Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finally updated MBAM 1.7 to 2.0 an it finds PUP.Optional.Conduit.A


  • Please log in to reply
7 replies to this topic

#1 AlchemicEND

AlchemicEND

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:05:21 AM

Posted 09 September 2014 - 10:41 AM

Last night I updated my Malwarebyte's Antimalware to the recent version and ran a scan, this is what it found.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2014
Scan Time: 11:55:22 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.08.10
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Blair

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292725
Time Elapsed: 16 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\Blair\Application Data\Mozilla\Firefox\Profiles\8mt0uc98.William\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}");), Replaced,[c3d646833348b77f91880c1b49bc817f]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Should I be worried that it found this, I honestly don't remember being redirected anytime recently so was this even active or just a remnant. I mostly browse the internet in sandboxie so I wonder if this was leftover from when I didn't use sandboxie as often, or from a program installed at some point. Hopefully you guys can help put my mind at ease.

 

Forgot to add that I've ran a scan with SUPERAntispyware Free Edition and Avast Free and they didn't find anything.


Edited by AlchemicEND, 09 September 2014 - 10:51 AM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:21 AM

Posted 09 September 2014 - 11:00 AM

You want to remove Conduit. as it can bring in other items.

Potentially Unwanted Programs are annoying for a number of reasons. They will install adware on your PC meaning that you’ll be plagued by dozens of irritating pop up adverts for websites and products you probably have little or no interest in and they can also hijack your browser and install unasked for tool bars. In this case, it will install Conduit toolbar and change your default search engine to search.conduit.com. A tool bar that you didn’t ask for is rarely useful and serves to do little more than to confuse you and change the appearance of the browser that you know and use on a daily basis. Furthermore some tool bars have the ability to install even more unwanted software and can redirect you to websites that the programmer wants you to visit instead of the sites that you are trying to go to.

What is Conduit

 

 

Also run..

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.[/*]
[*]Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.[/*]
[*]Click on the Scan button.[/*]
[*]AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
[*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.[/*]
[*]After reviewing the log, click on the Clean button.[/*]
[*]Press OK when asked to close all programs and follow the onscreen prompts.[/*]
[*]Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/*]
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.[/*]
[*]Copy and paste the contents of that logfile in your next reply.[/*]
[*]A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.[/*]
[*]-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 AlchemicEND

AlchemicEND
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:05:21 AM

Posted 09 September 2014 - 11:31 AM

You want to remove Conduit. as it can bring in other items.

Potentially Unwanted Programs are annoying for a number of reasons. They will install adware on your PC meaning that you’ll be plagued by dozens of irritating pop up adverts for websites and products you probably have little or no interest in and they can also hijack your browser and install unasked for tool bars. In this case, it will install Conduit toolbar and change your default search engine to search.conduit.com. A tool bar that you didn’t ask for is rarely useful and serves to do little more than to confuse you and change the appearance of the browser that you know and use on a daily basis. Furthermore some tool bars have the ability to install even more unwanted software and can redirect you to websites that the programmer wants you to visit instead of the sites that you are trying to go to.

What is Conduit

 

 

Also run..

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.[/*]
[*]Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.[/*]
[*]Click on the Scan button.[/*]
[*]AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
[*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.[/*]
[*]After reviewing the log, click on the Clean button.[/*]
[*]Press OK when asked to close all programs and follow the onscreen prompts.[/*]
[*]Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/*]
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.[/*]
[*]Copy and paste the contents of that logfile in your next reply.[/*]
[*]A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.[/*]
[*]-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

Wow I wasn't expecting a reply this fast, thank you.

 

I uploaded AwdCleaner to virtualtotal an it showed 3 infections but I'm sure it was just False Positives so I ran it, here's the log.

 

# AdwCleaner v3.309 - Report created 09/09/2014 at 11:22:36
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Blair - BLAIR-OI7ZQ5999
# Running from : C:\Documents and Settings\Blair\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CSHelper

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
File Deleted : C:\WINDOWS\system32\CSHelper.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0 (en-US)

[ File : C:\Documents and Settings\Blair\Application Data\Mozilla\Firefox\Profiles\8mt0uc98.William\prefs.js ]

Line Deleted : user_pref("browser.search.defaultthis.engineName", "Runescape Customized Web Search");

*************************

AdwCleaner[R0].txt - [1272 octets] - [09/09/2014 11:19:35]
AdwCleaner[S0].txt - [1209 octets] - [09/09/2014 11:22:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1269 octets] ##########
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:21 AM

Posted 09 September 2014 - 12:13 PM

ADW was created here at BC.. So its safe

 

Looks like the system is free of Conduit.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 AlchemicEND

AlchemicEND
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:05:21 AM

Posted 09 September 2014 - 12:29 PM

ADW was created here at BC.. So its safe

 

Looks like the system is free of Conduit.

So there's nothing else I need to do, I should be fine now? Thanks for the help, my mind feel's at ease now. Keep up the great work . :clapping:



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:21 AM

Posted 09 September 2014 - 01:01 PM

Good to go...

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 AlchemicEND

AlchemicEND
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kentucky
  • Local time:05:21 AM

Posted 09 September 2014 - 02:40 PM

Good to go...

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  •  
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

 

Since I had done it before I just decided to manually stop system restore then renable it and create a new restore point, instead of having a program do it if that's alright. I made sure to run my scans again with MBAM, SUPERAntispyware, and Avast before creating the restore. Each of them found nothing, MBAM hasn't found anything since last night when it found an removed that one thing.

 

Once again I want to thank you for all the help, it was easy to follow your instructions.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 09 September 2014 - 05:03 PM


To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users