Site Feedback forum

General discussion

search.conduit malware

by cozmo50 / April 29, 2013 11:14 PM PDT

Yesterday I downloaded a .pdf file printer app for Windows and it was bundled with malware. This is a browser hijacker. I got my browser back, but now my email is not working. I thought I could trust C/NET. The package that I downloaded was CUTEPDF.

Discussion is locked
You are posting a reply to: search.conduit malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: search.conduit malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
You have to be careful about
by R. Proffitt Forum moderator / April 30, 2013 2:12 AM PDT
In reply to: search.conduit malware

It's well discussed and I've yet to see this happen if I opt out or use the direct download. There is some debate if this is malware or just a toolbar that sets your homepage. Not much reason to discuss this again but here's the recent discussion you must read ->;threadListing


Collapse -
There is reason.....
by cozmo50 / April 30, 2013 9:36 AM PDT

To quote Bob..." Not much reason to discuss this again." Wrong... plenty of reason to discuss this. C/NET has long been one of my favorite and most trusted sites, for everything, including downloading helpful apps to try or buy. The packaging of malware is not something the faithful users of C/NET should expect or tolerate. If the reason is because of using or not using direct download, then C/NET should not allow any option for faithful users to be plagued by a pesky browser hijacker, toolbar installer, or any other unwanted software. It may be the new "way of the world" to market products, but that is because it is now being allowed by C/NET. Don't you get it??? The credibility of C/NET is at stake here. There is much that should be discussed, so please don't patronize me and send me off to another recent discussion link about the same problem that is not resolved.

Collapse -
I wish this would happen to me.
by R. Proffitt Forum moderator / April 30, 2013 10:01 AM PDT
In reply to: There is reason.....

Sorry but I've tried this over a hundred times and can't seem to catch the malware folk write about. It seems folk are ready to flame anyone that answers and let's hope you are different.

Collapse -
I did the best I could....
by cozmo50 / April 30, 2013 1:03 PM PDT present the problem in the most legitimate terms. I even named the software package. I'm being honest about how I feel, or used to feel, about the trust I have, or had, with anything I downloaded from C/NET. I even tried to discuss how this could hurt the credibility of C/NET. You've taken my honesty and returned it with a lame accusation of how I am "flaming" you. Simply because this hasn't happened to means, in your eyes, it never happened. I was hoping to have reassurance and a decent discussion, but it appears you are almost taking a governmental stance on the issue. I'm sorry I disturbed your nap. Maybe my quandary will wake someone that can support my concern about what "tags along" with downloads from C/NET.

Collapse -
by R. Proffitt Forum moderator / April 30, 2013 11:46 PM PDT

But I offered this so you can read where you can avoid the CNET installer and some possible toolbar.

I see you noted the app in question so let me go install that as a test. Here's the link I'll use.

Just for you I'll not use the Direct Download Link. BRB.

cbsidlm-tr1_13-CutePDF_Writer-SEO-10206470 was downloaded, now installing.
I declined the WaJam offer.
It's downloading CutePDF now.
The CutePDF installer is up now.
I'm declining the Ask toolbar as well as it's offer to change my search provider (not CNET downloader doing the, just CutePDF's installer offer)
I'm declining CutePDF's offer for "HotSpot Shield."
It needs a PS2PDF app so I said OK to that.

A quick scan shows no extra toolbars or the item you noted.

Sorry but I did this and didn't get the items you wrote about.

I went the extra mile just for you. Can you tell me if you accepted any of the extras I declined?

Collapse -
Scans underway. Nothing found.
by R. Proffitt Forum moderator / April 30, 2013 11:59 PM PDT
In reply to: Sorry

And my email is working.

Hopefully you see why such is heavily discussed and I like folk to ask this but wish it would happen to me so I can document and kick it up to those I know.

Collapse -
I have the installed,
by DChrisL / August 13, 2013 8:00 AM PDT
In reply to: Sorry

on my laptop and my desktop. This was the only item that was clean of any extras from It a had three check boxes on it, I unchecked all of them. One was a desktop icon, the 2nd one was to add it to my sites in Internet Explorer, That was a BIG NO! The same with a quick launch icon. The only problems I have hit was sending to this forum, faked out Facebook, same with something I will not say what, PSI 3.0 would not work originally, the icon was gray until I double clicked from the right side of my mouse and that worked. Then there was, had a similar situation: If the asked if I was in CA or Ohio, I said: Yes. But since it sends information of being in other states, seven ISP's said I was at a different ISP I'm in FL, my ISP is Comcast. the free Constant Guard will not work. No problem, I downloaded two free NORTON 360's; then deleted constant guard and vaultID. When I send this to you, I will pause it until I turn it back on.
Darrell (Submit)

Collapse -
Be careful about this thread.
by R. Proffitt Forum moderator / August 13, 2013 8:42 AM PDT

The story changed from initial install to what we found later.

And the same story of unchecking items yet SweetPacks still installed. I said no too yet it installed.

Please post in the forum from now on.

Collapse -
I did custom install. I check edit NOT to install conduit.
by Christianagems / August 7, 2013 2:13 PM PDT
In reply to: There is reason.....

I did a custom install..and said no to conduit..and then I even decided not to even install anything..but conduit installed anyway and hijacked my browser. I even uninstalled it before I opened the browser and it installed itself anyway. Same on cnet. I never agreed to conduit and the other crap they installed. I specifically said no. I unchecked tithe box. Shame on cnet. Program was free PDF. Cnet needs to stop

Collapse -
I had the same item installed and found a solution for it.
by DChrisL / July 10, 2013 12:36 AM PDT

It is listed as search protected and more but if you have SuperAntispyware installed, run a scan. They will all be listed. I have the free edition of SAS. you can click on the items and find where they are in the registry. My OS is WIN7 Home Premium. This a link to SAS: Darrell

Collapse -
(NT) This in re: search.conduit malware
by DChrisL / July 10, 2013 12:38 AM PDT
Collapse -
This discussion is not about the conduit.
by R. Proffitt Forum moderator / July 10, 2013 4:12 AM PDT

I'd make a new post.

Collapse -
Thanks. I think I see it added a BING search.
by R. Proffitt Forum moderator / May 1, 2013 1:02 AM PDT
In reply to: search.conduit malware
Collapse -
Thanks for bringing this to our attention.
by CNETSupport / May 1, 2013 2:38 AM PDT

We are having our Product Management Team re-test CutePDF Writer.

If they find any issues, they will temporarily remove the product from our library and notify the publisher of the problem.

We appreciate your patience and apologize for any inconvenience this may have caused in the meantime.

CNET Customer Help

Collapse -
There's more.
by R. Proffitt Forum moderator / May 1, 2013 2:47 AM PDT

After Sweetpacks snuck in, it downloaded a few friends. I forwarded the screen shots to Lee Koo.

-> Sweetpacks is masquerading as a Bing search from what I can tell. At lease Web Of Trust alerted me about this as well.

Collapse -
by CNETSupport / May 1, 2013 2:55 AM PDT
In reply to: There's more.

I've added those screenshots to the bug filed for this issue.

- Jen

Collapse -
My personal thanks to cozmo50 and Bob..
by Carol~ Forum moderator / May 1, 2013 4:30 AM PDT
In reply to: search.conduit malware

My personal thanks to cozmo50 for reporting it. Added regrets for the problems encountered. Sad

And my thanks to Bob for his persistence and determination when attempting to ... "get to the bottom of it".

It's appreciated..

Collapse -
Update on the CutePDF Writer download
by CNETSupport / May 1, 2013 5:55 AM PDT
In reply to: search.conduit malware

Our Product Management Team finished re-testing this download. They were not able to duplicate the trouble reported here.

When downloading CutePDF Writer with the CNET Installer, they were able to successfully opt-out of all offers. SweetPacks in particular does have a pretty "aggressive" offer screen, where you must click "Custom Setup (Advanced User)" and uncheck the boxes that then appear, but in our tests, doing so worked and SweetPacks was not actually installed, nor were any other offers.

I do understand that some of the offer presentations can be confusing, and I apologize for the inconvenience.

Your best bet when it comes to CNET Installer Enabled downloads, as previously mentioned, is to use the Direct Download Link (located under the main "Download Now" button):

In some cases, the software publisher may include third party offers in their own installer, but all such offers should also provide an opt-out or decline option.

CNET members can turn off the CNET Installer for the site. To do so, just login to the site, mouse over your username in the top right corner of the page and click the "My profile" link, then click the "Update my preferences" link (under the "My account settings" header). You should see a pop-up window where you can select the "Off" option for the CNET Installer; do so and click the "Save Changes" button. You do need to have pop-ups and cookies enabled for this to work and for the preference to stick.

For more information on the CNET Installer, please visit the following resource:

If you run into any further problems, please feel free to contact our support team directly by filling out the form on the following page:

CNET Customer Help

Collapse -
My thanks for following up....
by cozmo50 / May 1, 2013 8:03 AM PDT

For Bob and the rest of the team... my thanks for following up with my concern. I apologize for the cynicism used in the tone of my last note, but I knew there was a problem and I was concerned with it. C/NET has been a stable and trusted site for me over many years. From a user's standpoint, when I find a trusted site I need to do whatever I can to bring this to the attention of someone who could help. Bob, your persistence is noteworthy and I'm sure you get many that "cry wolf" so I can't really blame you for initially sending me to an informational link/thread. I will wait a few days for the smoke to clear, and then try to get CutePDF again. I'm not a "flamethrower" nor a newbie to technology as I'm a retired field engineer, software development mgr, DASD manager, senior programmer, and telecommunication network design engineer, all with the IBM Corporation since 1970. I appreciate the way you stayed with this one, and with this I can certainly say my faith is being restored. I only ask this question: "Even if an individual user can opt to turn off the CNET Installer, why is it even there in the first place if it allows extraneous or even malicious software to be bundled along with a wanted app?" Again, my best regards to the team.

Collapse -
Immintent/search.conduit/whitesmoke/getsavin, etc
by SuzieJRN / May 1, 2013 2:41 PM PDT

I'm the originator of the other forum they directed you too. And I post my reply here for your review. I am one very unhappy user, and I feel your pain.....
"I understand all that you, after the fact. I realize I am not as computer savy as some folks here (I'm a flight nurse by trade, but use a laptop daily at the base, in the aircraft, etc). But in truth, I shouldn't have to click the "direct download" to void getting an unwanted adware/malware program from your site. There is obviously a problem with the CNET installer and it should be revamped or scrapped entirely. And in regards to "asking for help before I spend money", trust me I did. My entire web browser was corrupt, and I could not get on the internet to even attempt to download any malware/spyware cleaner. And my computer is still in the shop. They have tried multiple times to clean my system but keep coming up with new infections that are embedded in the system. They have told me that when a malware program embeds this deeply, that sometimes it leaves things "broken" (not a technical term I know). They are left with no other option than to save my files and wipe out my system, losing several of my embedded programs. And this is a brand new computer that I owned a total of 3 days before this happened. And yes, I do trust these folks fixing my system, they are the top rated computer repair company in my area and several of the technicians are friends. I've always trusted CNET, but no longer. Do I have some recourse against you for such malicious destructive behavior???"

Collapse -
So to really opt-out we have to use the Advanced install?
by R. Proffitt Forum moderator / May 1, 2013 8:20 AM PDT

I'll try it again later but SweetPacks didn't show up till a hour later and then it apparently installed GetSavin.

Sadly this is the first time I've seen the installer do this and I'm shocked.

Collapse -
Not only Misleading.Disrespectful !!
by vegas9798 / June 17, 2013 4:10 AM PDT

I see where this thread dates back some two and a half months so Im not feelin real optimistic about this post achieving anything .......but here goes.......I too have the unwanted toolbar and other gliches, and after reading the preceding posts ......Dont know if C Net is, or is owned by, a "Publicly Traded" company......and I'm not likely to further waste my time investigating the possibility.....but if there are stockholders ...I'd recomend SELLING !!!...and fast !!!!!!!!!!

Collapse -
I no longer use C/Net for downloads. They can't be trusted.
by IT_Guy_D / June 17, 2013 11:16 AM PDT
In reply to: search.conduit malware

1. I used to hold C/Net in the highest esteem and referred many people to their site. Now, I so distrust C/Net due to malware bundling practices that they make money from that I'll never use them again. Once again, money is king for the corporation and the customer suffers. Now I download software only from the original developer's site.
2. The search.conduit malware is so pernicious that it 1. has no uninstall applet, 2. doesn't show up in Control Panel>Programs list and 3. the uninstall feature in browsers have been disabled.
3. It would be nice if the Internet had some terms of use rules agency that could 1. kick the people behind companies like search:conduit off the web permanently and 2. could take down sites like C/Net for a month to give them time to re-think their priorities. Shame on you C/Net for such behavior and such disrespect/abuse of your users. Download bundling is a predatory practice.

Collapse -
I join the crowd -- I will no longer use C/Net for dowloads
by ibmtico / July 8, 2013 11:40 PM PDT

I have just spent around two hours cleaning up after I downloaded a couple of font tools yesterday. Nothing was apparent after I installed CFont Pro and FontFrenzy. I declined all offers other than the product itself, yet I ended up with malware. When I booted this morning, there were all these prompts for updating and loading stuff I had never heard of, and I noticed the Bing search had now been added to my search engines slot.

I have now done my last CNET download. I cannot trust this service any longer. Only thing that would make me return is a guarantee by the CNET staff that they will not allow this sort of thing and that they guarantee, through some sort of testing, the available downloads are clean of this sort of cr@p!

Collapse -
conduit removal
by lucky7m / June 23, 2013 4:24 AM PDT
In reply to: search.conduit malware

IT_Guy_D is right, the worst part is that very often Conduit is installed by a third-party application with no uninstall applet. How users are supposed to uninstall it when it doesn't show up in Control Panel? So, you either remove it manually or use AdwCleaner and Junkware removal tool. For example, I got if after downloading ImgBurn. I think popular downloads shouldn't be bundled with toolbars, etc.

Note: This post was edited by a forum moderator to remove a link that had a misleading ad on the Website that may cause people to download a program that may cause more harm than good on 06/24/2013 at 1:14 PM PT

Collapse -
Hey... give C/NET a break
by cozmo50 / July 9, 2013 2:28 AM PDT
In reply to: conduit removal

Why turn your back on a good download site when they will fix the problem if they are alerted to it? Look at the beginning of the thread and see how they did find and resolve my concern. Yes, it may take some persistence, but if you can shake them loose like I did with Mr. R. Proffitt, I saw resolution and now I see that CutePDF is not an available download anymore. This malware, like conduit, is sneaky stuff and it took them a while to determine that "sweetpacks" snuck in with my download. The only way we can keep this site clean is to report the problem and be persistent so they pay attention to it. This site is still my favorite for downloading thanks to R. Proffitt and the team when they realized I wasn't shouting "wolf". When you understand that the vast numbers of downloads are available to us here, it is no wonder to me that some garbage can be concealed into the software. Report it and stay with it and help keep this place clean.

Collapse -
Thanks for that.
by R. Proffitt Forum moderator / July 9, 2013 5:06 AM PDT

Let me explain my very first reply. At the time before you shook me out of my tree the only issue I was seeing was with the home page settings and only then if I didn't OPT OUT.

-> CNET downloader changed (most if not all moderators agree for the worse) to make it nearly impossible to avoid Sweetpacks and more.

As the landscape is ever changing and you were insistent I took another look and put it through a test run. The results were there but it wasn't clear at first just how NASTY this Sweetpacks was. That is, I did opt out at every prompt and on top of that it didn't start to show up till later.

As it stands I can't use the CNET Downloader and doubt anyone should go near it for the time being.

Collapse -
CNET is no longer a safe download site
by IT_Guy_D / July 9, 2013 9:19 AM PDT

@ cozmo50
CNET used to be amazing. They somehow went afoul in their desire for bundling money, not caring about the end user. When I complained and said that I couldn't remove a pernicious malware, they did not contact me. My complaints did not " clean this place..." CNET still bundles. I used to love CNET's Download site and have recommended it to many, but no more. They can't be trusted with malware bundling (as evidenced by ongoing new complaints). (CNET also clutters the download page with very many ads that I believe are likely to cause people to download software that they didn't intend to download.) Respectfully, I am not convinced as you are, cozmo50, that they have cleaned up their act. Now, I recommend only using the developer's download system and to go through the download process slowly and uncheck all bundled software.

Collapse -
Conduit removal
by IT_Guy_D / July 9, 2013 9:03 AM PDT
In reply to: conduit removal
@ lucky7m Thank you. Here are my conduit:search removal results:
I ran JRT first and then AdwC second.
JRT (Junkware Removal Tool) in their notepad results showed conduit removed in 13 places on my computer. They did not suggest that I reboot or have any instructions at the end of they operation.
JRT did NOT remove conduit:search from either Internet Explorer (IE) or Chrome.
JRT Uninstallable. JRT is not in Control Panel>Programs nor is it in the Start button program list nor is it in the C:\Program Files or C:\Program Files (x86) list so it cannot be deleted. This is not good at all.
(Any help in uninstalling JRT would be appreciated.)
AdwCleaner in their notepad results showed conduit removed in 6 places on my computer. At the end of their operation, they gave two categories of instructions. First they gave basic instructions about slowing down when loading and unclicking all bundled software, which I already knew, but was a good reminder and second, they said that I needed to close all programs and reboot, which I did.
AdwCleaner DID remove conduit:search from IE and Chrome.
To remove AdwCleaner, go to Downloads and Run AdwCleaner again and once it is open, it gives an uninstall option. Successful uninstall.
Conclusion: Thanks lucky7m. AdwCleaner worked.
Collapse -
Thank You.
by BreBruce / September 19, 2013 6:59 AM PDT
In reply to: Conduit removal

I only installed AdwCleaner and it easily removed Sweetpacks Search.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.