Running Win95 programs on Vista/Win7

Started 8 months ago | Questions thread
Jim Cockfield
Forum ProPosts: 14,890
Like?
P.S. Conduit and more...
In reply to Jim Cockfield, 8 months ago

Jim Cockfield wrote:

Joe186 wrote:

I’m running the non-installed portable version without any issues. Scanned with freshly updated Windows Defender, ClamWin Portable and McAfee Stinger. No threats reported by those three.

Well, I wouldn't trust any of those to warn you about adware installers like OpenCandy (what the main version of that program is going to use by default to install crap you probably don't want running that can be difficult to detect and remove without using specialized tools like adwcleaner and malwarebytes).

Again, those products are not going to be very good about detecting OpenCandy (I'd be very surprised if any of those three products would, as for the most part Windows Defender is horrible at detecting that kind of thing, as is a program like McAfee Stinger; and it doesn't look like ClamAV detects it either from what I can see of VirusTotal results of programs that use it.

Those products would probably be the least likely products I'd use to protect myself against adware installers.

But, the portable version appears to be clean. See scan of the .exe inside of the .zip file for it:

https://www.virustotal.com/en/file/208ff3df3a128326a838f582eb94b98734286ffef62a2c68d9a353e361be00d8/analysis/1396146469/

I only see one AV product that flagged the portable version, and that's likely to be a false positive

Again, the portable version is clean.

But, the installer for the non portable version is something I'd avoid, as it uses OpenCandy in it's installer (and the software that OpenCandy installs if you're not very careful to opt out can sometimes be difficult to get rid of, with the opt out process often confusing and misleading).

https://www.virustotal.com/en/file/91bdf317e50d349cd096b8daa7d5aabf85ef8e2288086073be9a7105070611fb/analysis/1396140246/

Again, the non portable version includes OpenCandy. They like to project an image of being a good citizen, etc., stressing that they don't leave anything installed on your PC. That may be right (OpenCandy itself is not left installed after running it's installer).

But, if you look at the type of crap that OpenCandy will install on your PC by default unless you're very careful to "opt out" (which can be confusing and misleading), you can end up with some nasty adware like Conduit. That's one of the products it's going to try and install by default. Note the Sophos analysis of the OpenCandy installer here, where it's grabbing the Conduit search toolbar:

http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/OpenCandy/detailed-analysis.aspx

You'll find tons of threads about it in forums posted by users trying to get rid of Conduit, as it hooks into your browsers in a way making it tough to remove without using specialized tools like adwcleaner, which added Conduit to the adware it's capable of removing last August. See it's change log here:

http://general-changelog-team.fr/~xplode/Changelogs/CG_AdwCleaner_EN.txt

A page showing steps needed to remove it in other ways:

http://www.pcinfected.com/remove-conduit-search/

So, I'd be careful about recommending that type of software to others without warnings (or for that matter, I wouldn't suggest it at all, as I avoid products from developers that resort to including installers like OpenCandy in their so called "free" products, so that I don't end up with an adware infested PC).

So, I would not recommend the software you linked to, given that it includes the OpenCandy installer in the standard (versus portable) version.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Post (hide subjects)Posted by
Keyboard shortcuts:
FForum PPrevious NNext WNext unread UUpvote SSubscribe RReply QQuote BBookmark post MMy threads
Color scheme? Blue / Yellow