Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Right-click menu changed - also rundll popup on booting


  • Please log in to reply
4 replies to this topic

#1 faster

faster

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 28 December 2013 - 05:38 PM

I have two problems. I use W7, and detest it, but am stuck for a while.

 

The right-click menu for Notepad now has "edit" in it. I have to choose that or else something tries to access "privileged resources" through splwow64.exe if I just double-click it. That shouldn't happen. I've used a substitute for Notepad for YEARS, called Notepad+, and it worked on W7 until recently. I can't find any infection on Notepad+, but it behaves as though it had one. Whatever changed the right-click menu was likely a toolbar, Conduit, which I stupidly allowed to install, and still can't get rid of it all. I can't find, on W7 where I can manage things like "open" "edit" etc. for any program on my PC, and associate the program file extension with something else. I had it in 98SE, but not in W7.

 

Conduit weaseled its way into many areas of my PC, and I had trouble both finding them and getting rid of them. Some I bumped into by pure accident. Most is gone now, but not all. The toolbar itself still comes up when I start Google Chrome, but it is unusable, just there. Chrome also shows a search page called "Connect" by Conduit, by default. I've removed it, in Chrome's settings, but it keeps coming back. So it still has a footprint somewhere in my Google Chrome files.

 

That same toolbar now gives me a popup every time I boot up. It says:

 

"RunDLL

 
There was a problem starting
 
C:\Users\Owner\AppData\Local\Conduit\Background\BackgroundContainer.dll
 
The specified module could not be found."
 
And isn't it odd that W7 doesn't seem to HAVE any rundll files on it, as W98SE did?
 
Can someone help me?

Edited by hamluis, 29 December 2013 - 03:37 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 KingdomSeeker

KingdomSeeker

  • Members
  • 458 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 PM

Posted 29 December 2013 - 09:53 AM

Download SecurityCheck.exe from Here

. Run SecurityCheck and follow the instruction from inside the code box.
. When the scan is finished, a notepad will automatically open as check.txt
   Please copy and paste the contents here on your next reply.

 

 Try clearing your cache files : Free Ccleaner
       Ignore the Registry feature of Ccleaner as it is not recommended or needed.

 Download Adwcleaner by Xplode from here.
      Click on Adwcleaner and hit the Scan button and will begin to search for PUP and malicious files. Once finished click the Clean button. Copy and   paste the log on your next reply.

 Scan for Malware using free Malwarebytes
      Install then run a quick scan only after updating to the latest definition.Uncheck the trial pro version on setup and remove any found threats after    running the scan.Please post also the result.

 Download JRT by thisisu from this link.
      Make sure to disable your antivirus or any running protection softwares before running JRT to avoid interferences.
      For Vista and Windows 7, right-click and Run as Administrator. In XP, double click JRT icon.
      Please be patient and let the program finish scanning.
      Once finish, a text document will open then copy-paste it on your next reply.

 Check for updated network drivers on your manufacturing support site only.



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:52 AM

Posted 29 December 2013 - 01:38 PM

Let's take care of the conduit first.

 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

 
Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.
 
 
Have you tried using the compatibility mode to run the Notepad+?  This could resolve that issue.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 19 January 2014 - 06:30 PM

Have I told you folks lately that I love you? You've been so expert, and so unjudgmental when I had 98SE. You're the BEST.
 
Can't use MalwareBytes. It's very good, but I don't EVER buy things online, and my trial version got used up.
 
And I did try compatibility mode for Notebook+. What finally worked was deleting the program. I then installed it again under Notebook1. That worked. Other .txt files gave me some problems from having been made under the notebook in W7, but that wasn't hard to work out. I have my app back, and that's all that counts. The original Notebook+ on my PC insisted on accessing privileged resources. Why? Who knows, but I denied it, so I couldn't get Notepad+ to load. Shredding the program worked, and I then put a copy from my CDs back on.
 
Can any of you tell me if "Trusted Installer" is a legitimate thing in W7? Many - most - of my system files have that on the properties sheet, and it usually has more rights than I DO! If it is legit, I'll leave it be, but I doubt that it is.
 
A few days ago, I sent a withering note to Conduit. It accused them of infiltrating proprietary Windows software (like rundll and Windows Automatic Update) and demanded a method of removing Conduit's toolbar and its automatic search page on Google for new tabs (with an ad in Spanish - I live in Mexico).
 
I don't know if it was in response or not, but today I found a new Conduit folder. After following the trail of subfolders, there was only one thing in the last folder called "ChromeExtData": a 635KB notepad file called "localStorageBackup.txt" I wasn't asked if I wanted to put the folder on my system; it just got in on its own. So much for making system and other files "invisible." They're only invisible to ME, but not to malware writers. I don't even know where Windows Automatic Update files ARE, but Conduit did.
 
If you'd like me to send you a copy to study, I'll be glad to do so - but keep in mind it may be infected, too. All that's on it is one very long run-on "sentence" that uses symbols I don't understand, and a few words I do. Not a space nor a period can be found. It makes many references to "hidden" things. I haven't a clue how to use it. (Assuming it was sent to me to use.)
 
I've been away for a while. I'm downloading the files that have been recommended, and will be back later with the desired reported results.
 
And thanks muchly!
Holly


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:52 AM

Posted 20 January 2014 - 09:46 AM

Regarding Trustedinstaller, the information below is from this website.

 

TrustedInstaller is a built-in user account in Windows 8Windows 7, and Windows Vista. This user account “owns” a variety of system files, including some files in your Program Files folder, your Windows folder, and even the Windows.old folder that is created after you upgrade from one version of Windows to another. To rename or delete these files, you’ll have to take ownership of them away from the TrustedInstaller user account.

 

The only problem that I know of with Trustedinstaller is if you need to delete protected (owned) by it.

 

AdwCleaner will remove conduit.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users