My hard drive has been infected by Conduit

Page 6 of 9 FirstFirst ... 45678 ... LastLast

  1. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #51

    Hijack This


    I know about Hijack This, I've read about it and I am not sufficiently competent to feel comfortable running it. The link that was supposed to get me to a program to clean up IE was two separate links. One got me to a miniscule gif file. The other got me to a program in German that I didn't understand, and I clicked on what I thought might be an English translation and LOL it showed me a group of smileys. At that point I decided to vacate the program before I did something that might be destructive.

    BTW, Hijack This has been replaced by the original author by what he claims is a far more powerful tool than Hijack This. Basically the actions of Hijack This are a small subset of the actions of the other program. Since I'm not at a level to run Hijack This, I'm certainly not going to try his newer, more powerful program.

    If a correct link to whatever is supposed to clean out IE10 were posted, that would be great. Once again thanks to all of you.

    Blueguy, I uninstalled Java last week and thus far have not seen any problems. Thanks for the tip. As to flashplayer, what can one say. When you run Adwcleaner it deletes the Yahoo toolbar - that's not very encouraging.
      My Computer


  2. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #52

    I will have to do this better


    Resulrs
      My Computer


  3. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #53

    Latest


    System Summary for GerryR

    Adwcleaner deleted the Yahoo toolbar and found no other errors.

    Junkware Removal Tool and Hitman Pro found no problems.

    Temporary File Cleaner erased my temp folder, and otherwise found no problems.

    I am awaiting a translation of the windows in the tutorial for RogueKiller.

    Malwarebytes found no objects.

    Kaspersky Internet Suite (including anti-virus) found no problems

    SuperAntiSpyware Pro found no problems.

    Neither the registry nor the hard drive show any mention of the word conduit.

    I will run RogueKiller, but I suspect hat I am now officially clean.

    Thanks to all, especially Cottonball and Blueguy. You are both examples of what knowledgeable forum members should be.

    Happily,

    GerryR

    P.S. I am not going to unsubscribe from this thread until I have run RogueKiller.
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #54

    Thank you for the kind words.

    Per Post #14, all RogueKiller is going to do is Scan the computer.

    When the program is opened, a Prescan is started. It scans and stops malicious processes, malicious services, loads its driver, and does some version checks. It does not delete anything on the computer.

    The Scan option does not modify the system, it only lists problems. It checks automatic startup entries (RUN keys, Services, scheduled tasks, startup folders), and, system hijacks. The scan also does a search of some known infections, and checks for the existence of some rootkits. It verifies the integrity of the Master Boot Record (MBR). Once the scan is finished, a text report is available by clicking on the Report button, and is also available on the desktop as: RKReport.txt

    If any malware is found, further action can be pursued. However, if any detected item looks legit, there is the option to uncheck it.

    At this point in your endeavour, the program may not find anything of consequence.

    Have used this program many times, and IMO, it cuts to the chase and is very effective. Several programs that I use, like RogueKiller, are of European origin, but a translation is available. The French language is not my forte, either!
      My Computer


  5. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #55

    Run Report From RgoueKiller


    I have marked the one place where there was a problem.

    RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : Forum
    Website : RogueKiller download
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Gerald [Admin rights]
    Mode : Scan -- Date : 09/27/2013 02:48:57
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-00V1A0 ATA Device +++++
    --- User ---
    [MBR] cf67fd206edd8aa5de14c1fe83abc9fb
    [BSP] 4a48f4eab0cb1056196a72915a8b20fe : Legit.C MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD5000AAKS-00V1A0 ATA Device +++++
    --- User ---
    [MBR] 42761630327a24482af4b2447068ca43
    [BSP] ead6f9ec241c16ec046616ce9d3e5235 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - SAMSUNG HD204UI USB Device +++++
    --- User ---
    [MBR] 6b8b9b286065d61c43b03b2cba19c461
    [BSP] 35c492544a6187dc4d7c3b7fb859bc1a : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! <------------------ Is this significant and if so what can I do about it? GerryR

    Finished : << RKreport[0]_S_09272013_024857.txt >>
    RKreport[0]_D_09272013_024651.txt
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #56

    The RKReport is as clean as it gets. :)

    What is flagged is not significant, it is a USB drive.
      My Computer


  7. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #57

    There is still one recurring problem


    I prefer to see the extensions of my files. About every third day and that included today, Control Panel is changed to hide extensions. I can reset it in seconds but something is doing that and I hadn't had this problem until after I got the conduit infection. So I reran Adwcleaner (there goes the Yahoo toolbar), Junk Removal Tool, Temporary File Removal, Hitman Pro, and RogueKiller in that order, but I bet the extensions are going to disappear again.
    Last edited by GerryR; 28 Sep 2013 at 01:21. Reason: Misspelling
      My Computer


  8. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #58

    One last problem


    I like my files to show extensions - always have, always will. About every three days they disappear. I've gotten pretty good (under 30 seconds LOL) at turning them back on, but then they disappear again. This did not happen pre-conduit. So there's something left in their. At least the BIOS hasn't been tampered with. Any thoughts would be appreciated. I'm thinking reformat.
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #59

    Please go to Start, in the search box above it type regedit
    In the list that appears above, open regedit.

    If prompted by the UAC, click: Yes

    In the Registry editor, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    Do so by expanding the following (click the > to the left of each entry):
    >HKEY_CURRENT_USE
    >Software
    >Microsoft
    >Windows
    >CurrentVersion
    >Explorer

    Under Explorer, click: Advanced
    In the right pane of Advanced, look at: HideFileExt
    Under Data, does the value end in 1, or in 0 (zero)?


      My Computer


  10. Posts : 114
    Windows 7 Home Premium
    Thread Starter
       #60

    HideFileExt from Cottonball


    It currently ends in a 0. Is that correct? If so please let me know, if not please tell to what I should change it. I see other entries under Data with the values 0, 1, and 2.

    Thanks,

    GerryR

    P.S. Don't bother to change the HKEY_CURRENT_USE. I knew that you meant USER.
      My Computer


 
Page 6 of 9 FirstFirst ... 45678 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:38.
Find Us