Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Browser hijack


  • Please log in to reply
13 replies to this topic

#1 Juliasdream

Juliasdream

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 26 January 2014 - 10:43 AM

I've just installed a new hard drive on my computer and ran a fresh install of 32 bit Win 7.

I downloaded all if my favorite programs including Mozilla's Firefox and Thunderbird and copied over all bookmarks, emails etc using Mozbackup

Everything seemed to go fine until I noticed that instead of getting Google as my home page/search engine I was getting Bing instead and noticed Conduit.com in the address bar (http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDAA40DAF-71DD-4307-B8FA-929C01A22C2A&SSPV=)

Changing my home page using Tools>options>General didn't help because on browser restart it reverted back to Conduit

I tried typing "about:config" in the address bar and resetting all entries using Conduit

I ran Malwarebytes which found and removed Conduit from Internet explorer but not firefox.

I even ran regedit and removed every mention of Conduit from the registry but it seems whatever I do it stubbornly keeps coming back and taking over

Can anyone please advise how to get rid of this nuisance bug once and for all

Thanks



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Instructor
  • 2,846 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:05:50 AM

Posted 26 January 2014 - 11:09 AM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

---------------

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#3 Juliasdream

Juliasdream
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 26 January 2014 - 11:50 AM

Hi,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

---------------

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

xXToffeeXx~

Hello and thank you for responding.

I ran both of those as you asked

Conduit still shows on my address bar

Here are the 2 logs

 

 

# AdwCleaner v3.017 - Report created 26/01/2014 at 16:15:17
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Dale - DALE-PC
# Running from : C:\Users\Dale\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\a7tnw9m8.default\searchplugins\conduit-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\conduit-search.xml
File Deleted : C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\a7tnw9m8.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\a7tnw9m8.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDAA40DAF-71DD-4307-B8FA-929C01A22C2A&SSPV=");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [2600 octets] - [26/01/2014 16:13:26]
AdwCleaner[S0].txt - [2358 octets] - [26/01/2014 16:15:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2418 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dale on 26/01/2014 at 16:29:09.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3016094628-2224382628-2211350667-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Dale\AppData\Roaming\mozilla\firefox\profiles\a7tnw9m8.default\prefs.js

user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDAA40DAF-71DD-4307-B8FA-929C01A22C2A&SSP



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/01/2014 at 16:45:57.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Instructor
  • 2,846 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:05:50 AM

Posted 26 January 2014 - 11:53 AM

Hi,

 

No need to quote what I post.

 

See how to reset firefox here.

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#5 Juliasdream

Juliasdream
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:50 AM

Posted 26 January 2014 - 12:36 PM

Thank you xXToffeeXx

Thats done the trick.

I'm very grateful



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Instructor
  • 2,846 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:05:50 AM

Posted 26 January 2014 - 12:49 PM

Hi,

 

You are welcome :)

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#7 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 04:26 AM

I found the information here about adwcleaner and tried to make it work for me.  It didn't.  I have XP Pro and a Dell workstation (don't know the model off the top), and there was no option to save to desktop (as recommended by author) nor was there an option run as administrator (which I don't know how to do anyway).

 

Does adware work for getting rid of this annoying browser hijack thing on XP?  If so, please explain simply to me what to do.

 

Your help will be greatly appreciated.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Instructor
  • 2,846 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:05:50 AM

Posted 19 March 2014 - 12:17 PM

Hi,

 

What browser are you using, izoidy?

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#9 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 02:16 PM

I mostly use Chrome, but I have IE as well.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Toffee Monster


  • Malware Response Instructor
  • 2,846 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Somewhere in BleepingComputer
  • Local time:05:50 AM

Posted 19 March 2014 - 03:17 PM

Hi,

 

Try downloading AdwCleaner via Chrome and checking the downloads folder too (%userprofile%\Downloads).

 

xXToffeeXx~


If I am helping you and you have not had a reply from me in two days, please send me a PM.

 

~Open a window, eat an apple, chrome some metal, watch an opera, make a safari, hunt a fire fox, be an explorer~


#11 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 03:27 PM

Sorry to sound as ignorant as I am, but how do I download via Chrome?  I thought you and the author's site were the only places to download the adwcleaner.  And I'm not sure how to find or access that in Chrome.  Could you possibly tell me what steps or directions to take?

 

Thanks again.

 

~iz



#12 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 03:41 PM

I just found the following on Google, and though I have yet to reboot, it seems to be working.  I'll keep you posted, and thank you very much!
 
Yashaswi KumarLevel 7
12/6/12
 
 
For google chrome browser--
 
1. Go to Settings >> Extensions >> disable uTorrentControl_v2 extension.
 
2. Go to Settings >> On startup >> remove conduit settings
 
3. Go to Settings >>  Search >> manage search engine >> set it to google.com and remove conduit's entry if any.
 
Cheers.  \m/  \m/
 
Here's the url where it was found:
 
 
I'll be back if this isn't a permanent fix :)
 
~iz


#13 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 03:53 PM

Well, I'm back :(

 

I wasn't able to do the first step of Yashaswi's directions as there was no "disable uTorrentControl_v2 extension" in my settings/extentions.

 

I deleted it from Chrome, but it's insidious and popped right back up after my reboot.  

 

Here's looking forward to your next suggestion (or direction) . . .



#14 izoidy

izoidy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 19 March 2014 - 04:01 PM

I'm continuing to search, and I found the following:

 

http://malwaretips.com/blogs/remove-browser-redirect-virus/

 

I have yet to try the process, so I'll check these boards again when I get up from my nap and try your way first.

 

Thanks again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users