Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Search aftermath


  • Please log in to reply
11 replies to this topic

#1 goatesj

goatesj

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2013 - 09:25 AM

Greetings,

First off, I wanted to say thanks to all the posters that have helped me so much in the past. This is my first post, but I've been visiting and leeching help off this site for about 4 years now, so Thanks.

Here is my problem.

System is running WinXP Pro SP3

Recently, conduit search was unknowingly (thanks to my wife)installed on our computer. Through various applications, I felt that I had removed it completely. Today, when I tried to connect to a Hyperlink for work, I get the following error:

C:\(the location of the hyperlink) is not a valid Win32 application.

I had just connected to that prior to removing the conduit search adware. So, I'm thinking I deleted something that is necessary to run my hyperlink. I did re-create another one, but still get the same problem.

Any advice?

Thanks

Edited by goatesj, 23 January 2013 - 09:26 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 23 January 2013 - 10:16 AM

Hello. I moved this to the Am I Infected forum to make sure it's all off.



ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Junkware Removal Tool
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


>>>>

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 goatesj

goatesj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2013 - 11:32 AM

Thanks for the help so far, just wanted to say that I am waiting on the ESET Scan to complete. (added ESET log at the end)

Here are the logs that I have:

AdwCleaner:

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 09:22:25
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - SERVER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5378 octets] - [21/01/2013 13:25:29]
AdwCleaner[R2].txt - [5285 octets] - [21/01/2013 13:27:26]
AdwCleaner[R3].txt - [1050 octets] - [21/01/2013 13:35:03]
AdwCleaner[R4].txt - [1210 octets] - [23/01/2013 09:19:05]
AdwCleaner[R5].txt - [1271 octets] - [23/01/2013 09:21:50]
AdwCleaner[S2].txt - [5213 octets] - [21/01/2013 13:27:45]
AdwCleaner[S3].txt - [1111 octets] - [21/01/2013 13:35:23]
AdwCleaner[S4].txt - [1204 octets] - [23/01/2013 09:22:25]

########## EOF - C:\AdwCleaner[S4].txt - [1264 octets] ##########





-----------------------------

Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.8 (01.21.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 01/23/2013 at 9:29:50.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/23/2013 at 9:34:57.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ESET Online Scanner:

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\592d6455-7381fcf2 a variant of Java/Exploit.CVE-2012-0507.M trojan deleted - quarantined
C:\RECYCLER\S-1-5-21-2502319277-3123313400-3539568282-500\Dc8.zip a variant of Win32/HackTool.Patcher.T application deleted - quarantined



Should I delete these files from the ESET Online Scanner?

Thanks.

Edited by goatesj, 23 January 2013 - 11:50 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 23 January 2013 - 12:10 PM

You can delete now if you want to.
Looks clean any issues?

I want to see if there are any exploit points...
MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 23 January 2013 - 12:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 goatesj

goatesj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2013 - 12:14 PM

Everything is running fine, except I still cannot load my hyper terminal. When I try to load it, I still get the same error:

"is not a valid Win32 application"

Any advice?

Thank you so far, it seems conduit is finally out of my system. Nasty little thing.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 23 January 2013 - 12:49 PM

OK we ruled out malware as the issue
Do you have Sevice Pack 3 installed?

This issue can be caused by any of the below possibilities.
1.File is corrupt, bad, or missing.
2.File is not designed for your version of Windows.
3.File is a virus, worm, or other malware file.
4.Hardware incompatibility.

I believe it better to take these other issues up with the folks in XP as they will be able to look at other things.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 goatesj

goatesj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 23 January 2013 - 12:53 PM

Yeah, SP3 is installed.

I had used the hyperterminal daily with no issues up until today. The only thing I could think of was that I had attempted to remove the conduit search yesterday. So, either I deleted something (through the various scanners I used), or the malware did something upon removal.

Was hoping someone knew something. Your help has been greatly appreciated, as it seems conduit is gone. Would attempting a XP repair be a good idea?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 23 January 2013 - 01:52 PM

You could try SFC first...

SFC


Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 goatesj

goatesj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 24 January 2013 - 02:12 PM

Ran SFC to no avail. It was on for about an hour, then completed without warning. Still no help. Going to try to un-install hyperterminal and re-install it. Unless anyone has any other ideas.

Thanks.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 24 January 2013 - 02:22 PM

Ok, well ,go back to post 6 and ask in XP as there are other tests to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 goatesj

goatesj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 24 January 2013 - 02:34 PM

After some detailed searching, I found the best way to un-install and re-install Hyper Terminal with success.

Thank you so much for you help, boopme , you got rid of conduit for good, which allowed me to fix hyperterminal. Whether they are related problems or not, who knows, but all is well....till next time.

Thanks again.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 24 January 2013 - 02:36 PM

Excellent!!


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:? Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

? Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users