Eset always blocks some Facebook address

Discussion in 'ESET Smart Security' started by Neron, Aug 4, 2011.

Thread Status:
Not open for further replies.
  1. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Hi,
    I have a strange problem from yesterday. Every time I open a new window or a tab in IE, I get an allert from ESS that it blocks URL facebook.conduitapps.com/componet.html?mo...
    IP 94.127.76.180:80.
    It happens only with IE, not with Firefox or Chrome, only opening a new tab or window, not when surfing in an already open window. I deleted history, restarted the computer and the modem (to change my IP) but the problem persists. I tried to google it but found the same problem only in an italian forum with no replies yet.
    Any idea what could cause the problem and how could it be solved?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    A screenshot of the alert might shed more light.
     
  3. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Here it is (russian, sorry)

    P.S. Hmm, now the allert appeared about 10 times without any activity of me, so not only oppening the browser
    I tried to navigate to xttp://facebook.conduitapps.com too and ESS doesn't let me, is that site really dangerous?
     

    Attached Files:

    Last edited by a moderator: Aug 4, 2011
  4. Nateb74

    Nateb74 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    2
    The same here. Allthough mine is in english...
    How do I get rid of this??
     

    Attached Files:

  5. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Finally I'm not the only one. Meanwhile I got some idea. I have a toolbar in my IE (but not in Firefox and Chrome) that includes that facebook application. Do you have a similar toolbar, Nateb74? Probably when I open a new window it tries to connect fo facebook and ESS blocks it. But is that application really dangedous, can it cause any harm?
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  7. Nateb74

    Nateb74 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    2
    I'm using Firefox though.
    In my logic it works like this: there's something that reacts whenever I start firefox or switch to another website. Everytime it tries to connect to this website but logically Eset block this. Now, I believe the worst thing you can do is to turn off/uninstll eset because you're fed up with it. That's exactly the purpose I believe, but then offcourse you open the gate completely...
    Neverheless any help on how to solve this would be great...
    @Cudni: might be an option but I think this will take a very long time and probably without a solution....
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No need to completely uninstall ESET, in the meantime while ESET looks at it you could just disable the web module and that way you should get access to the site. (at your own risk of course)
     
  10. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Have you guys updated to VSD 6351? If you haven't, then do that and try to access the site again.
     
  11. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Natib74,if my guess is right, there is no matter what browser do you use, the question is if it has a toolbar, add-ons or something including facebook application or not. I disabled mine and as if it's fixed - the allert appears only if I try to navigate to some site beging with facebook.conduitapps.com.
    Cudni, but what should I send, the URL that is blocked? I may try that too but also thought that I'll find the answer here faster
    SweX, yes, it's updated but still blocks the site, can anyone open xttp://facebook.conduitapps.com/ having ESS?
     
    Last edited by a moderator: Aug 4, 2011
  12. Jjh7201998

    Jjh7201998 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    6
    I know whats causing it

    Theres a toolbar called "Conduit Engine."
    You end up downloading it because its linked will other installations of applications/programs. I downloaded it because it wouldn't let me finish the installation of a program without downloading this virus. I tried to uninstall it once I got the program I needed, it said it was successfully removed from your computer. But its not. Conduit Engine is trying to bring you to a website where I assume you will get spammed with more viruses if you didn't have ESET.

    Anyone have any idea how to remove it from my computer other then using "Programs and Features?"
     
  13. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    As Cudni said if it is a false-positive it will get fixed faster if you report it to ESET by these instructions than just posting it here on the forum.

    Edit: seems that it may not be an FP after all according to Jjh7201998
     
    Last edited: Aug 4, 2011
  14. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    exactly
     
  15. Jjh7201998

    Jjh7201998 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    6
    I ended up removing it from my computer and the ESET ALERT doesn't show up anymore.

    If your using Windows 7 on your keyboard press <START> search for <Programs and Features> open it, find "Conduit Engine" right click it and go to uninstall.

    You might need to do it twice like I did, that sucker was holding on for dear life.

    PS- You might not think that you have the toolbar but its hidden if you don't download any apps for it.
     
  16. Jjh7201998

    Jjh7201998 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    6
    EDIT: The ESET ALERT still comes up now, for some reason it didn't for a couple of minutes when I removed it. What could be causing this problem now? I presume you scan with your two best virus scanners and see what the problem is.

    PS- I apoligise for my false recursion, I thought I figured it out.
     
  17. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Hmm, but in my case it's an italian Toolbar-radio I have used for years (wanted to watch some italian TV) and never had problems. Meanwhile I changed 3-4 antivirus programs and no one found problems. Actually I don't need it so much, could try to remove it but still not convinced it's guilty. Moreover if it's only the toolbar, why ESS doesn't allow me to navigate to that site even from my browsers (even these that haven't the toolbar). Obviously Eset think for some reason that the same site is dangerous, but isn't that an official facebook site and application, could it be really infected?
     
  18. Jjh7201998

    Jjh7201998 Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    6
    Maybe ESET is detecting it as a virus because you get to watch movies and TV shows for free, which is illegal. But not illegal to watch.
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    @Neron

    You could upload the "italian toolbar-radio" to Virustotal.com to see if ESET is the only vendor that detects it.

    Also what is it detected as? Malware, Potentially unwanted application, Potentially unsafe application etc...?
     
  20. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    @SweX, What exactctly could I send? All files in the toolbar folder? Is there any guarantee that the virus is inside? And Eset doesn't find anything either. It just blocks the access - when I open a new window of IE it shows the small message above, if I try to navigate to the site from my browser it blocks the access and shows a message that the website is blocked because it's in the list of sites with potentially dangerous content. As I explained above, I think it's not the exact toolbat, it is its attempt to connect to a site that Eset consider dangerous that causes the problem.
    P.S. My bad, only now I saw that you can check URL too, well I did (and someone else has done it before me today) - 2 vendors returned an error, rest 14 said - clean (Eset is not there)
     
    Last edited: Aug 4, 2011
  21. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Nevermind. Post the MD5 of the executable here, instead of uploading it. :)
     
  22. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    There are 2 identical executable files (helper and helper1) and I checked them just in case, no one vendor found anything but still here is MD5(the same for both)
    a320df2b47cfcaf98d06eb59cd72084c
     
  23. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I just made a search on BrightCloud.com on the URL facebook.conduitapps.com
    And the result is...
     
  24. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    That MD5 points me to Hotspot Shield, wich is afaik not a toolbar. :)
     
    Last edited: Aug 4, 2011
  25. Neron

    Neron Registered Member

    Joined:
    Aug 4, 2011
    Posts:
    13
    Thanks, I made it too, they found nothing but still think there is moderate risk. It seems overprotective but probably they have their reasons and Eset isn't the only 1. Well I think that proves that not the toolbar or anything on my computer but the site is suspecting, I'll find a solution
     
    Last edited: Aug 4, 2011
Thread Status:
Not open for further replies.