Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

conduit virus?


  • Please log in to reply
6 replies to this topic

#1 lisa1967

lisa1967

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 02 May 2014 - 08:02 PM

I have a windows 8 laptop. I cant boot up..it doesnt go to my home page. It keeps showing conduit..when i type in a site, it redirects me to conduit. Any suggestions?
Lisa

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs included with the topic. Duplicate topic in Windows 8 deleted.~ Animal

BC AdBot (Login to Remove)

 


#2 lisa1967

lisa1967
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 02 May 2014 - 08:26 PM

It doesnt let me browse. Keeps redirecting me to searchconduit.com or browsersafeguard.com. 



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:07 PM

Posted 02 May 2014 - 10:55 PM

Hello lisa -

 

Please run these scans and fixes so we see how deep the infection is -

First - Are you posting from the infected computer ??

If not, please download these to a USB Flash drive and trabsfer them to the problem computer.

 

Now -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
 
Click Go and copy / paste the result (Result.txt).

 

 

Next -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear (or last up to 2 minutes)
This is normal and indicates the tool ran successfully.

Please post the small log back here

 

Important: Do not reboot your computer until you complete the next step.

 

Now: Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and the paste this log in your next post.

 

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Post back after these and include the logs plus a report on how the computer is running -



#4 lisa1967

lisa1967
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 04 May 2014 - 03:53 PM

   Results of screen317's Security Check version 0.99.82  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#5 lisa1967

lisa1967
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 04 May 2014 - 03:56 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ggschwartz (administrator) on 04-05-2014 at 15:54:25
Running from "F:\"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is enabled.
ProxyServer: http=127.0.0.1:49529;https=127.0.0.1:49529
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/03/2014 01:15:31 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 984
 
Start Time: 01cf66fb929bba8c
 
Termination Time: 17
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: e4904807-d2ee-11e3-8266-fc15b404e8b0
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54126265
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54126265
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54125250
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54125250
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2031
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/04/2014 03:36:52 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/03/2014 09:03:42 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (05/03/2014 04:49:58 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (05/03/2014 02:07:02 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (05/03/2014 01:16:08 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (05/03/2014 00:53:14 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (05/03/2014 00:05:55 PM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (05/03/2014 11:59:28 AM) (Source: Service Control Manager) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/03/2014 11:53:40 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (05/03/2014 11:53:04 AM) (Source: DCOM) (User: GAMMY)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
 
 
Microsoft Office Sessions:
=========================
Error: (05/03/2014 01:15:31 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.1651898401cf66fb929bba8c17C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEe4904807-d2ee-11e3-8266-fc15b404e8b0
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54126265
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54126265
 
Error: (05/03/2014 11:13:58 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54125250
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54125250
 
Error: (05/03/2014 11:13:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2031
 
Error: (05/02/2014 08:11:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
=========================== Installed Programs ============================
 
4 Elements II (Version: 2.2.0.98)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Airport Mania (Version: 2.2.0.95)
Azkend 2: The World Beneath (Version: 2.2.0.98)
Bejeweled 3 (Version: 2.2.0.98)
Bounce Symphony (Version: 2.2.0.97)
BrowserSafeguard with Rockettab
Build-a-lot (Version: 2.2.0.98)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.110)
Cradle of Rome 2 (Version: 2.2.0.98)
Curse at Twilight (Version: 3.0.2.32)
CyberLink LabelPrint (Version: 2.5.5.6902)
CyberLink Media Suite 10 (Version: 10.0.5.3606)
CyberLink Power2Go 8 (Version: 8.0.5.3228)
CyberLink PowerDVD 12 (Version: 12.0.2.3418)
CyberLink YouCam (Version: 5.0.2.3302)
D3DX10 (Version: 15.4.2368.0902)
Delicious: Emily's Childhood Memories Premium Edition (Version: 3.0.2.32)
DisableMSDefender (Version: 1.0.0)
Energy Star (Version: 1.0.9)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447)
Farm Frenzy (Version: 2.2.0.98)
Fishdom 3: Collector's Edition (Version: 3.0.2.38)
Google Chrome (Version: 34.0.1847.131)
Google Update Helper (Version: 1.3.23.9)
Governor of Poker 2 Premium Edition (Version: 2.2.0.110)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000)
House of 1000 Doors: Family Secrets (Version: 2.2.0.98)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Documentation (Version: 1.1.0.0)
HP Postscript Converter (Version: 4.5.12202)
HP Recovery Manager (Version: 12.00)
HP Registration Service (Version: 1.2.7127.4628)
HP Support Assistant (Version: 7.4.45.4)
HP System Event Utility (Version: 1.0.10)
HP Utility Center (Version: 2.3.1)
HP Wireless Button Driver (Version: 1.1.2.1)
Intel® Processor Graphics (Version: 10.18.10.3309)
Intel® Trusted Execution Engine (Version: 1.0.0.1050)
Intel® Trusted Execution Engine (Version: 1.1.1.1)
Intel® Trusted Execution Engine Driver (Version: 1.0.0.1050)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
King Oddball (Version: 3.0.2.48)
Luxor Evolved (Version: 2.2.0.98)
Mahjongg Dimensions Deluxe (Version: 2.2.0.95)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (Version: 15.0.4454.1510)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyPC Backup  (Version: )
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
Photo Gallery (Version: 16.4.3508.0205)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Realtek Card Reader (Version: 6.2.9200.29070)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 8.20.815.2013)
Realtek High Definition Audio Driver (Version: 6.0.1.7032)
REALTEK Wireless LAN Driver (Version: 1.00.13.1216)
Roads of Rome 3 (Version: 2.2.0.98)
RrFilter (Version: 1.0.0.0)
RrSavings (Version: 1.0.0.0)
rrsavings (Version: 2.0.1)
Search Protect (Version: 2.12.20.154)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 17.0.15.0)
Tales of Lagoona (Version: 2.2.0.110)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia (Version: 3.0.2.32)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (HP Games) (Version: 4.0.10.15)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Youda Jewel Shop (Version: 3.0.2.32)
Zuma's Revenge (Version: 2.2.0.98)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 54%
Total physical RAM: 3992.58 MB
Available physical RAM: 1814.29 MB
Total Pagefile: 4760.58 MB
Available Pagefile: 2027.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:679.28 GB) (Free:634.34 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:18.59 GB) (Free:1.91 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.59 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\GAMMY
 
Administrator            ggschwartz               Guest                    
 
 
**** End of log ****


#6 lisa1967

lisa1967
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 04 May 2014 - 03:58 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/04/2014 03:56:43 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe (PID: 356) [Win32/Conduit.SearchProtect.B]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/04/2014 03:57:50 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:07 PM

Posted 04 May 2014 - 07:34 PM

Now: Please download AdwCleaner by Xplode and save to your Desktop.

 

Hi -

Just run that last program please, we want to be sure these are fully gone

RrSavings (Version: 1.0.0.0)
rrsavings (Version: 2.0.1)

Search Protect (Version: 2.12.20.154)

 

From above RKill log -

 1 proccess terminated!

* C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe (PID: 356) [Win32/Conduit.SearchProtect.B]

 

This is half of the Conduit problem, combined with RrSavings it may clean up your problem .......






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users