Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Conduit Saga- Reinfection.


  • Please log in to reply
7 replies to this topic

#1 CaniLupine

CaniLupine

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 17 March 2014 - 10:25 PM

So, my wife's computer was infected with the nasty Conduit virus. It switched her default search to Conduit SearchProtect, and had this other nasty feature of opening a new browser window every time she pressed a key on her keyboard. For example, in an instant messenger window, she'd type out the word "hello" and 5 Firefox windows would open up (windows, not tabs), basically rendering the computer unusable.

 

After 3 days of fighting and several hard drive wipes, I managed to get rid of it by flashing the BIOS (yes, this bugger leaves the hard drive and infects other chips). After it was all cleaned, I also switched out the keyboard for a fancy Microsoft one with all sorts of nice buttons on it. Worked great.

 

After a while, my wife went ahead and plugged in her old keyboard, since it's smaller (some Azza gaming one that came with her Cyberpower system on Newegg). Then, the symptoms returned sporadically. Sometimes it'll behave, and others it'll open up 20-something Firefox windows when she's typing.

 

So, it looks like THE CONDUIT VIRUS CAN INFECT KEYBOARDS. Don't ask me how, I don't know, but apparently it's possible. I'm going to be re-wiping the hard drives and BIOS and putting the Microsoft keyboard back in, and destroying the Azza keyboard, since apparently it's bricked. I just hope Conduit didn't infect the GPU or other chipsets as well.



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:09 AM

Posted 18 March 2014 - 03:30 AM

Hi CaniLupine and welcome to BleepingComputer! :)

 

Would you mind answer these question for us? This will be good information for further researching. :)

 

Can you remember what you did before you first got infected?

Did your keyboard normal before infection?

What happen after you plug in old keyboard? Conduit come back immediately? Or Firefox start to open?

Conduit come back immediately after wiped harddrive?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 CaniLupine

CaniLupine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 18 March 2014 - 10:16 AM

Since it's my wife's computer, I'm not sure exactly what she did to get the infection.

 

Before the infection, yes, the keyboard was functioning normally.

 

The infection reappeared the next day after the Azza keyboard was reinstalled, after the next restart, where it would open new windows with each keystroke.

 

During the 3 days of fighting Conduit, yes, the infection came back immediately after using the Clean All command in DiskPart. It only went away after reflashing the BIOS.

 

Also, another symptom of this virus is that it will refresh the home page automatically when you attempt to type in a website address. But since it has not yet changed her home page from Google to Conduit, it hasn't overloaded the memory yet.

 

I am currently running Clean All on DiskPart again, and have reflashed the BIOS. After that's done, I'll shut off the computer, remove the Azza keyboard, and reinstall the Microsoft one. That should hopefully be the end of things.


Edited by CaniLupine, 18 March 2014 - 10:21 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:09 AM

Posted 18 March 2014 - 09:03 PM

So, after you wiped your Harddisk, Conduit come back or Firefox problem come back?

 

We're currently researching about this, we may ask you more questions so thanks for your cooperation! :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 CaniLupine

CaniLupine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 18 March 2014 - 10:34 PM

The symptoms of the Conduit virus returned after the HDD wipe, but the Conduit folders could not be found in the hard drive. It showed the same symptoms (opening new windows with each keystroke) with any browser set to default, whether it was Firefox, IE, or Chrome. This is when I figured out that it must have infected the BIOS, and discovered that reflashing the BIOS was the solution. After that, the symptoms were no longer present, up until the old keyboard was reinstalled. I searched the computer and the Conduit folders were still not on the hard drive, and again affected whatever browser was set to Default.



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:09 AM

Posted 19 March 2014 - 01:45 AM

So, when you got infected, did the Firefox problem stops when you disconnect the keyboard?

And did you install anything after you connect the azza keyboard?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 CaniLupine

CaniLupine
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 20 March 2014 - 12:22 AM

Nothing was installed after connecting the Azza keyboard, so it was the only change made when the infection reappeared. From my previous experience with the virus, I didn't take any chances and wiped the HDD and reflashed the BIOS before switching the keyboard, since this is my wife's only computer. I don't have a spare computer to test the theory that the virus is embedded in the keyboard, but I'm considering shipping it out to someone if they want to test it on their system.



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:09 AM

Posted 06 April 2014 - 03:13 AM

Ok, so at this point I think yout firefox problem occur because of your azza keyboard's control and n button stuck, that will open new browser windows, and we don't think conduit will spread via hardware.

Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users