Author Topic: Conduit Back  (Read 6453 times)

0 Members and 1 Guest are viewing this topic.

tonynace

  • Guest
Conduit Back
« on: April 22, 2014, 02:13:53 AM »
Just found out through MalwareBytes that Conduit.A keeps coming back on my computer. I noticed this after web sites started running slow. I supposedly quarantined it with that program, but if I run it again, MWB finds it again. How do I get rid of this garbage, once and for all? I've attached the logs from MWB, OTL and aswMBR.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Conduit Back
« Reply #1 on: April 22, 2014, 02:42:02 AM »
open malwarebytes > settings > detection and protection ...... see None-Malware detection >  PUP ...is it sett to warn user about detections?

if so change it to Treat detection as malware ....scan again

did that help?

« Last Edit: April 22, 2014, 02:43:51 AM by Pondus »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Conduit Back
« Reply #2 on: April 22, 2014, 02:49:50 AM »
when done, also run AdwCleaner ...click clean and post log     http://www.bleepingcomputer.com/download/adwcleaner/

when done, run and attach a new OTL log .....malware expert will review it tomorrow when online


tonynace

  • Guest
Re: Conduit Back
« Reply #3 on: April 22, 2014, 04:24:05 AM »
MWB was set to the settings you mentioned. Ran AdwCleaner, and rebooted. Started my Chrome browser again, ran MBW again, and it still finds this garbage on my system. I attached the AdwCleaner log if it means anything.

Valinorum

  • Guest
Re: Conduit Back
« Reply #4 on: April 22, 2014, 05:55:41 AM »
Reset Google Chrome by perusing this.

argus

  • Guest
Re: Conduit Back
« Reply #5 on: April 22, 2014, 10:44:23 AM »

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4};c
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

tonynace

  • Guest
Re: Conduit Back
« Reply #6 on: April 22, 2014, 03:23:45 PM »
Reset Google Chrome by perusing this.
I believe I've tried that already.

tonynace

  • Guest
Re: Conduit Back
« Reply #7 on: April 22, 2014, 03:25:39 PM »
Argus, those links you gave me are being blocked as malware themselves by Avast.

argus

  • Guest
Re: Conduit Back
« Reply #8 on: April 22, 2014, 03:27:43 PM »
Quote
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
Avast!

    Right click on the Avast icon in the system tray
    Scroll up to Avast! shields control
    Select the desired option from the list

    10 minutes,
    1 hour,
    until the computer is restarted or
    permanently.

Reverse to enable.
« Last Edit: April 22, 2014, 03:29:22 PM by argus »

tonynace

  • Guest
Re: Conduit Back
« Reply #9 on: April 22, 2014, 03:30:34 PM »
Are you sure? Why would it be reported as malware if it is not?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Conduit Back
« Reply #10 on: April 22, 2014, 03:34:32 PM »
Are you sure? Why would it be reported as malware if it is not?
malware removal tools have virus like behavior.....and are often detected.... and it is called a False Positive   http://antivirus.about.com/od/antivirusglossary/g/falsepositive.htm
these tools are used evry day here by the malware removal team ....surf viruses and worms forum section and see

name of those in Malware removal team is listed here  http://forum.avast.com/index.php?topic=53253.0



« Last Edit: April 22, 2014, 03:38:04 PM by Pondus »

Valinorum

  • Guest
Re: Conduit Back
« Reply #11 on: April 22, 2014, 03:37:34 PM »
From the link that argus posted which you should have perused --
Quote
These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results.

Source: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

tonynace

  • Guest
Re: Conduit Back
« Reply #12 on: April 25, 2014, 06:23:38 AM »
Sorry, but I was busy for a couple days and didn't have time to do this before now. Here's the log file I got from running zoek.

argus

  • Guest
Re: Conduit Back
« Reply #13 on: April 25, 2014, 10:38:35 AM »
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
autoclean;
emptyallclsid;
emptyalltemp;
ipconfig /flushdns;b
netsh winsock reset;b
  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
.





**********************







Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

tonynace

  • Guest
Re: Conduit Back
« Reply #14 on: April 25, 2014, 06:29:32 PM »
Ran zoek again, but forgot to turn of AV. Let me know if I need to run it again with it turned off. Anyway, he's the logs you requested.