Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What the heck is a ConduitFloatingPlugin_gdfglldanmpdjibmppnggdphndfklefg ???


  • Please log in to reply
3 replies to this topic

#1 kyba

kyba

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 04 August 2013 - 03:55 PM

OK, so while burning an image to a disc, my antivirus pops up and says that it needs to block this 'thing' (not typing full name). I block it and either it got through somehow or part of it got through, because I see a new entry in the start-up files, labelled with its name.

 

I search online for what the heck it is and notice that my default search provider has changed from Google to Bing, plus no results are coming up as to what it is. Apart from that no real differences have occurred in my laptop.

 

I havn't yet restarted my laptop, as it executes on start-up, so have no idea what it does.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_gdfglldanmpdjibmppnggdphndfklefg

 



BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

    U


  • Malware Response Team
  • 2,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:00 PM

Posted 04 August 2013 - 04:23 PM

It looks like adware.

 

"gdfglldanmpdjibmppnggdphndfklefg" must be a Google Chrome extension.

Notice anything unwanted / out of the ordinary when you open up Google Chrome?


Edited by thisisu, 04 August 2013 - 04:23 PM.


#3 kyba

kyba
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 04 August 2013 - 08:21 PM

It is adware and it only seems to affect Google Chrome, not Firefox. It puts up an un-removable 'games' toolbar on the browser page, which is not present in the extensions list or installed programs.

Also, apart from changing the browser home page and search engine, it tries to force a load of programs onto your computer using recognisable icons and names like 'Angry Birds' and such.

But what is worst is that it just cannot be removed from my system, because it can't be detected by my anti virus program (ESET).

I found this out by very stupidly restarting my laptop.

#4 thisisu

thisisu

    U


  • Malware Response Team
  • 2,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:00 PM

Posted 05 August 2013 - 12:51 AM

Try the following, open Notepad and copy the following into it:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_gdfglldanmpdjibmppnggdphndfklefg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_gdfglldanmpdjibmppnggdphndfklefg"=-

Now Save this as a .reg file. You can name it something like registryfix.reg

Once that is done, you should now be able to double-click this newly created file and allow it to merge into the registry. This should delete that startup value.

 

You may have more adware installed on your system so I would recommend running the following programs:

 

AdwCleaner -- http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Junkware Removal Tool - http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/

 

 

With AdwCleaner, you double-click to open the program and press the Delete button. A log of what was deleted should appear once the computer is rebooted. Junkware Removal Tool should also create a log that can be found on your desktop. You may post that for review as well.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users