TrustToolbar included with Firewall without my consent

I downloaded the Komodo firewall last week and just ran a spysweeper scan and it has detected the Trusttoolbar. Why has it been installed and how can I remove it?

It says about it:

ADWARE Description:

Name:
TrustToolbar

Author:
Comodo Limited

Category:
Adware

Threat Assessment:
High

Description:

TrustToolbar is an adware program that targets users by surfing habits, then dynamically inserts ads into Web pages visited.

Characteristics:

TrustToolbar is an Internet browser plug-in that verifies the company identity behind a particular Web site and validates their SSL certificate. The program does track demographic information for marketing purposes, which it shares with Comodo’s partners. Comodo’s privacy policy states that this information is not personally identifiable.

Method of Infection:

TrustToolbar can be downloaded from its own Web site (www.trusttoolbar.com) or other shareware sites.

Hi,

TrustToolbar is NOT installed with CPF. What Spysweeper is detecting is a registry key that both CPF and TrustToolbar uses.

TrustToolbar was to verify sites, such as banks, and sent info about these sites to Comodo so that it could verify them as legitimate - which is why it is branded as spyware by some companies. It is also classed as a browser hijacker by some as it changes the 404 error page - the same way google toolbar does to provide more information and yet google toolbar is not branded as a hijacker?

TrustToolbar has evolved into Verification Engine (V-Engine) and works in a different way to verify sites and is not classed as spyware / adware.

Personally I don’t see TrustToolbar as spyware as it was doing the job it was intended to do and users should have been aware of this.

Mike

hey Mike

Well I don’t have the google toolbar so I can’t comment on it, but the key thing to note about the Trusttoolbar according to spysweeper is that it collects demographic information for marketing purposes, which it shares with other companies and that annoys me as I would prefer to have my life as free from being monitored as possible. I guess the information is valuable to Komodo, but I would prefer to have been notified and asked for consent rather that have it installed with one of the program updates.

That said it could be just the registry key. How can I confirm if it is a false positive or not?

Hi,

TrustToolbar won’t have been installed with one of the program updates or installing another Comodo product.
I’ve run scans with Windows Defender (Microsoft Antispyware), Spybot S&D, Ad-Aware SE, Ewido anti malware and none have detected TrustToolbar.

Does Spysweeper give any information on the location of the file detected (e.g. C:.… or HKEY.… etc) ?

Mike

Hi j mayo, does spysweeper have any way of submitting a file for testing?

All I can say is unfortunately there are many so called “anti spyware” companies who don’t analyse the code before they mark it as spyware.
1)There is no toolbar installed with CPF
2)I would challenge your anti spyware provider to prove that Trusttoolbar is spyware, you will see that they will fail. They simply check the registry entry and mark it as if you have spyware, they don’t even bother to check if you have spyware or not!
So pls write to them and ask them to outline what aspects of Trusttoolbar they find spyware! You will see that you will have no response as I know for fact that they have not even bothered to test the software.

Here is one example:

type iss trusttoolbar in google. you will get this link http://xforce.iss.net/xforce/xfdb/14544
this link was supposed to be telling you that Trusttoolbar is spyware etc. We got in touch with them. This was their response: (Attached).

As you will see upon reviewing the code, they found nothing wrong with it!
ISS is a respectable company and I applaud their professionalism in handling this. However, there are too many cowboys in the market place in the security market who are abusing the anti-spyware market by providing any old ■■■■ to end users without any proper process or analysis of code and simply stealing other people’s work and as you can see sometimes they also steal the data that was misclassified. So I would ask you to send this information along with what and how other respected anti spyware companies like ISS is now correcting their data to your antispyware provider and ask them to correct their mistakes. If they don’t correct their mistake, then you will know how much they care about you as the user and your wishes and their product as they don’t care if their product work properly or not. In that case, i would recommend you look for a decent anti spyware company, or just wait until we launch ours :wink:

thanks
Melih

[attachment deleted by admin]

To j mayo:

Never assume that your AntiSpyware is 100% accurate, Comodo Personal Firewall 2.0.0.1 has been tested safe from any sort of malware by softpedia Labs:

Well here is a link to the free trial version of Webroot Spy Sweeper, so that anyone can try it out and you can see that there are almost 16 million downloads of that version of that product from that one site with almost 400,000 every week.

http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html?tag=pop

I tried kapersky, antivir, avast, panda, mcafee, spysweeper, and adaware and only Spy Sweeper identified the trusttoolbar as an issue. When I think I am infected, I try as many antivirus/spyware scans as I can as the virus/spyware definitions of each product are incomplete, meaning the greater number of scans the better the chance of catching any nasties.

Melih perhaps you need to contact Webroot and query their product. I have to say that when I went to the trusttoolbar site mentioned in the link by spysweeper it looks like a solid security product especially with all the industry awards. The only issue is the collection of user browser activity and onselling or sharing of such information, or is that a false statement by Webroot?

If you check out that .pdf file Melih attached, you can clearly see that there is no spyware in Comodo. If ISS and Softpedia both say it’s clean and SpySweeper says otherwise, this just shows how bad SpySweeper is at actually analyzing things they declare as threats.

Hey Mike

I have attached the output of the scan.

[attachment deleted by admin]

Have you also tried arovax antispyware?

Arovax should also not be able to detect any spyware from Comodo. You can also try using Jotti and Virus Total Online scanners to see if they detect anything:

http://www.virustotal.com/en/indexx.html

and

http://virusscan.jotti.org/

We can assure you that Comodo personal Firewall has no malware in it’s software.

Yep, that is the registry entry that is being detected which belongs to Comodo firewall and TrustToolbar.
Therefore, you do not appear to have TrustToolbar installed.

Mike

It seems only SpySweeper is having this problem. I use Ewido, Ad-Aware, and Spyware Doctor for Spyware and non of them detect it.

It is a “TOTALLY FALSE AND SCANDALOUS STATEMENT BY WEBROOT SPYSPYWARE” and they should NOT be TRUSTED as they don’t analyse the files they report on!

cheers

Melih

lol Melih maybe you should contact them about this.

:slight_smile: I know… ;D

I already asked our legal guys to get in touch with them.

Melih

ok Mike but how come there were 109 traces of the package?

I looked through the registry and there were 2 sections that related to comodo that I found without difficulty:
HKEY_LOCAL_MACHINE\SOFTWARE\COMODO
HKEY_LOCAL_MACHINE\SYSTEM\SOFTWARE\COMODO

and there seems to be keys relating to the trusttoolbar with reference to comodo products not installed on the machine for example:
HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\LAUNCHPAD\NOTINSTALLEDAPPS\21

so perhaps some of these keys contributed to the 109 traces, but those keys seem like odd triggers.

That said, everytime I use panda activescan avast! thinks it is a virus, and all the alarms go off :o

The LunchPad is where you can launch your installed applications from. It also gives details of other Comodo products and services which you may also want to install. I guess it is the LaunchPad what is being detected as this is installed with Comodo products so spysweeper classes this as spyware also as it is installed with TrustToolbar.

That said, everytime I use panda activescan avast! thinks it is a virus, and all the alarms go off

The reason for avast! going off with the panda activescan is because panda’s virus definitions are not encrypted so avast! can scan them and this is what is being detected. :smiley:

Mike