Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search.conduit.com browser hijacker


  • Please log in to reply
4 replies to this topic

#1 tdo577

tdo577

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:40 PM

Posted 12 November 2013 - 12:08 PM

:grinner:Hello! Not for sure if this is in the right place, but I thought I would send an alert to this site about the search.conduit.com browser hijacker. I got it from trying to download a free audio enhancer trial, and though it seemed less suspicious than the snapdo hijacker (decline button was really light, but still responded :scratchhead:), it still downloaded after I said no. I, once again, went to my programs and immediately deleted it, but as usual it was still there.

 

This one is a bit of a pain to remove, but after running Malwarebytes and Adware the hijacker was gone :thumbsup2:! (answered prayer!) Working on getting something that alerts to potential pup files of this sort, as I saw some options available. Just an alert and another well deserved thank you to the bleepingcomputer.com site (this place is a blessing!) I have referenced this site for help, and come here for a final word if you will on computer help. I'm getting so I love figuring out what's wrong with them :busy: (go figure!) and I want to take classes to focus on this area of an IT(any suggestions? :) ) Anyways, watch out for this one and thanks again bcc!


Edited by tdo577, 12 November 2013 - 12:10 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 PM

Posted 12 November 2013 - 02:14 PM

Thank you for sharing your experience.
 
Conduit is a toolbar engine installed (bundled) alongside many free applications which allows users to add applications directly to their browser without a community toolbar. Conduit offers a distribution option for Conduit-powered offerings and is used in order to generate ad revenue for the company. While not explicitly malware, it is often installed stealthily without knowledge or consent from the end user.

How do I earn money with bundles?
By offering (“bundling”) a Community Toolbar in your software installer, you are boosting the Community Toolbar’s installs. The Active Rewards program pays you based on the number of daily active users of your Community Toolbar according to the Three Tiers Table. If you are not yet a member of the Active Rewards program, you can join through the Make Money tab.

Conduit Community Toolbar Help Center

After using anti-virus and other security scanning tools to remove adware and malware it is not uncommon to find remnants of startup and scheduled task registry keys when booting into Windows. As such, many folks will then report Conduit Run DLL Error on start up which is related to "BackgroundContainer.dll". Instructions for removing the RunDLL Error are provided in that topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:40 PM

Posted 12 November 2013 - 02:21 PM

As per your PM ... Run these if you feel you may still have some infection.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:40 PM

Posted 12 November 2013 - 02:27 PM

I wasn't aware of a PM....thought our OP was providing information as to how he was able to remove Conduit. Since he still is having issues, I will move this to a more appropriate forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tdo577

tdo577
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:40 PM

Posted 18 November 2013 - 05:41 PM

Sorry for the confusion!! Bless my heart, can't even remember why I pm'd in the first place. Probably cause I'm so nervous after two browser hijacks-don't want the wrong eyes getting info (I just pm'd in reply again but will post for the community if it will help them.) But as I said before you guys are a trusted source for info, so I do apologize. Living and learning Mr. Gm! Thank you guys for all you do!

 

Just a question:where is this now? :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users