Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove Conduit PUP


  • Please log in to reply
10 replies to this topic

#1 tnwool

tnwool

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 11:17 AM

Running MalwareBytes, 4 Conduit PUPs are identified, but I cannot remove them.  When I try, Malwarebytes enters into "Not Responding" state.

 

What I have tried:

 

-  Reboot computer

-  Ran Dr Web Cureit...nothing found

-  Ran RKill

-  Reran Malwarebytes... same 4 identified...same problem / not removed

-  Reboot computer

-  Ran AdwCleaner... identified some things (VisualBee), but not the PUPs... auto restarted

-  Reran Malwarebytes... same 4 identified... same problem / not removed

 

Computer info:

 

- Windows Vista Home Premium, Service Pack 2

- Malwarebytes version 1.75.0.1300

- McAfee Antivirus 16.8

- McAfee Firewall 13.8

 

Help?  Suggestions / What to do next?

 

Thanks in advance.

 

 

 

 

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:37 AM

Posted 18 January 2014 - 11:37 AM

Hi,
 
Let's try running Malwarebytes Chameleon then:
 
1. Please open Malwarebytes' Anti-Malware.
 
2. Click on More Tools, then open click on Chameleon.
 
3. An image like the one below will appear on your screen. Follow the instructions to get Malwarebytes Anti-Malware running.
 
Chameleon_zpsfd335ac6.png
 

Make sure to copy and paste the log it creates into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 12:04 PM

Running now.  Downloaded, but help file would not open.  Trying one of the other files (per instructions) called iexplore... DOS screen kicked in and is running a script now.  Will post results upon completion.

 

Thank you.



#4 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 12:28 PM

Process ran... but no reference to a log file.  Should I be able to find it in some directory?  Is not in the same directory as the download.

 

Thanks.



#5 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 12:50 PM

Here is log info:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.18.04
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
twooldridge :: TWOOLDRIDGE-PC [administrator]
 
1/18/2014 11:37:45 AM
MBAM-log-2014-01-18 (11-49-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227536
Time elapsed: 11 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\twooldridge\AppData\Local\Temp\ct3287802 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 12:51 PM

I think we have success:  Here is updated log after selecting remove:  Will reboot and see where it is:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.18.04
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
twooldridge :: TWOOLDRIDGE-PC [administrator]
 
1/18/2014 11:37:45 AM
mbam-log-2014-01-18 (11-37-45).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227536
Time elapsed: 11 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Users\twooldridge\AppData\Local\Temp\ct3287802 (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi\defaults (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\twooldridge\AppData\Local\Temp\ct3287802\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 0
(No malicious items detected)
 
(end)


#7 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 01:39 PM

Didn't kill them all... two remain. 

 

After restarting, I re-run Malwarebytes (normal mode), and 2 of the PUPs were still listed.  And when I tried to remove them, the software returned to "Not Responding".

 

Additional thoughts?

 

Many thanks.



#8 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 02:37 PM

Just adding more notes if it helps... re-ran RKill... noted it says the following.. is this a contributing factor?

 

 

 

Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic


#9 tnwool

tnwool
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 18 January 2014 - 02:52 PM

Probably last note...

 

As noted above, I re-ran RKill.  Then re-ran Malwarebytes... and it returned zero issues.

 

So I guess it is finally gone, although I don't know if the "Windows Defender Disabled" is a concern or not.  Sounds bad, but I'm not sure.

 

Should I take action on that?

 

Thanks.



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:37 AM

Posted 18 January 2014 - 02:52 PM

Hi,

 

I wouldn't imagine so, it just saying that Windows Defender and firewall is not enabled. This is probably caused by your antivirus most likely.

 

Run this for me:

 

See if malwarebtyes still detects those files.

 

xXToffeeXx~


Edited by xXToffeeXx, 18 January 2014 - 02:53 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:37 AM

Posted 18 January 2014 - 02:54 PM

Hi, 
 
We cross posted, if you would like it would be best to run this program to see if anything needs updating:
 
Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users