Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My hard drive has been infected by Conduit

16 Sep 2013   #41
BlueGuy

W7 Ultimate 32-bit
 
 

The links to both are embedded in that page, you just have to wave your pointer over them.
Normally I wouldn't run Beta software.


My System SpecsSystem Spec
.
16 Sep 2013   #42
cottonball

Windows 7 Home Premium
 
 

Heck, if you use the supposed 2.05 beta link at MG, you end up with version 2.04 anyway.
Something is not right there...guess v2.05 never made it to the big leagues.
My System SpecsSystem Spec
16 Sep 2013   #43
GerryR

Windows 7 Home Premium
 
 
CNET mention

BlueGuy,

You mentioned the download sites that you personally feel are safe.

I just thought that for the benefits of those who are reading this thread and who may not be aware of it that the mere act of downloading from CNET, once a reputable source, is now an invitation to have several very bad things happen to your computer. Some people may not be aware of this.

GerryR
My System SpecsSystem Spec
.

18 Sep 2013   #44
GerryR

Windows 7 Home Premium
 
 
Malware

I think that the most universally attempted installation is the Ask Toolbar which is sheer malware. There was a new program out that I really liked, but it insisted in downloading it's own installer. Too bad! If you let them get their installer on your hard drive they have an open path to install whatever they wish to.

I think that the time is going to come when the Internet refuses to mention programs that pull this junk. I understand why hackers want to install malware on your computer, but why otherwise legitimate companies - they must be getting great kickbacks.
My System SpecsSystem Spec
19 Sep 2013   #45
GerryR

Windows 7 Home Premium
 
 

This isn't my primary reply Blueguy. There was this really nice-looking program, but in order install it they "just had to put a little installer on my hard drive". That's another monster gotcha. Of course I always choose custom over standard. It's unfortunate that this trends seems to be accelerating. The one that I find myself declining the most frequently is the AVG toolbar, frequently but not always, accompanied by making your default engine AVG, and making AVG your home page. I NEVER RUSH. I've found some programs that looked good but, I haven't downloaded anything except what I've been downloading to get rid of conduit. I'm almost there, one step more - RogueKiller, which, to tell the truth is the most complex piece of anti-malware that I've ever seen and I must admit to being nervous about running it.

I'm not really a computer guy. Doctorate in mathematics, M.S. in statistics, Fortran programmer before any IBM PC came out. So now I've had to learn. I had to take a disability retirement, for many health reasons that I won't mention again. At least now I can start catching up with what I didn't know about PCs. I always thought of the computer as a means to an end, i.e. analysis. During the DOS days I became very competent in Object-oriented Pascal, C, C++, and VBA. I subscribed to a bulletin board and picked up some nice freeware and commercial-ware. Vernon Burg's List, PKZip, etc.
My System SpecsSystem Spec
19 Sep 2013   #46
GerryR

Windows 7 Home Premium
 
 
conduit and the Windows Seven Support Team

Re: Conduit -> The logs from Adwcleaner and JRT are in this reply. They're quite small.

I first used the Remove Conduit Toolbar and search.conduit.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gerald on Wed 09/18/2013 at 3:33:15.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then I ran the Temporary File Cleaner

Then I ran Adwcleaner - what follows is their log:

==================================================================================================== =======

# AdwCleaner v3.004 - Report created 18/09/2013 at 03:24:14
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gerald - GERALD-PC
# Running from : C:\InstallationFiles\AdwCleaner_2.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\jetpack
Folder Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\Extensions\browserprotect@browserprotect.com.xpi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Then I ran AdwCleaner - the log is below


*************************

AdwCleaner[R0].txt - [53956 octets] - [07/09/2013 19:30:46]
AdwCleaner[R1].txt - [1269 octets] - [07/09/2013 19:49:25]
AdwCleaner[R2].txt - [1156 octets] - [07/09/2013 20:29:53]
AdwCleaner[R3].txt - [1801 octets] - [18/09/2013 03:20:22]
AdwCleaner[S0].txt - [53085 octets] - [07/09/2013 19:32:00]
AdwCleaner[S1].txt - [1336 octets] - [07/09/2013 20:25:13]
AdwCleaner[S2].txt - [1218 octets] - [07/09/2013 20:30:35]
AdwCleaner[S3].txt - [1732 octets] - [18/09/2013 03:24:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1792 octets] ##########

==================================================================================

Then I ran the Junkware Removal Tool - what follows is their log.


~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111261187}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111261187}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85EFCE3B-EAC0-4E19-8B2C-45D7AFB747EF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F40F5728-5BD1-414F-9E6E-DDE0668F0011}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Gerald\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Gerald\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\halibpwn.default-1378957229315\extensions\info@priceblink.com.xpi
Emptied folder: C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\halibpwn.default-1378957229315\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at 3:39:43.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=============================================================================================


I have not as yet run RogueKiller. Is that necessary? In any case I'm going to do a complete system backup tonight while I wait for an answer about RogueKiller.

Thanks to all,

GerryR
My System SpecsSystem Spec
19 Sep 2013   #47
GerryR

Windows 7 Home Premium
 
 
Careful

BlueGuy,

People who watch me on the computer are amazed to see the care with which I make selections. I actually read EULAs. The only "standard installations" that I make are from Mozilla and Internet Download Manager. They just keep upgrading. I also accept updates to databases for MalwareBytes Anti-Malware, etc. There's no way to check that sort of thing.

I use Acronis True Image Home for my backups. It has a wonderful feature, "Try and Decide". When you start that you can install anything that you want to, then check it by MBAM, etc. No matter what the disaster, you're working on a virtual machine and can turn it off so that you are back to where you were when you entered "Try and Decide". I even install upgrades to CCleaner in "Try and Decide" although I'm pretty sure that's a waste of time. I always try out anything that I am contemplating there, I can download as free as a bird, install, screw around with the program, etc. Then I check it with MBAM and a host of others.

Many years ago, picking "Standard Installation" was safe. That was a long time ago. I click custom install on what I analyze in "Try and Decide". BTW, why are the manufacturers of AVG anti-virus which I don't use but do consider to be safe, trying to shove the AVG Toolbar down everybody's throat? Nobody I know seems to have figured this apparent dichotomy out. I think that I see that as an "option" more than any other one thing. The totality of programs that want to "just install a little installer" is growing by leaps and bounds.
My System SpecsSystem Spec
19 Sep 2013   #48
GerryR

Windows 7 Home Premium
 
 
To the Windows 7 Forum Support Team

I did send you the results of Adwcleaner and JRT, but not MBAM because MBAM came up with 0 objects and that was kind of dull.
My System SpecsSystem Spec
23 Sep 2013   #49
GerryR

Windows 7 Home Premium
 
 

BlueGuy,

I kept seeing articles about uninstalling Java because its security was Swiss cheese. I did that four days ago and so far everything that I've tried to run has run. I don't use Open Office or Libre Office. what exactly have I lost?

GerryR
My System SpecsSystem Spec
23 Sep 2013   #50
GerryR

Windows 7 Home Premium
 
 
Where did you download IE10?

I didn't download IE10 in the normal sense. It came down as part of a Windows Update from Microsoft! How was I do know it would explode when I opened it. Flashing ads, non-flashing ads, banner, conduit toolbar, conduit search engine, something wolf search engine, and more. If it weren't for the fact that Microsoft claims that you must have it to run Windows I would uninstall it. I certainly will never use it again.

So far I've run Adwcleaner, Hitman Pro, Junk Removal Tool, Temporary File Cleaner, Kaspersky, Malwarebyes, and I want to run Rogue Killer. Unfortunately I don't know any French and when you opt for the English tutorial, the windows are still in French and I don't know what to do. I have run each of the above at least three times, but I'm still having a weird problem. Like all the rest of you, I assume, I want to see my files' extensions. They disappeared 10 days ago. I reset them. They disappeared three days ago. I reset them, so far so good, but obviously not good. If anybody actually wrote a version of the Rogue Killer with the windows in English and wouldn't mind doing so, please send me a copy. I hope this is not breaking a rule of the forum - one of my addresses is [removed] The only thing of interest is that Adwcleaner, quite rightly, uninstalls the Yahoo Toolbar, which is really useful but, so I've read and been told, a potential security weakness. Maybe I'll just put the toolbar into my bookmarks, one piece at a time.

But I ***really want to run Rogue Killer*** once I know what the windows selections in the tutorial mean. The only one that's clear is a repetitive -> Please donate via PayPal. If I can run it and it finishes conduit off, I'll donate to him - I've already donated to Adwcleaner. I am a strong believer in donations for services rendered. My biggies are CCleaner and Wikipedia.
My System SpecsSystem Spec
Reply

 My hard drive has been infected by Conduit




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Install on E: drive without removing infected files from other drives
I want to install Windows 7 on my E: drive without removing data and WinXP installation already present on the other two drives. Will the new Windows 7 installation get infected? Or is it possible to install antivirus and firewall as soon as Windows 7 is installed and thus prevent infection?
Installation & Setup
Conduit.com
I am trying to get rid of conduit.com search on Firefox. It does NOT show in IE 11. I have run Malwarebytes full scan and removed everything there. Does anyone have any idea of an easy way to remove the conduit.com search ??
System Security
hard drive failed, system image not found on hard drive
hi all, i hope someone can help me out, i am a newbie to all this so bare with me. my hard drive failed over a month ago but i managed to do a system image with win7 to my new 2tb internal hard drive. i cannot get the image recovery to work as i says "no image can be found on hard disk". i am at...
Backup and Restore
cant get rid of conduit and bing
Some how I got conduit and bing search when I select explorer. I have deleted Conduit using uninstall. Also have removed bing search engine from Manage search engines in google chrome. Also have selected Chrome as my default search engine. But when I select Explorer it still comes up with web site...
Performance & Maintenance
Trying to copy healthy dll from one drive over infected dll on another
Hi Everyone, I am having an issue with a "missing" dll file - the effects of this error (shown below) is that many programs are not behaving. http://www.systemcontrol.com.au/images/captures/DLL-File.PNG I removed the drive containing the error from my laptop and plugged it into an external...
System Security
would I need to worry about 2nd hard drive getting infected as well
I recently installed another 500GB hard drive in one of my dell desktops (i5 580) and have a question regarding viruses. I used to store my system images on an external hard drive however I prefer using an internal hard drive since it seems to create images faster and I also don't have to plug and...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App