How you can get stung in a Flash by Conduit Toolbars

Posted by Unknown
[caption id="attachment_7705" align="alignnone" width="497"] There are computer viruses, malware, spyware, and the variously named Conduit Toolbars.[/caption]

Today I got to once again eXPerience Microsoft's most venerable, and vulnerable, operating system as I cleaned up the doo-doo after a friend's update of Adobe's desktop Flash.

Adobe thinks nothing of letting out-and-out spyware piggyback on it's Flash installers and updaters; it's called a "bundled download." Adobe give you the chance to disallow the third-party ware to install along with Flash,but you have to be paying attention. Lots of people trust Adobe, like my friend did. These days, trusting in Adobe updaters gets you not just Flash, but new Web browser features in the form of the Conduit Search spyware.

[caption id="attachment_7711" align="alignnone" width="497"] An Adobe Flash installer with bundled download. The "decline" button isn't hidden but...[/caption]

Conduit is a so-called browser hijacker; it changes browser settings, such as your default search engine, and home page. There are supposedly reports of it blocking access to certain Web pages, and even disabling Internet access, but it's not considered dangerous, just darned annoying. It's a bit of a handful because Conduit can install itself in Google Chrome, Firefox, and Internet Explorer, using the appropriate plug-in architecture for each browser; and it comes with so many different names: Conduit, VisualBee, KeyBar, and GreenL!e, to name a few.

My friend only had Firefox and Internet Explorer installed. He had uninstalled Firefox in the hope that he could reinstall it fresh and free of the unwanted spyware. That doesn't work because the affected bits are configurations and settings external to the application. The new install of Firefox just hooks up to the hijacked externals. Internet Explorer can be uninstalled from Windows XP by a 12-foot drop.

Deleting Conduit's toolbars and settings means looking in the right places


In all three browsers Conduit changes the default home page displayed on launch. That can be easily changed back to whatever page you want.

Both Firefox and Internet Explorer

Go to Tools > (Internet) Options > General. Replace "search.conduit.com" with the URL of your choice or leave it blank. Click Apply.


Google Chrome

Click the Settings icon -- a square of three horizontal lines on the extreme right side of the menu bar -- under Appearance click Show Home button, and, well, it didn't work when I tested Google's instructions. Feel free to try for yourself.


Conduit also installs plugins for each browser.

Firefox (and Chrome)

In Firefox, in the Tools menu pull-down, choose Add-ons, and then click the Extensions tab. In the list of extensions, single-click/Highlight the MIXI.DJ extension, and click the Remove button.


Internet Explorer

Conduit's toolbar plugin for IE is installed (and removed) like any other Windows program.  It can go by many names, including "GreenL!e," and "KeyBar." In today's case, it was "VisualBee."

Windows XP: Go to Start > Control Panel > Add Remove programs. Find items that relate to conduit and KeyBar toolbar, such as search protect by conduit. Click on Remove.


Windows 7/Vista: Go to Start > Control panel > Uninstall a program/Programs and Features. Again look for items that relate to conduit and KeyBar toolbar, as above. Click on Uninstall.


In Firefox, the default search engine can be toggled from the pull down list attached to the search bar on the top right corner of the window. I have to admit I didn't deal with that in Internet Explorer. You'll have to search that. I only have so much patience for Windows.
6 comments:
  1. ~xtian said...

    Good post. I really don't miss having to deal with this kind of stuff - although technically any OS you can run Firefox or Chrome on is prone to it.

  2. Ha. Good point. And I was beginning to feel smug on behalf of Linux users. You balloon popper you.

  3. ~xtian said...

    The Flash exploits that get cooked up for Windows aren't so much of a worry when you're on a *nix of course. Thankyou Adobe...

    I don't remember when I last updated my flashplayer actually. I should check.

  4. So... That really is a picture of a long spoon on your blog; suitable for when you "sup with a devil" such as Adobe?

  5. ~xtian said...

    HA. Yes something like that. Flash needs hurry up and die instead of lurching 'round the web like a zombie.

    I don't remember last time I used Acrobat Reader. I stopped using it when it started getting fat and ugly. Now the Windows alternatives are getting fat and ugly too.

    And fortunately I've never been a paying customer of Adobe's so I've never had to trust them with any credentials. They got even more egg on their faces than usual losing all those passwords last week.

  6. Adobe and Apple had a close relationship in the early 1990s. It was Adobe's PostScript page description language, and PostScript Type 1 fonts that made electronic publishing viable. Apple's adoption of PS underlied the Mac's dominance in what we first called Desktop Publishing (ugh!). Photoshop, which Adobe bought early on was everything a good program should be. I first bought Photoshop 3 in 1992, but I later experimentally installed Photo Shop 1 on a Mac Classic -- just to see. Adobe is now "fat Elvis," but in it's day it rocked!

Post a Comment