VB or Visual Bee Malicious Tool Bar - How to Remove Safely

Having done the usual searches on Google. One of my laptops
has picked up the VB or Visual Bee Toolbar. Courtesy of my son
downloading "SlenderMan" game online.

The toolbar behaves exactly like the Babylon Toolbar.
But I have not found removal instructions that are specific.

My search so far. (Since there is very little on Google)

I found another User here who has the same problem:
http://www.soduoduo.com/read-20130102211850AAtWlII.html
which lead to an answer here:
http://answers.yahoo.com/question/index;_ylt=AhvXRAM9iiouyZsTjV6H3Kzsy6IX;_ylv=3?qid=20130102183607AAEfA2E

They recommended AdwCleaner -which lead me to your forum!
Could someone at BleepingComputer confirm if your program can clean the problem?

Thanks
Searchengineman

I would just the run the program because I have used that program and it works well and has never caused any problems in the past.

Success AdwCleaner.exe removed VB Toolbar or Visual Bee Toolbar
don't let the Toolbar name fool you this is the Conduit Toolbar Malware version
obviously repackaged.

If someone more technical at bleepingcomputer.com can verify, but I think I am correct

I am unsure if it was the slenderman game that caused the infection on my machine.
I have a sneaking suspicion this was FB or Skype related.
I noticed a file entry in the history of firefox:

The Skype file downloaded from Face book was FacebookVideoCallSetup_v1.2.205.0.exe - could be malware.
I don't know enough about facebook if this app_id=209845035304 may be related the cause.


So I dug....

This is the mysterious link I found: I've "xx" the prefix - so no one links accidentally (DONT INSTALL THIS)
ht"xx"tps://www.facebook.com/dialog/permissions.request?app_id=209845035304&display=popup&next=http%3A%2F%2Fsocial.conduit.com%2FFacebookLanding.aspx&response_type=code&perms=user_events%2Cread_stream%2Cread_requests%2Cread_mailbox%2Cuser_photos%2Cfriends_photos%2Cpublish_stream%2Coffline_access%2Cstatus_update%2Cuser_about_me%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_groups%2Cuser_interests%2Cuser_likes%2Cuser_website%2Cfriends_birthday%2Cmanage_notifications&fbconnect=1


Did a search on Google
Verified -a google search for conduit app 209845035304 malware?
https://www.google.com/#hl=en&sugexp=les%3B&gs_rn=1&gs_ri=hp&cp=33&gs_id=6&xhr=t&q=conduit+app+209845035304+malware&pf=p&tbo=d&output=search&sclient=psy-ab&oq=conduit+app+209845035304+malware%3F&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&bvm=bv.1357700187,d.aWM&fp=361a3ff283e7c7f6&biw=1366&bih=642


DONT INSTALL THIS
Here is a link to the culprit - Why does Facebook allow Malware?? You can read the Hate on this page.
https://lt-lt.facebook.com/conduit?id=209845035304&v=app_6261817190&s=440&filter=2
can somebody please shut this down!


Here is the log file for AdwCleaner.exe if anyone else who gets this.
hopefully Google will index this helping anyone else infected with this problem.
thank you bleepingcomputers.com!


Searchengineman

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 18:29:27
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Eli Ezra - ELIEZRAHP
# Boot Mode : Normal
# Running from : C:\Users\Eli Ezra\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Eli Ezra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iBryte
Folder Deleted : C:\Program Files (x86)\search results toolbar
Folder Deleted : C:\Users\Eli Ezra\AppData\Local\Conduit
Folder Deleted : C:\Users\Eli Ezra\AppData\Local\Ilivid
Folder Deleted : C:\Users\Eli Ezra\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eli Ezra\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\ELIEZR~1\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN31211991619779326&ctid=CT3268494 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-GB)

File : C:\Users\Eli Ezra\AppData\Roaming\Mozilla\Firefox\Profiles\f7r3ihr3.default\prefs.js

Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Eli Ezra\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48"[...]
Deleted [l.1751] : homepage = "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48",
Deleted [l.2131] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [4485 octets] - [10/01/2013 18:28:08]
AdwCleaner[S1].txt - [4401 octets] - [10/01/2013 18:29:27]

########## EOF - C:\AdwCleaner[S1].txt - [4461 octets] ##########

Thanks for the update. I suggest you also run .....

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

This site was a lifesaver. My google chrome got hijacked by this vb thing. the Adwcleaner.exe totally worked.

Hi.

My computer was infected with Visual Bee and Conduit (both of them appeared together on my Control Panel) just a little while ago. Apparently, the infection happened as I was installing and running either Adblock or AdAware which I downloaded straight from the CNet.com website (I suspect AdBlock being the likely culprit). I installed AdwCleaner from this site and it appears to have worked.

Having to deal with Visual Bee and Conduit was extremely annoying. It made web browsing virtually impossible, including IE, Firefox and Chrome crashing every 8-10 minutes and pop ups and other annoyances making it extremely frustrating. Attempting to remove either program through the Control Panel simply causes Control Panel to crash. Even though I've appeared to have cleaned it out I'm still having trouble restoring my original presets and preferences. I don't know how it could be associated with AdAware, Adblock and CNet but it's been a big enough issue with me that I would like to warn you about this issue.

Hello there appears to be some infection issues with CNET...exe a variant of Win32/CNETInstaller.A application

Run ADW Cleaner and ESET,


ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

I finished running ESET and it did not find anything.

How about ADWcleaner

My laptop just got hijacked by VB and a bunch of other coupon toolbars and programs. I think it came with the installation package for "Free PDF to SWF Converter" from CNET. I flagged it but I'm pretty disappointed that CNET could let this happen. Very bad for my trust of CNET. ADWcleaner seems to have had no effect on it even after remove/reboot.

Actually I think  AdwCleaner did the trick. The toolbar and installed programs are gone. I just had to manually remove the VB search homepage from chrome's list of startup tabs. Fingers crossed.

I just followed the directions from first post above and was finally able to remove/unistall Visual Bee. :

 

I  followed this:

 

http://www.bleepingcomputer.com/download…

Open adwcleaner, click on search. A log will display when it's finished. After reading, close log, and click on the delete button, you will be asked to restart your computer, do so.
Open adwcleaner again, and click the uninstall button to remove it from computer.   

 

 

 

I got it downloading Picasa from CNET

 

Do you think I need to do something with ESET??

 

THANK YOU FOR THIS SITE MY NEW BEST FRIENDS!!!!

Please download AdwCleaner by Xplode onto your desktop.

 

________________________________________________________

 

I went this route and it seems to have gotten rid of the VB Toolbar (Conduit). 

 

I updated my Java and Skype and when I rebooted the VB Toolbar was there. I'm pretty sure it came with the Skype update. After AdwCleaner and rebooting the VB Toolbar was gone.

 

Glad it's gone. Thanks for your help.

 

grinningdog

@grinningdog

 

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

 

Junkware Removal Tool
  Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.