Author Topic: Conduit virus / malware  (Read 5403 times)

0 Members and 1 Guest are viewing this topic.

Offline aero1960

  • Newbie
  • *
  • Posts: 1
Conduit virus / malware
« on: September 10, 2013, 06:59:13 AM »
Symptom: Multiple unwanted HomePage tabs in Google Chrome

Machine: Acer AspireRevo AR3700-U3002 desktop
OS: Windows 7 Home Premium (64 bit)
Browsers: Chrome, Firefox, Internet Explorer

Symptom only occurs in Chrome Browser

History:
Apparent source of problems came with download of an application;
although I declined all options for add-ins, toolbars, etc., I still
got three - Conduit search bar 10.16.0.0; InternetHelper 3.1 10.19.2.505
extension; WhiteSmoke New 10.19.2.505 .

The offending download was done using Chrome, but I discovered that all
three browsers were similarly modified, even though Firefox and IE were
not currently open. I tried DISABLING the various extensions in each
browser, but they were re-enabled when the browser was closed and
subsequently re-opened.

I then UNINSTALLED each of the problem programs via the Control Panel.
This was not successful either. The problems re-appeared when the
desktop was re-booted.

Next, I searched in the ApplicationData folder and found a Conduit
folder, which I DELETED. This seems to have fixed my problems with
Firefox and Internet Explorer. I should mention here that up to this
point, each time I loaded Firefox, my Avast AV program sounded an alarm
and reported blocking a dangerous program. Chrome was almost fixed, but
but I am left with the symptom mentioned above.

I also noted that the same problems were occurring on my Windows XP
laptop, and were mitigated when I found and deleted the Conduit folder
in the AppData folder, and it was here that I first encountered the
loading of an extra home page tab.

The experience with the desktop was a little different because in my
thrashings trying to get rid of the conduit virus (YES, IT IS A VIRUS!),
I ended up disabling Chrome so that it would no longer load, even though
I had not uninstalled it. After removing the last vestige of Conduit
from the desktop, I reinstalled Chrome, and it seemed to work fine.
However, the next time I launched Chrome on my laptop, I was now up
to 3 homepage tabs. It is now up to 4, and it happens on both machines!

I must conclude that Conduit did something to the Registry (in both
machines) which is causing this behavior. I can find no mention of this
behavior using online searches or your forums, but I can't understand why
Avast did not block Conduit and its associated junk. This is much more than
just adware it is malware and/or a virus, yet neither Avast or
Malwarebytes blocked it.  I would like to know why! >:(

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: Conduit virus / malware
« Reply #1 on: September 10, 2013, 07:20:24 AM »
hi aero1960,

You've come to the right place.

Suggest downloading and running this software to get rid of conduit and other bad toolbars here:  http://forum.avast.com/index.php?topic=53253.0

May be that all you need is to run AdwCleaner, but if not, run these three as well:  Malwarebytes, OTL, and aswMBR.exe, and attach these logs, including AdwCleaner if the infection is not cleared up.  Select to clean and quarantine where applicable in AdwCleaner and Malwarebytes and attach the resulting cleansing logs in your next reply.

If not clear as to where to attach, look below the text box you are replying in, and click "Attachments and other options" below.  You will see a box to "Notify me of replies" if you have not found that already.

Reason avast! did not prevent above is because these are PUP's (Possibly Unwanted Programs) and not classified strictly as malware.  You didn't visit c|net download.com by chance?
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803