Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Cannot remove Conduit malware

06 Dec 2013   #21
circumvent

windows 7 home premium x64
 
 

Quote   Quote: Originally Posted by Devlin1888 View Post
Yeah Jacee provides very good info Yeah combofix is something to be used with alot of care, never used it myself but have heard of people having "mishaps" with it, good stuff bud
Just trying to spread the knowledge, because I was in a horrid state with my main work laptop with a lot of sensitive medico/legal information that I couldn't afford to have in the physical hands of a technician and I knew it was not hardware.

Based on my experience and thanks to a lot of other members and their incredible patience, we went through almost everything step by step, so it was a heck of an intensive crash course in malware removal and fixing the after effects.

In this orginal thread, seeing as it's conduit, I'd probably suggest
the uninstalling of any iobit programs, bing stuff
and then JRT, look at the logs,
then TFC and restart,
then run esetonline free scanner and that hopefully should clean out the system...
then run TFC again.

After that, he should do full scans with mbam and whatever other scanners are on the system to ensure system is clean.

I'm not sure adwcleaner would be necessary at first unless someone is going to read the logs and I'm keeping in mind its a business computer being used by someone else...so I'm assuming they have some kind of security audit of what software is on the system


My System SpecsSystem Spec
.
06 Dec 2013   #22
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Id be happy to read any logs posted if it helps, good advice buddy!
My System SpecsSystem Spec
06 Dec 2013   #23
circumvent

windows 7 home premium x64
 
 

Glad if I could offer any additional advice, because until logs are posted, everything is pretty much guess work...as soon as BSeanD posts log, I'm sure his problems can be resolved here
My System SpecsSystem Spec
.

06 Dec 2013   #24
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Yes running the Free Virus Scan | Online Virus Scanner from ESET is a good plan when possible, it may take 2-3 hours. It will download a definition file first then scan.

As for ComboFix, see this:

Do not use Combofix on your own!!
My System SpecsSystem Spec
08 Dec 2013   #25
BSeanD

Windows 7
 
 

Wow, I'm really impressed with the number of people helping not only myself but others who have this malware. :-D I wasn't able to get my remote hands on the machine over the weekend so I'm hoping to do it tonight.
My System SpecsSystem Spec
08 Dec 2013   #26
Devlin1888

Windows 7 Home Premium 64Bit
 
 

if theres any logs you need reading il happily give them a read in the morning(time difference) good luck
My System SpecsSystem Spec
08 Dec 2013   #27
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

"Conduit" can be removed with AdwCleaner... download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

I'll walk you through the rest of the 'clean up'.
My System SpecsSystem Spec
09 Dec 2013   #28
circumvent

windows 7 home premium x64
 
 

Quote   Quote: Originally Posted by Jacee View Post
"Conduit" can be removed with AdwCleaner... download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

I'll walk you through the rest of the 'clean up'.

Woohoo! My Guru (bowing profusely...I'm not worthy) is here ...BSeanD, half your problems are fixed already
My System SpecsSystem Spec
12 Dec 2013   #29
BSeanD

Windows 7
 
 

Quote   Quote: Originally Posted by Jacee View Post
"Conduit" can be removed with AdwCleaner... download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

I'll walk you through the rest of the 'clean up'.

Ok with luck I'll be able to do this today. I'll run both steps you've given and we'll take it from there.
My System SpecsSystem Spec
12 Dec 2013   #30
BSeanD

Windows 7
 
 

Ok I've finally got hold of the machine. I thought I'd give JRT a go and got the following results.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by **** on Fri 13/12/2013 at 12:31:19.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] mywebsearchservice
Successfully deleted: [Service] mywebsearchservice

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mywebsearch email plugin
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\inbox toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebprod

As you can see a number of items have been deleted, including a number of conduit entries. :-)
Also of note the entry in Programs and Features has gone. I'm about to run the AV and see if that comes up with anything.
My System SpecsSystem Spec
Reply

 Cannot remove Conduit malware




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How do I remove this virus/malware url?
I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome ...
System Security
la.flvmplayer.exe Malware - How To remove?
This nuisance la.flvmplayer.exe (trojan?) arrived on my computer piggy backing on a legitimate d/load (a video I believe). It causes the browser to open several windows with ads and promotions. I can't find the file as no doubt it has disguised itself. Running a full scan with Lavasoft Adaware...
System Security
Remove malware by formatting
Hi, When the C: and D: drives are infected, the formatting of them can kill all the malware existing on those two? Machine: Windows 7.
System Security
how do staples and best buy remove spyware or malware?
do they run a program like spybot SD, malwarebytes, or do they simply just format the drive and reinstall windows? my guess is to save time and to make sure the malware is completely gone, they format and reinstall windows. since time is money, and I've personally spent up to 6 hours or more...
System Security
need help to remove malware please.
Hello, I'm having a malware-nightmare and hoping someone can advise. Thanks in advance. I'm running Windows 7 Service Pack 1 64bit with Internet Explorer 9. While browsing on 29th Oct 2011 at 15:08: my AV (Virgin Media Security) flagged a Trojan-detected message from the task bar; IE...
System Security
unable to remove malware? bug?
not sure how but ive picked up what i think is some malware. its an add-on tool bar called 'searchqu' and is by 'bandoo media inc' i noticed it in my toolbar and deactivated it but my computer was progressively slower than normal. i decided to look into it when i kept getting 'windows explorer...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App