On one of my posts about UltraSurf, sabz signals that UltraSurf is seen a Trojan by McAfee anti-virus. At first I thought it must be a mistake. Then, after a little bit of research, I start thinking that UltraSurf may be indeed a threat.
Here is the page from the McAfee database that describes UltraSurf as a threat:
This means that McAfee sees Ultrasurf as a trojan to your computer and try to delete it.
More info about why Ultrasurf is seen as virus/trojan/threat I found here, on ThreatExpert.com. Acording to them, Ultrasurf:
- Produces outbound traffic (on port 443)
- Opens ports in the system (1033 and 1034)
- Downloads/requests other files from Internet
On Trojaner-Board, a user has tested UltraSurf with several anti-virus tools and it seems that UltraSurf is also seen as a threat by:
- CAT-QuickHeal 10.00 - (Suspicious) – DNAScan
- F-Secure 8.0.14332.0 - Backdoor.Win32.Agent.uwi
- Kaspersky 7.0.0.125 - Backdoor.Win32.Agent.uwi
- Prevx1 V2 - Malware Downloader
Conlusion: UltraSurf is seen as Generic Backdoor by several anti-virus solutions.
To be honest, I am quite surprised about this. I am going to contact UltraReach to see what they have to say about it and I will let you know. Subscribe to my feed by email to receive updates about this issue!
What to do next
You can consider using other hide ip solutions. Here is our list of hide ip tools.
If you are confident UltraSurf is no threat to your computer and you have McAfee anti-virus installed, you should perfom the following steps everytime to you what to browse anonymously:
- Stop McAfee
- Download UltraSurf
- Start using UltraSurf
- When you are done, delete UltraSurf and start McAfee.
Also, there are anti-virus tools that allow you specify a whitelist. If this is the case for McAfee you should add UltraSurf file to the whitelist.
What do you think? Do you consider UltraSurf as a threat? Will you continue using it?
Loading ...
13 Comments
do you have anymore info on this…im trying to get it to work with mcafee right now but there seems to be no way other then turning mcafee off. then it deletes it immediatly when it comes on. even if you restore it in mcafee it deletes right away again. i cant seem to find a “white list” in the mcfee program either. so if you find out ultrasurf truly is a trojan be sure to let me know….thanks
@Joe – I’m not using McAfee so I don’t know how to add a program to the white list, but maybe this link will help you: http://forums.mcafeehelp.com/showthread.php?t=215768.
Regarding UltraSurf, I hope it’s not a trojan. I still wait an answer from UltraReach. When I know more I will let you know.
Not only McAfee, but also Avira AntiVir showing a trojan. This file is definitely infected.
AVG Free edition, also shows it as a generic backdoor agent and forces us to delete it..ultrasurf should come out with some suggestions on this.
@Gary – Yes, Gary, you are right. They should come with a solution. I have written an email to them but no answer yet. Still waiting…
Norton does not see this a a threat AVG does. I think it’s more of a false positive as your going to a VPN.
After you use the ultrasurf, try to search ultrasurf in your browser, using google, yahoo, etc. It will show blank page. Looks like a sign of virus to me, that try to block user of getting more information regarding this.
Good day!
I installed Ultrasurf on my computer.
When i use internet explorer i cant open specific sites (loading a server on evony.com stops at 7%).
When i try to load it with FireFox there isn’t any problem.
So i think Ultrasurf is only messing with my Internet Explorer.
I like IE more than FF, so i hope you can help me to get rid of UltraSurf.
So that i can go to evony using IE again.
thanks!
There is not much you can do. You could uninstall Ultrasurf and try Hotspot Shield.
I am a student studying computer games design at uni and decided to investigate Evony.com.
Just to see what some of these games are like etc. etc.
The game is actually kind of cool (found myself addicted and even spent a little money on it).
But I started to notice HUGE bandwidth use by the site as I played.
I am not the only one either, there are comments on the evony forums about this.
This is odd because all of the client info, the animations etc. are all downloaded in one big download at the start.
There is no streaming media so I began to wonder what was going on.
To cut a long story short I decided to break the law and reverse engineer Evony’s client.
Not to cheat. Not to rip them off or even to use even a scrap of the code.
But just to poke about a bit and find out what was going on, maybe even offer them some ways to improve things.
Aside from the fact that the whole thing is very poorly constructed (it is really very beginner coder level stuff. Reminds me of a lot of
what the first year students produce for assignments) it contained some very interesting information.
Included with the client are 2 peices of tracking software that monitor your web use and which applications you have open while the client is running.
These do not install independently on the machine though due to the limitations of flash and do not actually damage anything.
But they harvest massive volumes of information. My firewall was blocking a lot of outgoing transmissions and it turns out that these
were the data trying to be sent out. So they know nothing about me. lol.
However there is a LOT of data coming IN over the ports the client uses. In otherwords it is downloading something into my cache for use later.
I have bandiwdth restriction which slows these types of tricks down and I completely clear my cache every couple of hours if I am heavily using the net.
I also noticed that all the varanbles etc. are named Civony still and that there are multiple references to UMGE.
Even a couple of folders are simply called UMGE, one of these folders contains one of the spyware programs.
So I can only guess at where the data would end up if I didnt have a good firewall.
There are also commented out sections in the code which contain references to UMGE and Lam himself, though low on details.
Thank you for reading this.
Lee
hello people with questions to ultrasurf!
here’s an important warning
UltraSurf and Gtunnel and likely all products put out by the Global Internet Freedom Consortium / Internet Freedom.org, are infact secret trojans. They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER.
Imagine if someone with a sensitive US position used ultrasurf. Suddenly their military login has been compromised. Not likely? They’ve been around twice as long as tor, and this exact thing happened on tor last year (see dan egerstadt).
It gets better, any site you visit using the program, the turn off SSL cert checking so they can perform MITM and watch your entire session and logins. It is also capable of auto-updating, and spiders into your system when you install it, capturing not only IE but now Firefox and DNS and most other traffic. So everything you are doing, they have access to and may be logging and using against you.
GIFC / Internet Freedom org are a huge scam. They are likely run by by a private chinese intelligence firm to monitor dissidents and us citizens while attacking critical infrastructure in the USA and Taiwan. They have fooled everyone for nearly a decade, and are seeking a $40m grant as an internet anti-censorship software.
We have proof, wireshark logs, video, live audit, and a list of their attack patterns. Special thanks to Moxie Marlinspike for assistance.
http://janusvm.com/Ultrasurf_audit.zip
this came from a private investigation. I valuated the activity trough ultrasurf 8.6 and i can confirm my computer made strange connections to ip-adresses from heavenly protected servers. my reprogrammed netlink rooter (who scans everything and saves every file and contact going through gave me warning that i was trying to hack official servers throughout the world!!! i searched this servers and found bank names, official instances and worldwide government computers.
but not only that. i found the fake cookie I programmed back from all over the internet on servers and computers worldwide.
don’t download this stuff!!!!!!!
Any guidance on uninstalling ultrasurf?
I get ‘protected or currently in use’ when trying to delete the desktop icon, which says its an application. And a file search under ultrasurf or ultrareach turns up nothing.
The only real problem i see with it is “exit node sniffing”. Think Tor scare a while back. Realistically some malicious exit nodes could gather an enormous amount of info for taking control of your PC, i’m not sure that this is really a Trojan per se (sic). Tor is just so damned slow the powers that be have probably realized someone else is gathering all that juicy info when it could be them. There’s one for the conspiracy theorists out there.
Cheers Prawna.