Spigot - homepage to yahoo redirect malware

[scmesser]

I am very happy with Malwarebytes.  However, I encountered a problem with spigot which has been around for a number of years.  I would think that Malwarebytes would either 1) have their support staff prepared with a ready protocol to clean the problem, or 2) prevent the problem outright!

 

Fortunately, a Forum expert helped me over two days, working through the weekend (many of us do work weekends) to clean spigot from my computer for "free" though I provided a donation, while 2) your tech support made a few attempts, apparently only recognizing what the problem was after some initial scans (though I provided that info upfront).

 

Clean this sort of problem up either proactively or as "viruses" do they will adapt and change making that difficult or impossible, so be prepared by keeping abreast and ensuring your Tech support have efficient protocols ready to know these toxins out.

 

Keep up the overall outstanding work!

[daledoc1]

Hi, scmesser:
 
Until the staff arrive to formally address your concerns...
 
I am sorry to hear of your frustration with a recent malware infection and with the removal process.
 
A couple of thoughts:
 
1) No one single security program, even MBAM PRO (or the MEE your university runs), can possibly protect 100% of users 100% of the time from 100% of the ever-changing threats in today's computing world - safe computing practices & counter-measures by the user (and by your IT department) are essential, as well.
 
2) MBAM Engineers work 24/7/365 to update the malware definitions 10 or more times per day to stay abreast of zero-hour and zero-day threats.  But today's malware changes rapidly -- the name of a particular infection (or the fact that it has been in the wild for some time) doesn't mean that new variants aren't being circulated at any time.  So, "spigot" (or any other malware) could really represent 100s of ever-changing variants. A removal process that worked "yesterday" for "spigot" might be ineffective today, despite the same name of the infection.
 
3) Some of today's malware is very good at hiding, disabling and damaging the computer (and its OS) and creating difficulties for removal.  Moreover systems infected by one type of malware/adware/junkware may also harbor other infections -- the precise steps to find, remove and repair damage from this malware is a tedious and time-consuming process.  Different scans and tools must be run in the correct sequence. And diagnosis and removal must be customized & tailored for each individual machine.  As such,"boilerplate" or "ready-made" protocols would be inappropriate, because a fix for one system could damage another.   This is especially true as new malware variants become prevalent. This custom removal process is the norm not only here, but at all of the major computer disinfection forums.
 
4) The expert helpers in the malware removal section of the forum are mostly VOLUNTEERS who freely provide their time and expertise to users (mostly home users with personal computers) needing help with malware removal.  This necessitates a bit of trust and cooperation with the user.  If the user chooses to seek simultaneous outside help from other sources, it can lead to confusion for all parties & a waste of precious forum resources.  It could also potentially lead to failure to properly remove the malware and even to system damage.  That's why the one user-one helper policy is the norm here and elsewhere.
 
Anyway, I am just a home user and forum volunteer. 
So my input here does NOT in any way reflect the official company feedback or policy.

Our forum Admin explains all of this much better than I can here: The complexity of finding, preventing, and cleanup from malware
 

I'm sure the staff and forum experts will have some additional feedback.

 

Thanks very much for your time and consideration,

 

daledoc1

[John L. Galt]

As another home user and tester of MBAM, you also have to realize that technically Spigot / Conduit are classified as PUPs (Potentially Unwanted Programs) as opposed to malware outright - and therein lies the distinction.  Unless PUP detection is enabled and active, it won' be blocked.  And even if PUP detection is enabled, well, as daledoc stated, 100% effectiveness is a goal that has nto been reached, precisely because of your own reasoning:

 

 

...they will adapt and change making that difficult or impossible....

 

Now, personally, I'm with you - Spigot aka Conduit is pure malware IMO - but, the general consensus is that it is PUP not outright Malware.

 

Kudos to the staff here in getting you all fixed up over a weekend - these fine folks work non stop and deserve the kudos and more.

[daledoc1]

Thanks for that important clarification, @John L. Galt.

 

I ought to have included this informative pinned topic in my earlier reply: What are the 'PUP' detections, are they threats, and should they be deleted?

 

daledoc1

[John L. Galt]

Glad to have helped - and thanks for the link for future reference