kilroy7474

Conduit not blocked, difficult to remove

2 posts in this topic

Symptom: Multiple unwanted HomePage tabs in Google Chrome

 

Machine: Acer AspireRevo AR3700-U3002 desktop

OS: Windows 7 Home Premium (64 bit)

Browsers: Chrome, Firefox, Internet Explorer

 

Symptom only occurs in Chrome Browser

 

History:

Apparent source of problems came with download of an application;

although I declined all options for add-ins, toolbars, etc., I still

got three - Conduit search bar 10.16.0.0; InternetHelper 3.1 10.19.2.505

extension; WhiteSmoke New 10.19.2.505 .

 

The offending download was done using Chrome, but I discovered that all

three browsers were similarly modified, even though Firefox and IE were

not currently open. I tried DISABLING the various extensions in each

browser, but they were re-enabled when the browser was closed and

subsequently re-opened.

 

I then UNINSTALLED each of the problem programs via the Control Panel.

This was not successful either. The problems re-appeared when the

desktop was re-booted.

 

Next, I searched in the ApplicationData folder and found a Conduit

folder, which I DELETED. This seems to have fixed my problems with

Firefox and Internet Explorer. I should mention here that up to this

point, each time I loaded Firefox, my Avast AV program sounded an alarm

and reported blocking a dangerous program. Chrome was almost fixed, but

but I am left with the symptom mentioned above.

 

I also noted that the same problems were occurring on my Windows XP

laptop, and were mitigated when I found and deleted the Conduit folder

in the AppData folder, and it was here that I first encountered the

loading of an extra home page tab.

 

The experience with the desktop was a little different because in my

thrashings trying to get rid of the conduit virus (YES, IT IS A VIRUS!),

I ended up disabling Chrome so that it would no longer load, even though

I had not uninstalled it. After removing the last vestige of Conduit

from the desktop, I reinstalled Chrome, and it seemed to work fine.

However, the next time I launched Chrome on my laptop, I was now up

to 3 homepage tabs. It is now up to 4, and it happens on both machines!

 

I must conclude that Conduit did something to the Registry (in both 

machines) which is causing this behavior. I can find no mention of this

behavior using online searches or your forums. This is much more than

just adware, it is malware and/or a virus, yet neither Avast or

Malwarebytes blocked it.  Why not?

 

Share this post


Link to post
Share on other sites

The original installer is typically legal and considered a PUP (Possibly Unwanted Program) itself probably did not infect your computer per se however its ability to search and advertise all sorts of sites that you would never come into contact with on your own typically will sooner or later bring you into contact with a site that will find a weakness in your system to infect it.

The following links will provide a little more information on PUP and the process of finding and preventing.

Malwarebytes Adopts Aggressive PUP Policy
Selecting all PUPs

The complexity of finding, preventing, and cleanup from malware

More than likely this is a change in the SQLite entry for one of your browsers or a registry change.


Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Restore Firefox Default Settings Without Uninstalling It

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera


If that does not correct the issue then please post back the following logs.


Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.