Baidu Browser Reviews

Mal Behaviour

about Baidu Browser · · Helpful Not helpful

Baidu Spark has always been a bit doubtful when it comes to security.
But leaving traces on each and every folder that you visit on your harddrive, while using the program, is, if not malware-behaviour, unacceptible.

These files go with the name of 'pluginbarseq.json'.
The contents, in a text editor are like this:
{"Count":2,"ItemList":["ablohemfndppodnlegidedodkocappkk","pnpkoklbbellambkkmpkoidpnonnppli"]}

This is like examing your harddrive, and without letting you know they do.

So despite of the fact that Baidu Spark is quite fast, nice and easy to use, I'd like to find some explanation here before considering using this browser once again.

Update :
Also the browser creates (and re-creates) some folders with contents in your documents folders, which of course, is obtrusive and unacceptable as well.
Documents are private and no program should interfere without your consent.

Are you sure you didn't install anything else other than Baidu to consider it an insecure program? I've been checking out my folders for any Baidu traces, but have not found anything other than the usual location: C:\Users\Username\AppData\Roaming\Baidu

As for services in the Windows Task Manager, all I see is "spark" (sparkservice.exe) service running with about 2000-3000 memory usage. Searched for "pluginbarseq.json" for possible false-positive, but found nothing other than what installs this file, which lead to: Download Ninja build 27. This can be found here: http://www.shouldiremoveit.com/Download-Ninja-build-27-135808-program.aspx

Maybe it was something else you installed that has this behaviour in your system?

Thanks for your response.
We should not put any hard working company in a bad spot as long as nothing has been proven. And I don't have sufficient proof. Which means that I will withdraw my previous statements.

I invested the case a bit further.

  • The program being referred to as 'Ninja downloader', indeed comes (overtly) with a file 'pluginbarseq.json'. It is freeware and I have no reason to believe that it would attempt to multiply this file on your drive. But further investigation is required.

  • There is no trace of this program on my drive, in the registry or in 'Total Uninstall', which I use to install and uninstall the smallest program completely.

  • Ninja comes as an extension to chrome (and thus Baidu) as well. So a possible cause could be an incomplete uninstall of this extension. Which would clarify why none of my other browsers exhibit this behavior.

  • Still there is no trace of such an extension, nor of any file holding the phrase 'ninja' or 'plugin*.json' on my computer. (Except for the generated file 'pluginbarseq.json' which shows up sporadically, in any kind of folder, after having used Baidu Spark.)

  • Putting 'program files'-kinda files or directories in the my documents folder, to me is illegal behavior. Baidu still writes and rewrites a 'Baidu' folder in my documents (personal as well as public documents) that clearly has no beneficial intentions to the user. It there keeps a file called 'conf.db'. The contents of this file look like this:
    ...
    [config4]
    config11=7fd724b959ec1debfb21fbe0ba508326
    ...

The length of this variable is the same as in pluginbarseg.json:
'ablohemfndppodnlegidedodkocappkk'

  • So after all I still deem the the browser to exhibit suspicious behavior. But I will surely let you know when I've been able to trace back the origin of pluginbarseq.json more definitively.

Greetings,
Erqo

Reply