Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: My hard drive has been infected by Conduit

26 Sep 2013   #51

Windows 7 Home Premium
Hijack This

I know about Hijack This, I've read about it and I am not sufficiently competent to feel comfortable running it. The link that was supposed to get me to a program to clean up IE was two separate links. One got me to a miniscule gif file. The other got me to a program in German that I didn't understand, and I clicked on what I thought might be an English translation and LOL it showed me a group of smileys. At that point I decided to vacate the program before I did something that might be destructive.

BTW, Hijack This has been replaced by the original author by what he claims is a far more powerful tool than Hijack This. Basically the actions of Hijack This are a small subset of the actions of the other program. Since I'm not at a level to run Hijack This, I'm certainly not going to try his newer, more powerful program.

If a correct link to whatever is supposed to clean out IE10 were posted, that would be great. Once again thanks to all of you.

Blueguy, I uninstalled Java last week and thus far have not seen any problems. Thanks for the tip. As to flashplayer, what can one say. When you run Adwcleaner it deletes the Yahoo toolbar - that's not very encouraging.

My System SpecsSystem Spec
26 Sep 2013   #52

Windows 7 Home Premium
I will have to do this better

My System SpecsSystem Spec
26 Sep 2013   #53

Windows 7 Home Premium

System Summary for GerryR

Adwcleaner deleted the Yahoo toolbar and found no other errors.

Junkware Removal Tool and Hitman Pro found no problems.

Temporary File Cleaner erased my temp folder, and otherwise found no problems.

I am awaiting a translation of the windows in the tutorial for RogueKiller.

Malwarebytes found no objects.

Kaspersky Internet Suite (including anti-virus) found no problems

SuperAntiSpyware Pro found no problems.

Neither the registry nor the hard drive show any mention of the word conduit.

I will run RogueKiller, but I suspect hat I am now officially clean.

Thanks to all, especially Cottonball and Blueguy. You are both examples of what knowledgeable forum members should be.



P.S. I am not going to unsubscribe from this thread until I have run RogueKiller.
My System SpecsSystem Spec

26 Sep 2013   #54

Windows 7 Home Premium

Thank you for the kind words.

Per Post #14, all RogueKiller is going to do is Scan the computer.

When the program is opened, a Prescan is started. It scans and stops malicious processes, malicious services, loads its driver, and does some version checks. It does not delete anything on the computer.

The Scan option does not modify the system, it only lists problems. It checks automatic startup entries (RUN keys, Services, scheduled tasks, startup folders), and, system hijacks. The scan also does a search of some known infections, and checks for the existence of some rootkits. It verifies the integrity of the Master Boot Record (MBR). Once the scan is finished, a text report is available by clicking on the Report button, and is also available on the desktop as: RKReport.txt

If any malware is found, further action can be pursued. However, if any detected item looks legit, there is the option to uncheck it.

At this point in your endeavour, the program may not find anything of consequence.

Have used this program many times, and IMO, it cuts to the chase and is very effective. Several programs that I use, like RogueKiller, are of European origin, but a translation is available. The French language is not my forte, either!
My System SpecsSystem Spec
27 Sep 2013   #55

Windows 7 Home Premium
Run Report From RgoueKiller

I have marked the one place where there was a problem.

RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Forum
Website : RogueKiller download
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gerald [Admin rights]
Mode : Scan -- Date : 09/27/2013 02:48:57
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 0

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection :

--> %SystemRoot%\System32\drivers\etc\hosts

MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] cf67fd206edd8aa5de14c1fe83abc9fb
[BSP] 4a48f4eab0cb1056196a72915a8b20fe : Legit.C MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 42761630327a24482af4b2447068ca43
[BSP] ead6f9ec241c16ec046616ce9d3e5235 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - SAMSUNG HD204UI USB Device +++++
--- User ---
[MBR] 6b8b9b286065d61c43b03b2cba19c461
[BSP] 35c492544a6187dc4d7c3b7fb859bc1a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
Error reading LL2 MBR! <------------------ Is this significant and if so what can I do about it? GerryR

Finished : << RKreport[0]_S_09272013_024857.txt >>
My System SpecsSystem Spec
27 Sep 2013   #56

Windows 7 Home Premium

The RKReport is as clean as it gets. :)

What is flagged is not significant, it is a USB drive.
My System SpecsSystem Spec
28 Sep 2013   #57

Windows 7 Home Premium
There is still one recurring problem

I prefer to see the extensions of my files. About every third day and that included today, Control Panel is changed to hide extensions. I can reset it in seconds but something is doing that and I hadn't had this problem until after I got the conduit infection. So I reran Adwcleaner (there goes the Yahoo toolbar), Junk Removal Tool, Temporary File Removal, Hitman Pro, and RogueKiller in that order, but I bet the extensions are going to disappear again.
My System SpecsSystem Spec
28 Sep 2013   #58

Windows 7 Home Premium
One last problem

I like my files to show extensions - always have, always will. About every three days they disappear. I've gotten pretty good (under 30 seconds LOL) at turning them back on, but then they disappear again. This did not happen pre-conduit. So there's something left in their. At least the BIOS hasn't been tampered with. Any thoughts would be appreciated. I'm thinking reformat.
My System SpecsSystem Spec
28 Sep 2013   #59

Windows 7 Home Premium

Please go to Start, in the search box above it type regedit
In the list that appears above, open regedit.

If prompted by the UAC, click: Yes

In the Registry editor, navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Do so by expanding the following (click the > to the left of each entry):

Under Explorer, click: Advanced
In the right pane of Advanced, look at: HideFileExt
Under Data, does the value end in 1, or in 0 (zero)?

My System SpecsSystem Spec
29 Sep 2013   #60

Windows 7 Home Premium
HideFileExt from Cottonball

It currently ends in a 0. Is that correct? If so please let me know, if not please tell to what I should change it. I see other entries under Data with the values 0, 1, and 2.



P.S. Don't bother to change the HKEY_CURRENT_USE. I knew that you meant USER.
My System SpecsSystem Spec

 My hard drive has been infected by Conduit

Thread Tools

Similar help and support threads
Thread Forum
Need to clean an external hard drive that's badly infected.
My parents had a desktop that was terribly infected and they copied all their important info to an external hardrive without cleaning or should i say before cleaning the computer . They then scrapped the old computer . Yeah i know , but anyway , how would i go about cleaning the stuff thats on...
System Security
I am trying to get rid of search on Firefox. It does NOT show in IE 11. I have run Malwarebytes full scan and removed everything there. Does anyone have any idea of an easy way to remove the search ??
System Security
cant get rid of conduit and bing
Some how I got conduit and bing search when I select explorer. I have deleted Conduit using uninstall. Also have removed bing search engine from Manage search engines in google chrome. Also have selected Chrome as my default search engine. But when I select Explorer it still comes up with web site...
Performance & Maintenance
Trying to copy healthy dll from one drive over infected dll on another
Hi Everyone, I am having an issue with a "missing" dll file - the effects of this error (shown below) is that many programs are not behaving. I removed the drive containing the error from my laptop and plugged it into an external...
System Security
would I need to worry about 2nd hard drive getting infected as well
I recently installed another 500GB hard drive in one of my dell desktops (i5 580) and have a question regarding viruses. I used to store my system images on an external hard drive however I prefer using an internal hard drive since it seems to create images faster and I also don't have to plug and...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:23.
Twitter Facebook Google+