{"id":1538,"date":"2014-08-25T09:37:57","date_gmt":"2014-08-25T09:37:57","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=1538"},"modified":"2018-05-29T12:02:46","modified_gmt":"2018-05-29T12:02:46","slug":"orbiter-orbtr-sppd-sys-searchprotect-clientconnect-ltd","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/orbiter-orbtr-sppd-sys-searchprotect-clientconnect-ltd\/","title":{"rendered":"Orbiter, ORBTR, SPPD.sys and SearchProtect by ClientConnect LTD."},"content":{"rendered":"<p>I was playing around with a download this morning to see if it bundled some software. When running the installer\u00a0&#8220;<strong>Search Protect by Conduit<\/strong>&#8221; was offered. The installer also displayed a few links &#8211; as shown in the screenshot below &#8211; to learn more about the <strong>SearchProtect<\/strong> software and to the EULA and the privacy policy, but for some unknown reason, no browser popped up when clicking the links.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/Conduit-Search-Protect.png\"><img loading=\"lazy\" class=\"alignnone size-full wp-image-1539\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/Conduit-Search-Protect.png\" alt=\"Conduit Search Protect\" width=\"494\" height=\"231\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/Conduit-Search-Protect.png 494w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/Conduit-Search-Protect-300x140.png 300w\" sizes=\"(max-width: 494px) 100vw, 494px\" \/><\/a><\/p>\n<p>Search Protect is designed to change search settings in Firefox, Chrome and Internet Explorer to <strong>trovi.com<\/strong> and pop up a notification window when these settings are changed.<\/p>\n<p>Since I more or less on a daily basis look on what&#8217;s being bundled with various downloads, I&#8217;m used to see Search Protect, but this was a new variant that I had not seen before. It also installed something called <strong>Orbiter<\/strong> in &#8220;<strong>c:\\Program Files (x86)\\ORBTR<\/strong>&#8221; or &#8220;<strong>c:\\Program Files\\ORBTR&#8221;. <\/strong>The files were\u00a0named\u00a0<a href=\"http:\/\/www.freefixer.com\/library\/file\/orbiter.dll-138526\/\">Orbiter.dll<\/a> and <a href=\"http:\/\/www.freefixer.com\/library\/file\/Orbt.ext-138524\/\">Orbt.ext<\/a>. A new driver name <a href=\"http:\/\/www.freefixer.com\/library\/file\/SPPD.sys-138527\/\">SPPD.sys<\/a> also appeared on the hard drive located in &#8220;<strong>c:\\Windows\\System32\\drivers<\/strong>&#8220;. All these files were digitally signed by\u00a0<strong>ClientConnect LTD<\/strong>.<\/p>\n<p>I was curious to see if the anti-virus programs over at VirusTotal detected the orbiter.dll file, and some of them did. As shown in the screenshot, 10 of the 55 anti-virus scanners detected the orbiter.dll file, under various detection names, such as <strong>PUP.Optional.Conduit.A<\/strong> and <strong>Adware.Orbiter<\/strong>.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter.dll-virustotal-report.png\"><img loading=\"lazy\" class=\"alignnone wp-image-1540 size-full\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter.dll-virustotal-report.png\" alt=\"orbiter.dll virustotal report\" width=\"827\" height=\"568\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter.dll-virustotal-report.png 827w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter.dll-virustotal-report-300x206.png 300w\" sizes=\"(max-width: 827px) 100vw, 827px\" \/><\/a><\/p>\n<p>If you&#8217;d like to remove SearchProtect and Orbiter, you can do so from the Add\/Remove programs dialog, by right-clicking on the\u00a0Search Protect icon and selecting Uninstall. This also uninstalled the\u00a0Orbiter software.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter-and-search-protect-uninstall.png\"><img loading=\"lazy\" class=\"alignnone size-full wp-image-1542\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter-and-search-protect-uninstall.png\" alt=\"orbiter and search protect uninstall\" width=\"656\" height=\"210\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter-and-search-protect-uninstall.png 656w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/08\/orbiter-and-search-protect-uninstall-300x96.png 300w\" sizes=\"(max-width: 656px) 100vw, 656px\" \/><\/a><\/p>\n<p>Did you also get SearchProtect and\u00a0Orbiter on your machine? Any idea how it was installed? Did the uninstaller work successfully?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was playing around with a download this morning to see if it bundled some software. When running the installer\u00a0&#8220;Search Protect by Conduit&#8221; was offered. The installer also displayed a few links &#8211; as shown in the screenshot below &#8211; to learn more about the SearchProtect software and to the EULA and the privacy policy, &hellip; <a href=\"https:\/\/www.freefixer.com\/b\/orbiter-orbtr-sppd-sys-searchprotect-clientconnect-ltd\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Orbiter, ORBTR, SPPD.sys and SearchProtect by ClientConnect LTD.<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[151,149,22,150],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1538"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=1538"}],"version-history":[{"count":2,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1538\/revisions"}],"predecessor-version":[{"id":1543,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/1538\/revisions\/1543"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=1538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=1538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=1538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}