Avast WEBforum
Other => Viruses and worms => Topic started by: Coolidge90 on December 11, 2011, 07:09:29 AM
-
Hi,I need help on removing search conduit,i've erased it on firefox,or i think i did,but
Chrome and Internet Explorer has still this tool bar,i have already uninstalled it's source and it said "Thank you for using Search.Conduit tool bar" but when I open Internet Explorer still there,i've done a scan using avast and Malware Bytes,but it cant find any thing plzz help,its redirecting me to pages i didnt open :'( :'( :'( :'(
,Help would be appreciated :-[
-
Hello i will assist u with this problem...
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
HERE is the results,i cant post it cause it is more than 10000 characters
-
Try to run HiJackThis http://solutionfile.trendmicro.com/solutionfile/1037994/EN/HijackThis.exe (http://solutionfile.trendmicro.com/solutionfile/1037994/EN/HijackThis.exe) Select the result which is related to Conduit, BHO, Toolbars and related browsers. Then clicked on FIX CHECKED.
After that restart the computer and check for redirection.
Best of luck :)
-
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Cheat Engine DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Cheat Engine DB Toolbar\tbhelper.dll ()
[2011/06/30 10:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2011/12/07 22:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions
[2011/09/01 20:16:56 | 000,000,000 | ---D | M] (Cheat Engine DB Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/12/06 22:19:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
ult_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = http://search.conduit.com/
(Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O13 - gopher Prefix: missing
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
THANK U VERY MUCH, ;D,oh and here's the brand new quick scan log
,once again THANK YOU VERY MUCH
-
no problem with log i your issue solved????
-
yup
-
no problem now that your log is fine u dont need to worry!
keep your av and windows up to date and enjoy! ;D
please edit your topic heading and add this to your topic:
[resolved].
-
@true indian
and where did you learn to create OTL fix ?
-
i read a lot of guides regarding how to use tools for malware removal so i have a vast knowledge on malware removal and regarding OTL i think i read a guide on some site called
geek to go...i may be wrong...Hmmm
-
To use this tool and create fixes, which can seriously damage a victims system you have to do more than read guides, you have to get training at the likes of G2G. Had you attended the G2G Uni then you would also know that they take a dim view of people under training trying to work removing malware using specialist tools.
So I ask you to refrain from this or you are very likely to suffer the same fate as other untrained so called malware experts, they have been banned from the forums.
I have warned you about this by PM in the past, so you know that you are being watched.
I have no desire to curb someone's enthusiasm, but that has to be tempered with the protection of avast users seeking help. If you wish to help then get trained at one of the malware removal specialist sites. like of Geeks to go. I also recommended this course of action in the PM and that means more than reading a guide.
So until you get trained stop or action will be taken to stop you.
-
@David
well..thats why i thinking of not posting such fixes...but since i knew it was easy to fix this problem i helped him with this...and as u said thats for the safty i true understand it...but since i know i do...i know how to deal with infections as i see them everyday with infected machines and thier cleanup i think one of my team mates came to this forum and got banned...not sure what was his name here...i know he was not listening but he was experienced and i use all these tools everyday at my work...so we know it...
so i have not damaged any pc yet here...
-
Well don't think about posting fixes, just don't get trained and there would be no problem.
The problem I have is having specifically warned you previously, yet you chose to do it anyway doesn't show good judgement.
Sorry but you don't have the training to determine what is a simple fix or not. I don't care how experienced you/they might think that they are/were it isn't backed up by the training at a recognised malware training centre as mentioned. Or you will go the same way.
Continue to use those tools were you work but don't practice on victims on the avast forums.
-
and what do u have to say about oldmans cleaning infected machines here? :(
is there is some restrictions that only if evangelists or higher guys here can help??
-
and what do u have to say about oldmans cleaning infected machines here? :(
He is trained in the use of OTL/OTS and many more
also argus and magna86
-
Oldman is an instructor and qualified malware removal expert
-
OK so no more such things here...i understood...i will take care of shreyas aka com155 later at my work with this...so dont worry about him coming back here :)
goodbye! guys got to hurry to my workstation to get into cleaning...
-
and what do u have to say about oldmans cleaning infected machines here? :(
That he was trained at G2G and also an Instructor and is a very long term member of the forums, not someone that who arrives and shortly thereafter starts trying to clean peoples systems and you have been on the forums for just over a month.
We do watch every one that arrives here and suddenly starts doing what you did. So I won't try to justify to you, the others that do offer qualified assistance to other avast users, suffice to say everyone is treated the same.
-
ok david i got it :-[ :'(
so i need to be more here....to learn u guys....
-
No you need to be a recognised malware removal specialist by getting that qualification at somewhere like G2G. It has nothing to do with the length of time at the forums (obviously new members have no history to judge them by, before they start offering advice), but the recognised qualification.