Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VB or Visual Bee Malicious Tool Bar - How to Remove Safely


  • This topic is locked This topic is locked
29 replies to this topic

#1 searchengineman

searchengineman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 10 January 2013 - 02:49 PM

Having done the usual searches on Google. One of my laptops
has picked up the VB or Visual Bee Toolbar. Courtesy of my son
downloading "SlenderMan" game online.

The toolbar behaves exactly like the Babylon Toolbar.
But I have not found removal instructions that are specific.

My search so far. (Since there is very little on Google)

I found another User here who has the same problem:
http://www.soduoduo.com/read-20130102211850AAtWlII.html
which lead to an answer here:
http://answers.yahoo.com/question/index;_ylt=AhvXRAM9iiouyZsTjV6H3Kzsy6IX;_ylv=3?qid=20130102183607AAEfA2E

They recommended AdwCleaner -which lead me to your forum!
Could someone at BleepingComputer confirm if your program can clean the problem?

Thanks
Searchengineman

BC AdBot (Login to Remove)

 


#2 Rich W

Rich W

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 10 January 2013 - 03:02 PM

I would just the run the program because I have used that program and it works well and has never caused any problems in the past.

#3 searchengineman

searchengineman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 10 January 2013 - 07:29 PM

Success AdwCleaner.exe removed VB Toolbar or Visual Bee Toolbar
don't let the Toolbar name fool you this is the Conduit Toolbar Malware version
obviously repackaged.

If someone more technical at bleepingcomputer.com can verify, but I think I am correct

I am unsure if it was the slenderman game that caused the infection on my machine.
I have a sneaking suspicion this was FB or Skype related.
I noticed a file entry in the history of firefox:

The Skype file downloaded from Face book was FacebookVideoCallSetup_v1.2.205.0.exe - could be malware.
I don't know enough about facebook if this app_id=209845035304 may be related the cause.


So I dug....

This is the mysterious link I found: I've "xx" the prefix - so no one links accidentally (DONT INSTALL THIS)
ht"xx"tps://www.facebook.com/dialog/permissions.request?app_id=209845035304&display=popup&next=http%3A%2F%2Fsocial.conduit.com%2FFacebookLanding.aspx&response_type=code&perms=user_events%2Cread_stream%2Cread_requests%2Cread_mailbox%2Cuser_photos%2Cfriends_photos%2Cpublish_stream%2Coffline_access%2Cstatus_update%2Cuser_about_me%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_groups%2Cuser_interests%2Cuser_likes%2Cuser_website%2Cfriends_birthday%2Cmanage_notifications&fbconnect=1


Did a search on Google

Verified -a google search for conduit app 209845035304 malware?
https://www.google.com/#hl=en&sugexp=les%3B&gs_rn=1&gs_ri=hp&cp=33&gs_id=6&xhr=t&q=conduit+app+209845035304+malware&pf=p&tbo=d&output=search&sclient=psy-ab&oq=conduit+app+209845035304+malware%3F&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&bvm=bv.1357700187,d.aWM&fp=361a3ff283e7c7f6&biw=1366&bih=642


DONT INSTALL THIS
Here is a link to the culprit - Why does Facebook allow Malware?? You can read the Hate on this page.
https://lt-lt.facebook.com/conduit?id=209845035304&v=app_6261817190&s=440&filter=2
can somebody please shut this down!


Here is the log file for AdwCleaner.exe if anyone else who gets this.
hopefully Google will index this helping anyone else infected with this problem.
thank you bleepingcomputers.com!


Searchengineman

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 18:29:27
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Eli Ezra - ELIEZRAHP
# Boot Mode : Normal
# Running from : C:\Users\Eli Ezra\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Eli Ezra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\iBryte
Folder Deleted : C:\Program Files (x86)\search results toolbar
Folder Deleted : C:\Users\Eli Ezra\AppData\Local\Conduit
Folder Deleted : C:\Users\Eli Ezra\AppData\Local\Ilivid
Folder Deleted : C:\Users\Eli Ezra\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eli Ezra\AppData\LocalLow\iBryte
Folder Deleted : C:\Users\ELIEZR~1\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN31211991619779326&ctid=CT3268494 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-GB)

File : C:\Users\Eli Ezra\AppData\Roaming\Mozilla\Firefox\Profiles\f7r3ihr3.default\prefs.js

Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Eli Ezra\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48"[...]
Deleted [l.1751] : homepage = "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48",
Deleted [l.2131] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3268494&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [4485 octets] - [10/01/2013 18:28:08]
AdwCleaner[S1].txt - [4401 octets] - [10/01/2013 18:29:27]

########## EOF - C:\AdwCleaner[S1].txt - [4461 octets] ##########

Edited by searchengineman, 10 January 2013 - 07:53 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,069 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 11 January 2013 - 08:46 PM

Thanks for the update. I suggest you also run .....

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 WTBG

WTBG

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 13 January 2013 - 11:47 AM

This site was a lifesaver. My google chrome got hijacked by this vb thing. the Adwcleaner.exe totally worked.

#6 VBConduitAnnoyance

VBConduitAnnoyance

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 February 2013 - 12:30 PM

Hi.

My computer was infected with Visual Bee and Conduit (both of them appeared together on my Control Panel) just a little while ago. Apparently, the infection happened as I was installing and running either Adblock or AdAware which I downloaded straight from the CNet.com website (I suspect AdBlock being the likely culprit). I installed AdwCleaner from this site and it appears to have worked.

Having to deal with Visual Bee and Conduit was extremely annoying. It made web browsing virtually impossible, including IE, Firefox and Chrome crashing every 8-10 minutes and pop ups and other annoyances making it extremely frustrating. Attempting to remove either program through the Control Panel simply causes Control Panel to crash. Even though I've appeared to have cleaned it out I'm still having trouble restoring my original presets and preferences. I don't know how it could be associated with AdAware, Adblock and CNet but it's been a big enough issue with me that I would like to warn you about this issue.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,069 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 04 February 2013 - 01:01 PM

Hello there appears to be some infection issues with CNET...exe a variant of Win32/CNETInstaller.A application

Run ADW Cleaner and ESET,


ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#8 VBConduitAnnoyance

VBConduitAnnoyance

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 05 February 2013 - 05:31 PM

I finished running ESET and it did not find anything.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,069 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 06 February 2013 - 08:19 PM

How about ADWcleaner
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#10 alphabravo

alphabravo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2013 - 03:02 PM

My laptop just got hijacked by VB and a bunch of other coupon toolbars and programs. I think it came with the installation package for "Free PDF to SWF Converter" from CNET. I flagged it but I'm pretty disappointed that CNET could let this happen. Very bad for my trust of CNET. ADWcleaner seems to have had no effect on it even after remove/reboot.



#11 alphabravo

alphabravo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2013 - 03:16 PM

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 13:05:16
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : c.banbury - JANDB3-PC
# Boot Mode : Normal
# Running from : C:\Users\c.banbury\Downloads\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Users\c.banbury\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\c.banbury\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Users\c.banbury\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoealncnigkgnfjlfakeadlamcmldmka
Folder Deleted : C:\Users\c.banbury\AppData\LocalLow\Conduit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hoealncnigkgnfjlfakeadlamcmldmka
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hoealncnigkgnfjlfakeadlamcmldmka
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
File : C:\Users\c.banbury\AppData\Roaming\Mozilla\Firefox\Profiles\ld1mpivy.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\administrator.JANDB-AB-NORTH\AppData\Roaming\Mozilla\Firefox\Profiles\3cui2fc0.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\c.banbury\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxps://www.google.com/calendar[...]
Deleted [l.2589] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxps://www.google.com/calendar", [...]
 
*************************
 
AdwCleaner[R1].txt - [11754 octets] - [08/02/2013 11:29:24]
AdwCleaner[R2].txt - [2449 octets] - [08/02/2013 13:04:18]
AdwCleaner[S1].txt - [11749 octets] - [08/02/2013 11:29:45]
AdwCleaner[S2].txt - [2188 octets] - [08/02/2013 13:05:16]
 
########## EOF - C:\AdwCleaner[S2].txt - [2248 octets] ##########


#12 alphabravo

alphabravo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2013 - 03:33 PM

Actually I think  AdwCleaner did the trick. The toolbar and installed programs are gone. I just had to manually remove the VB search homepage from chrome's list of startup tabs. Fingers crossed.



#13 Fonamor

Fonamor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 08 February 2013 - 04:19 PM

I just followed the directions from first post above and was finally able to remove/unistall Visual Bee. :

 

I  followed this:

 


http://www.bleepingcomputer.com/download…

Open adwcleaner, click on search. A log will display when it's finished. After reading, close log, and click on the delete button, you will be asked to restart your computer, do so.
Open adwcleaner again, and click the uninstall button to remove it from computer.   

 

 

 

I got it downloading Picasa from CNET

 

Do you think I need to do something with ESET??

 

THANK YOU FOR THIS SITE MY NEW BEST FRIENDS!!!!


Edited by Fonamor, 08 February 2013 - 04:33 PM.


#14 grinningdog

grinningdog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 12 February 2013 - 09:49 AM

Please download AdwCleaner by Xplode onto your desktop.

 

________________________________________________________

 

I went this route and it seems to have gotten rid of the VB Toolbar (Conduit). 

 

I updated my Java and Skype and when I rebooted the VB Toolbar was there. I'm pretty sure it came with the Skype update. After AdwCleaner and rebooting the VB Toolbar was gone.

 

Glad it's gone. Thanks for your help.

 

grinningdog



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,069 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 12 February 2013 - 11:14 AM

@grinningdog

 


MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

 

Junkware Removal Tool
  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 



 


 


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users