Author Topic: HELP!!,My Web browsers have been hijacked by Search.Conduit (Resolved)  (Read 7128 times)

Offline Coolidge90

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Hi,I need help on removing search conduit,i've erased it on firefox,or i think i did,but
Chrome and Internet Explorer has still this tool bar,i have already uninstalled it's source and it said "Thank you for using Search.Conduit tool bar" but when I open Internet Explorer still there,i've done a scan using avast and Malware Bytes,but it cant find any thing plzz help,its redirecting me to pages i didnt open :'( :'( :'( :'(

,Help would be appreciated  :-[
« Last Edit: December 11, 2011, 12:47:53 PM by Coolidge90 »

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #1 on: December 11, 2011, 05:22:19 AM »
Hello i will assist u with this problem...

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs
« Last Edit: December 11, 2011, 05:34:03 AM by true indian »

Offline Coolidge90

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #2 on: December 11, 2011, 06:09:35 AM »
HERE is the results,i cant post it cause it is more than 10000 characters

Offline Raj.Kashyap

  • Newbie
  • *
  • Posts: 18
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #3 on: December 11, 2011, 06:20:07 AM »
Try to run HiJackThis http://solutionfile.trendmicro.com/solutionfile/1037994/EN/HijackThis.exe Select the result which is related to Conduit, BHO, Toolbars and related browsers. Then clicked on FIX CHECKED.
After that restart the computer and check for redirection.

Best of luck :)

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #4 on: December 11, 2011, 06:25:45 AM »
Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: [Select]
:OTL
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Cheat Engine DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1307545957-138300508-3833167909-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Cheat Engine DB Toolbar\tbhelper.dll ()
[2011/06/30 10:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2011/12/07 22:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions
[2011/09/01 20:16:56 | 000,000,000 | ---D | M] (Cheat Engine DB Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/12/06 22:19:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\3hwf6sln.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
ult_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = http://search.conduit.com/
(Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-1307545957-138300508-3833167909-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O13 - gopher Prefix: missing
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
« Last Edit: December 11, 2011, 06:36:21 AM by true indian »

Offline Coolidge90

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #5 on: December 11, 2011, 07:07:23 AM »
THANK U VERY MUCH, ;D,oh and here's the brand new quick scan log




,once again THANK YOU VERY MUCH

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #6 on: December 11, 2011, 08:24:34 AM »
no problem with log i your issue solved????

Offline Coolidge90

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #7 on: December 11, 2011, 08:41:36 AM »
yup

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #8 on: December 11, 2011, 09:27:44 AM »
no problem now that your log is fine u dont need to worry!

keep your av and windows up to date and enjoy! ;D

please edit your topic heading and add this to your topic:
[resolved].

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21780
  • Gender: Male
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #9 on: December 11, 2011, 10:38:03 AM »
@true indian
and where did you learn to create OTL fix ?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #10 on: December 11, 2011, 10:43:07 AM »
i read a lot of guides regarding how to use tools for malware removal so i have a vast knowledge on malware removal and regarding OTL i think i read a guide on some site called

geek to go...i may be wrong...Hmmm
« Last Edit: December 11, 2011, 10:44:57 AM by true indian »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69236
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #11 on: December 11, 2011, 11:31:19 AM »
To use this tool and create fixes, which can seriously damage a victims system you have to do more than read guides, you have to get training at the likes of G2G. Had you attended the G2G Uni then you would also know that they take a dim view of people under training trying to work removing malware using specialist tools.

So I ask you to refrain from this or you are very likely to suffer the same fate as other untrained so called malware experts, they have been banned from the forums.

I have warned you about this by PM in the past, so you know that you are being watched.

I have no desire to curb someone's enthusiasm, but that has to be tempered with the protection of avast users seeking help. If you wish to help then get trained at one of the malware removal specialist sites. like of Geeks to go. I also recommended this course of action in the PM and that means more than reading a guide.

So until you get trained stop or action will be taken to stop you.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #12 on: December 11, 2011, 11:39:02 AM »
@David

well..thats why i thinking of not posting such fixes...but since i knew it was easy to fix this problem i helped him with this...and as u said thats for the safty i true understand it...but since i know i do...i know how to deal with infections as i see them everyday with infected machines and thier cleanup i think one of my team mates came to this forum and got banned...not sure what was his name here...i know he was not listening but he was experienced and i use all these tools everyday at my work...so we know it...

so i have not damaged any pc yet here...
« Last Edit: December 11, 2011, 11:42:21 AM by true indian »

Online DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69236
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #13 on: December 11, 2011, 11:48:49 AM »
Well don't think about posting fixes, just don't get trained and there would be no problem.

The problem I have is having specifically warned you previously, yet you chose to do it anyway doesn't show good judgement.

Sorry but you don't have the training to determine what is a simple fix or not. I don't care how experienced you/they might think that they are/were it isn't backed up by the training at a recognised malware training centre as mentioned. Or you will go the same way.

Continue to use those tools were you work but don't practice on victims on the avast forums.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: HELP!!,My Web browsers have been hijacked by Search.Conduit
« Reply #14 on: December 11, 2011, 12:00:04 PM »
and what do u have to say about oldmans cleaning infected machines here? :(

is there is some restrictions that only if evangelists or higher guys here can help??
« Last Edit: December 11, 2011, 12:01:56 PM by true indian »

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now