Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: My hard drive has been infected by Conduit

29 Sep 2013   #61
GerryR

Windows 7 Home Premium
 
 
File Extensions and conduit

Cottonball,

Since the extensions are still showing and the value ends in 0, I'll take a guess that 0 means false. The problem is that I suspect that whatever is making this change in hiding and then letting me temporarily showing my extensions changes the value in the registry rather than messing around with Control Panel. Unless there is a way that I can make that 0 permanent it will get changed to a 1 within the next 48 hours. Am I right that 0 is false and 1 is true? If so is there any way to make that setting permanent, because if there isn't my guess is that it will be changed to a 1 and I'll lose the extensions again. However, if I do lose them again I'll follow your instructions again, but assume that I'll see a 1. So I guess the question is, "Can I make that 0 permanent, assuming that what I have written above is true?" I'm not a computer guru by any means, but we mathematicians tend to be quite logical.


My System SpecsSystem Spec
.
29 Sep 2013   #62
cottonball

Windows 7 Home Premium
 
 

This is not a work computer with policies set up, or is it?

Assuming not, please go to Control Panel > Folder Options, check the View tab
Is: Hide extensions for known file types checked or unchecked?

On the Registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1 = hidden (checked in Folder Options)
0 = not hidden/showing (not checked in Folder Options)


Also look in the following Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Is there an entry for: HideFileExt
My System SpecsSystem Spec
30 Sep 2013   #63
well48

Windows 7 Pro 64bit w/ Virtual XP Mode
 
 

GerryR- Several times you mention downloading IE10 and everything malware exploding as soon as you opened it.
I find that hard to believe unless you were already infected with something.
To begin after an update it would burst open open to a page about IE. Informing you about all the new features and options about search providers etc.
Your description of its behavior reminds me of SAHAgent years ago. Once it got into your system, it attached it self to many files and slowed your pc down severely. You can get it from a website.
It seems that I have seen instances of Conduit in Eye Candy Licenses for downloads of games, music, lyrics etc.

You said one thing in jest but you should consider it for reinfection. I'm talking about it jumping from the USB drives on your table. That could happen when you plug an infected USB drive into your computer.

I'd believe that before IE10 installing Conduit. There is no way IE10 installed conduit on your pc. Corrupted files are possible but not Conduit.
My System SpecsSystem Spec
.

30 Sep 2013   #64
GerryR

Windows 7 Home Premium
 
 
Conduit infection

Cottonball,

My computer is a stand alone desktop. I haven't even networked it to my laptop for fear that if one was infected the infection might move across the network.

Given the path that you gave me yesterday and have repeated today in more concise form, I have the following entry.

Name Type Data

HideFileExt REG_WORD 0x00000000(0)

Since 1 is Boolean for True and 0 is Boolean for False, that 0 should mean

No The File Extension is not hidden

To experiment I changed (0) to (1) and of course the extensions were hidden and when I checked Control Panel - View, the entry "Hide extensions for known file types" was now checked. Of course I then went back into the Registry and changed the value back to (0) and the extensions returned and the entry
"Hide extensions for known file types" was unchecked.

So this is all coordinated as I knew it would be.

I would imagine that if the extensions were to disappear it would be easier to change the Data number in the Registry than to mess around with Control Panel. I guess it might help if I told you that as far as understanding Boolean Operators I have a doctorate in mathematics and have programmed in FORTRAN, Turbo Pascal, C, C++, Visual Basic 5 and 6, and Visual Basic for Applications as well as creating complex spreadsheets with lovely macros in Excel for my ex-wife, hiding the macros so far below on the first sheet that people thought that she was doing the work. This got her a double-jump promotion. I have also worked with DBase3 and Access, but all of this except for the VBA was either at work on mainframes (FORTRAN) or in DOS.

I mentioned that just to make the point that I did know what you were doing and that the Control Setting and the Data numbers and the extensions change with perfect coordination. The problem has been that some infection has made those changes "for me". Maybe that will stop, but I wouldn't bet on it. I've run all of the programs suggested in order twice except for HijackThis which is beyond my level of computer expertise.

Does that answer your question?

Thanks again,

Gerry
My System SpecsSystem Spec
30 Sep 2013   #65
cottonball

Windows 7 Home Premium
 
 

Quote:
Name Type Data

HideFileExt REG_WORD 0x00000000(0)
What was provided above, is that what is showing for the following Registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | HideFileExt


Once again in the Registry Editor, navigate to:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden|SHOWALL
What is CheckedValue set to?

Also, go to Edit > Find, and see if you can find the following: NeverShowExt

If there is nothing found, then, go to Folder Options and check or uncheck settings as you prefer them.
Next, click Apply for Windows Explorer to reflect the settings.
Now, click Apply to Folders to make the settings selected the default.

The following tutorial will help:
Folder View - Apply to Folders
My System SpecsSystem Spec
01 Oct 2013   #66
GerryR

Windows 7 Home Premium
 
 
Two Messages

Cottonball - I know how to do it. Perhaps the problem is now solved, the extensions have not disappeared recently. I certainly know how to go through folder options and do what you suggested.

Well 48. I have two very fast laptops. One of them is my guinea pig. It is loaded with Kaspersky Internet Security which contains a very potent anti-virus, malwarebytes, and SUPERAntiSpyware Pro. When I buy a new (presumably uninfected and empty) flash drive I stick into that guinea pig and run those three programs. Anytime that I download a new program, I download it into the guinea pig and run those three programs. If it passes muster then I will transfer it to my desktop. If it is an installation file and it passes muster, then I install it and check the entire hard drive of the guinea pig. I have a portable 1 TB external HDD which has those three programs on it and is constantly being checked. I use that to transfer the downloads to my sacred desktop and if I am downloading an installation file whose product has been installed on the guinea pig, I install it on my desktop. These are not networked thus guaranteeing that an infection in one won't spread to the others. There is only one group of programs that I cannot protect myself against - updates. The minor program updates get checked on the guinea pig. I do not run Java and wish that I did not have to run flashplayer. The one thing that I can't protect myself against is updates from Microsoft, which as a developer friend of mine said is considered among developers to be the worst piece of malware on the Internet. I have checked the recommended automatic updates for Microsoft. It updated IE9 to IE10. The moment I opened IE10 all hell broke loose. Given the precautions that I take I can only conclude that something really bad managed to attach itself to the IE10 update in transit. Now, where do you think the weaknesses in my protection are? I should point out that I reformat the guinea pig about every three months. What more precautions can I take. We constantly read in ZDNET bulletins of many critical patches to Microsoft products only to be told later that the patches were infected. I have to assume that either on a Patch Tuesday or in the update from IE9 to IE10 something came along for the ride. I cannot protect myself against Microsoft. If they did not insist that Windows must have IEx, I would have uninstalled it years ago. I use Firefox and Chrome and through lack of choice Outlook with IMAP. Now, feel free to make any comments about something that I am missing in this process. If you have something useful to suggest I add to my procedures, please let me know. BTW I will be reinstalling Windows 7 Ultimate on my desktop quite soon. Right now my arthritic fingers are not up to the task of uninstalling programs on the desktop so that I can reinstall them on the reformatted desktop,reformatting, changing the BIOS order to CD/DVD first and the hard drive second and then starting the massive project of bringing in and installing my carefully checked apps and bringing in the huge amounts of data that I have. If you have anything useful to add, please be my guest. That is a serious suggestion.
My System SpecsSystem Spec
01 Oct 2013   #67
GerryR

Windows 7 Home Premium
 
 
NeverShowExt

Cottonball,


I was in a hurry to get going but I did this search.


Find Next was finding so many incidences "NeverShowExt" (no quotes) that I quit bothering to continue.


If the density of the first ten was an accurate representative of the whole there could be hundreds of them.


When I get back home I'll look at the entire message from you but I must get rolling.


GerryR
My System SpecsSystem Spec
01 Oct 2013   #68
GerryR

Windows 7 Home Premium
 
 

Cottonball,

It would I have clicked your scale too much.

"You must spread some Reputation around before giving it to cottonball again"
My System SpecsSystem Spec
02 Oct 2013   #69
GerryR

Windows 7 Home Premium
 
 
Showall

Relative to HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden|SHOWALL the key is 0x00000001(1) --> I believe there were seven consecutive zeroes but it's hard to count them

Re NeverFindExt, I have checked twice since and in each check I get my original findings. Before the scroll bar marker has gone down 5% of the way I have more than ten finds of NeverShowExt. The second time that I checked I sat through twenty finds and the scroll bar marker "might have been" 7% of the way down. It's hard to be precise looking at a scroll bar. If I hadn't been watching the left column I would not have thought that it had moved. In each case the entry looked like this:

I had to use dots for spacing.

Name........................................... Type..................... Data

{a red ab} then NeverFindExt..........REG_SZ...........This area is blank


For what it's worth this is always the third entry on the right.

For all I know there could be thirty entries like this or three hundred or more.

GerryR
My System SpecsSystem Spec
02 Oct 2013   #70
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Could this NeverFindExt be a add on to a game?
My System SpecsSystem Spec
Reply

 My hard drive has been infected by Conduit




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Install on E: drive without removing infected files from other drives
I want to install Windows 7 on my E: drive without removing data and WinXP installation already present on the other two drives. Will the new Windows 7 installation get infected? Or is it possible to install antivirus and firewall as soon as Windows 7 is installed and thus prevent infection?
Installation & Setup
Conduit.com
I am trying to get rid of conduit.com search on Firefox. It does NOT show in IE 11. I have run Malwarebytes full scan and removed everything there. Does anyone have any idea of an easy way to remove the conduit.com search ??
System Security
hard drive failed, system image not found on hard drive
hi all, i hope someone can help me out, i am a newbie to all this so bare with me. my hard drive failed over a month ago but i managed to do a system image with win7 to my new 2tb internal hard drive. i cannot get the image recovery to work as i says "no image can be found on hard disk". i am at...
Backup and Restore
cant get rid of conduit and bing
Some how I got conduit and bing search when I select explorer. I have deleted Conduit using uninstall. Also have removed bing search engine from Manage search engines in google chrome. Also have selected Chrome as my default search engine. But when I select Explorer it still comes up with web site...
Performance & Maintenance
Trying to copy healthy dll from one drive over infected dll on another
Hi Everyone, I am having an issue with a "missing" dll file - the effects of this error (shown below) is that many programs are not behaving. http://www.systemcontrol.com.au/images/captures/DLL-File.PNG I removed the drive containing the error from my laptop and plugged it into an external...
System Security
would I need to worry about 2nd hard drive getting infected as well
I recently installed another 500GB hard drive in one of my dell desktops (i5 580) and have a question regarding viruses. I used to store my system images on an external hard drive however I prefer using an internal hard drive since it seems to create images faster and I also don't have to plug and...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:39.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App