Sunday, February 13, 2011

February 13, 2011
I'm sure many have heard of the program called "Trillian".
It's an Instant Messenger interface which supports the MSN, yahoo, icq, skype and a number of other protocols.

It's always had a fairly good reputation as far as I was aware, but it turns out they recently took up a deal with "OpenCandy". As part of this deal, they are now distributing Trillian with the OpenCandy32 Adware.

Also known as: "Adware:Win32/OpenCandy"

Or that is what MSE detects it as.
Basically, it's a piece of software that comes along with the Trillian installer, that delivers unwanted advertisements in places you will not want it to be delivering them to. And, you won't even get a choice about installing the stuff.

Basically, trillian and it's distributor are done and dead for as far as I'm concerned. Perhaps you've heard of the company called "Gator", which used to do the same with the software called GetRight? Well, this joke will kill Trillian as surely as gator killed GetRight.


I'll just stick with Pidgin for now.


smw said...

Hi! The OpenCandy offer only comes during installation of Trillian. There are no advertisements shown during Trillian's normal operations, and you can decline the offer during install and never see it again.

If you're already using Trillian, you definitely won't see anything further from our installer's optional offers. This is not something that randomly pops up advertisements on your computer, just a normal installation bundle offer.

We will look into why OpenCandy was marked as Adware too. Thanks!

Anonymous said...

The Adware was just detected on my computer and I was totally clean 2 days ago.

OpenCandy was installed into my IZarc 4.1.2 and ProXPN exe files, and those files have been checked and rechecked 100 times each.

This is definitely the end of Trillion! Thank you MSE for this important update!

bbr said...

The adware is contained in the package, so MSE will detect it.
And on most installers, it's selected as "on" by default, so people will install it if they click next next next too quickly. Which is what most people do.

Regardless if its possible to disable, Adware is filthy software that should not have even been in the package in the first place.

tomfin said...

MSE detects the dormant leftover OCSetupHlp.dll file in my temporary files folder as AdWare, then detects the saved Trillian 5 installer as same.

It's hard to recommend Trillian to friends when it's flagged as a malware risk by Windows Defender.

You can unplug your network cable/internet connection while installing Trillian 5, that at least ensures the OpenCandy component is unable to fetch an advert during the install process. Then find and delete the OCSetupHlp.dll before reconnecting.

I'm mostly concerned that the ad is delivered by Opencandy while running in an administrator context (you allowed UAC to run the Trillian installer with full rights). I don't really want that to happen because I only auth'd Trillian to run, not some random piece of code pulled from the net on the fly.

Let's just see how it goes... Either Cerulean will pull the OpenCandy component from the Trillian 5 installer or MSE will declare it a false positive (assuming OpenCandy is as benign as their website indicates). Unfortunately, secret option number three is abandoning Trillian 5 and returning to v4, no longer recommending it to virtually everyone I meet. :(

Of course, this is all coming to serious light now because MSE just recently began detecting it - Trillian's installer contained Opencandy since last November.

Fun times!

Anonymous said...

There IS NO CHOICE given by the Trillian installer (I blocked the dodgy software from connecting to the internet, so maybe it didn't display the section offering to install, or opt-out properly, but why is anything connecting to the internet BEFORE asking, anyway?!)
No thanks, back to non-bloatware for me, it is.

Anonymous said...

Run setup with /NOCANDY option like this:

C:\setup.exe /NOCANDY