Hi,
The GOTD from 2/2/2010 YouTube MP3 Converter contains add-ons and/or other code which hijack the Internet Explorer and FireFox browser homepage to http://www.googlebreak.com/?CID=3&PID=STV and search engine to googlebreak.com.
I don't know if this was missed during GOTD testing?
Or if this is to be accepted as part of the GOTD deal?
Personally I don't think it is acceptable and this event made us think twice about GOTD downloads.
Setting the browser back to your own personal preference is only temporary as it will be changed back to googlebreak.com in no time.
Uninstalling the program does not resolve the issue as the uninstaller does not remove the secretly installed add-ons that the user did not authorize.
Users need to uninstall the program and manually remove the add-ons in both browsers.
( I guess it may be possible to use the app without the browser add-on, but who wants to trust that option? )
I submitted the download to a couple security sites to have it checked out, as it wasn't flagged (yet) during any scan.
From MBAM I learned that the googlebreak hijacking is also caused by other products:
"Hijacked page comes from one of this tool: downloadbreak, freevideodownloader, freeyoutubevideodownloader, googlebreak, pornhubdownloader, ... or porn-stream downloaders from the same corp.'
See: http://forums.malwarebytes.org/index.php?showtopic=39422
The googlebreak in our case absolutely came with the YouTube MP3 Converter GOTD special as we don't have any of the other apps downloaded and the issue started that day. It is also mentioned here: http://support.mozilla.com/no/forum/1/579315
I hope this information may help other users and GOTD will consider removing any of those offending apps, if linked by GOTD, and will banning whoever is behind these apps from future GOTD specials for the hours of aggravation, troubleshooting etc it causes for unsuspecting users who believe GOTD offers are tested malware, spyware, ...-ware free.