I hope Conduit gave you guys a fat fucking check, cuz you just alienated your entire user base.

 

Edit 2: Looks like there's more than just those three items to remove in HijackThis. This is what I found in my scan:

 

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

- C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D}

- C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

- C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

- C:\Program Files (x86)\uTorrentBar\tbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D}

- C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllAnd, after running a clean operation, twice, with all other windows closed, THREE of the five items still show up. What the fuck guys? This is some evil shit you let through onto our computers.

 

Vær oppmerksom på Conduit engine

og Conduit mapper.

 

Sjekk tillegg som dere har på deres nettlesere.

 

Bruk Highjackthis for å finne skjulte filer, men disse må letes etter manuelt også i mapper som ligger skjult.

 

Bruk derfor - vis skjulte filer og mapper.

 

Har nå brukt bitcomet såvidt men var forferdelig treg.

 

Bruker nå Bittorrent - samme oppsett nesten som Utorrent, men får ikke dette Conduit - toolbar og highjacking av startside.

 

Dette er noe Utorrent har lagt inn i sine siste oppdateringer.

 

Noen har fått dette i vår, jeg fikk det nylig da jeg oppdaterte Utorrent.

 

Ser ut som mange Utorrentbrukere forlater Utorrent i følge deres forum:

 

http://forum.utorrent.com/viewtopic.php?id=90082

 

Får heller ikke gamle utgaver fra Fillehippo til å virke skikkelig.

Endret 23. september 2011 av Vårbris

[Svenni212000]

Er Conduit malware da? Check Point ZoneAlarm bruker eksempelvis Conduit i sin Toolbar.

[V?rbris]

Les postene i Utorrents forum.

 

Man kan IKKE velge bort dette, man får en startside man ikke vil ha, og man får flere tillegg under nettleser.

 

I tillegg lar dette seg nesten ikke fjerne.

 

Regner med Zonealarm er noe man ønsker og som ikke kommer som eventuelle tillegg til andre programmer?

 

Her er det snakk om ikke ønskelige programmer/tillegg/vedlegg som ikke lar seg velge bort ved installering.

 

Selv satt jeg en hel kveld og til utpå natta for å få fjernet tillegg i nettleser, få inn ny startside ( den gamle ), og finne filer som lå skjult flere steder for å slette disse.

Endret 24. september 2011 av Vårbris

[V?rbris]

Mere om saken:

 

http://thesietch.org/mysietch/keith/2010/12/08/how-to-remove-conduit-engine-search-from-firefox-3-x/

 

 

How to Remove Conduit Engine Search from Firefox 3.x

 

Anyhow, upon upgrading BitTorrent, I found three things had happened, all of which greatly annoyed me.

 

1) A couple of new toolbar widgety-type things had ensconced themselves in Firefox

2) The search box had been hijacked

3) The URL bar search facility had also been hijacked

 

It turned out that the makers of BitTorrent had been a little foolish, using something called Conduit Engine to create a toolbar. The problem with this is that when you use Conduit Engine then it stays used: you have to accept (or rather your users have to accept) all the crap that comes along with it, screwing up your search options seemingly forever; or at least until you completely uninstall Firefox and reinstall it. And even then it will probably still be around.

 

 

http://wiki.answers.com/Q/What_is_conduit_engine

 

What is conduit engine?

 

 

Answer:

 

What is Conduit Engine?

 

Conduit sells search engines to sites that install the engine to hijack home pages. I purchased a product from Ahampoo, and rejected the option to install the Bing Ashampoo search bar, yet it was installed. The code of my hijacked home page is http://search.conduit.com/?ctid=CT2475029&SearchSource=13. Conduit evidently is in some partnership of revenue sharing of the hijacked home pages. A Web of Trust search will show many complaints from users. Conduit Engine shows up in my add/remove programs, but failed to uninstall, and the "uninstall" was preceded by some direct script code that quickly popped up and then disappeared, I assume so that the search bar cannot truly be uninstalled.

 

A Google search of Conduit Engine will result in complaints by users who want to uninstall the search engine, but are having problems.

 

Read more: http://wiki.answers.com/Q/What_is_conduit_engine#ixzz1YskTUnYq

 

Står en masse om dette på nettet hvis en søker.

Endret 24. september 2011 av Vårbris