My hard drive has been infected by Conduit

The links to both are embedded in that page, you just have to wave your pointer over them.
Normally I wouldn't run Beta software.

BlueGuy,

You mentioned the download sites that you personally feel are safe.

I just thought that for the benefits of those who are reading this thread and who may not be aware of it that the mere act of downloading from CNET, once a reputable source, is now an invitation to have several very bad things happen to your computer. Some people may not be aware of this.

GerryR

I think that the most universally attempted installation is the Ask Toolbar which is sheer malware. There was a new program out that I really liked, but it insisted in downloading it's own installer. Too bad! If you let them get their installer on your hard drive they have an open path to install whatever they wish to.

I think that the time is going to come when the Internet refuses to mention programs that pull this junk. I understand why hackers want to install malware on your computer, but why otherwise legitimate companies - they must be getting great kickbacks.

This isn't my primary reply Blueguy. There was this really nice-looking program, but in order install it they "just had to put a little installer on my hard drive". That's another monster gotcha. Of course I always choose custom over standard. It's unfortunate that this trends seems to be accelerating. The one that I find myself declining the most frequently is the AVG toolbar, frequently but not always, accompanied by making your default engine AVG, and making AVG your home page. I NEVER RUSH. I've found some programs that looked good but, I haven't downloaded anything except what I've been downloading to get rid of conduit. I'm almost there, one step more - RogueKiller, which, to tell the truth is the most complex piece of anti-malware that I've ever seen and I must admit to being nervous about running it.

I'm not really a computer guy. Doctorate in mathematics, M.S. in statistics, Fortran programmer before any IBM PC came out. So now I've had to learn. I had to take a disability retirement, for many health reasons that I won't mention again. At least now I can start catching up with what I didn't know about PCs. I always thought of the computer as a means to an end, i.e. analysis. During the DOS days I became very competent in Object-oriented Pascal, C, C++, and VBA. I subscribed to a bulletin board and picked up some nice freeware and commercial-ware. Vernon Burg's List, PKZip, etc.

Re: Conduit -> The logs from Adwcleaner and JRT are in this reply. They're quite small.

I first used the Remove Conduit Toolbar and search.conduit.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gerald on Wed 09/18/2013 at 3:33:15.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then I ran the Temporary File Cleaner

Then I ran Adwcleaner - what follows is their log:

==================================================================================================== =======

# AdwCleaner v3.004 - Report created 18/09/2013 at 03:24:14
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gerald - GERALD-PC
# Running from : C:\InstallationFiles\AdwCleaner_2.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\jetpack
Folder Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\Extensions\browserprotect@browserprotect.com.xpi

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Gerald\AppData\Roaming\Mozilla\Firefox\Profiles\halibpwn.default-1378957229315\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Gerald\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Then I ran AdwCleaner - the log is below


*************************

AdwCleaner[R0].txt - [53956 octets] - [07/09/2013 19:30:46]
AdwCleaner[R1].txt - [1269 octets] - [07/09/2013 19:49:25]
AdwCleaner[R2].txt - [1156 octets] - [07/09/2013 20:29:53]
AdwCleaner[R3].txt - [1801 octets] - [18/09/2013 03:20:22]
AdwCleaner[S0].txt - [53085 octets] - [07/09/2013 19:32:00]
AdwCleaner[S1].txt - [1336 octets] - [07/09/2013 20:25:13]
AdwCleaner[S2].txt - [1218 octets] - [07/09/2013 20:30:35]
AdwCleaner[S3].txt - [1732 octets] - [18/09/2013 03:24:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1792 octets] ##########

==================================================================================

Then I ran the Junkware Removal Tool - what follows is their log.


~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111261187}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111261187}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85EFCE3B-EAC0-4E19-8B2C-45D7AFB747EF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F40F5728-5BD1-414F-9E6E-DDE0668F0011}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Gerald\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Gerald\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\halibpwn.default-1378957229315\extensions\info@priceblink.com.xpi
Emptied folder: C:\Users\Gerald\AppData\Roaming\mozilla\firefox\profiles\halibpwn.default-1378957229315\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at 3:39:43.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=============================================================================================


I have not as yet run RogueKiller. Is that necessary? In any case I'm going to do a complete system backup tonight while I wait for an answer about RogueKiller.

Thanks to all,

GerryR

BlueGuy,

People who watch me on the computer are amazed to see the care with which I make selections. I actually read EULAs. The only "standard installations" that I make are from Mozilla and Internet Download Manager. They just keep upgrading. I also accept updates to databases for MalwareBytes Anti-Malware, etc. There's no way to check that sort of thing.

I use Acronis True Image Home for my backups. It has a wonderful feature, "Try and Decide". When you start that you can install anything that you want to, then check it by MBAM, etc. No matter what the disaster, you're working on a virtual machine and can turn it off so that you are back to where you were when you entered "Try and Decide". I even install upgrades to CCleaner in "Try and Decide" although I'm pretty sure that's a waste of time. I always try out anything that I am contemplating there, I can download as free as a bird, install, screw around with the program, etc. Then I check it with MBAM and a host of others.

Many years ago, picking "Standard Installation" was safe. That was a long time ago. I click custom install on what I analyze in "Try and Decide". BTW, why are the manufacturers of AVG anti-virus which I don't use but do consider to be safe, trying to shove the AVG Toolbar down everybody's throat? Nobody I know seems to have figured this apparent dichotomy out. I think that I see that as an "option" more than any other one thing. The totality of programs that want to "just install a little installer" is growing by leaps and bounds.

I did send you the results of Adwcleaner and JRT, but not MBAM because MBAM came up with 0 objects and that was kind of dull.

BlueGuy,

I kept seeing articles about uninstalling Java because its security was Swiss cheese. I did that four days ago and so far everything that I've tried to run has run. I don't use Open Office or Libre Office. what exactly have I lost?

GerryR

I didn't download IE10 in the normal sense. It came down as part of a Windows Update from Microsoft! How was I do know it would explode when I opened it. Flashing ads, non-flashing ads, banner, conduit toolbar, conduit search engine, something wolf search engine, and more. If it weren't for the fact that Microsoft claims that you must have it to run Windows I would uninstall it. I certainly will never use it again.

So far I've run Adwcleaner, Hitman Pro, Junk Removal Tool, Temporary File Cleaner, Kaspersky, Malwarebyes, and I want to run Rogue Killer. Unfortunately I don't know any French and when you opt for the English tutorial, the windows are still in French and I don't know what to do. I have run each of the above at least three times, but I'm still having a weird problem. Like all the rest of you, I assume, I want to see my files' extensions. They disappeared 10 days ago. I reset them. They disappeared three days ago. I reset them, so far so good, but obviously not good. If anybody actually wrote a version of the Rogue Killer with the windows in English and wouldn't mind doing so, please send me a copy. I hope this is not breaking a rule of the forum - one of my addresses is [removed] The only thing of interest is that Adwcleaner, quite rightly, uninstalls the Yahoo Toolbar, which is really useful but, so I've read and been told, a potential security weakness. Maybe I'll just put the toolbar into my bookmarks, one piece at a time.

But I ***really want to run Rogue Killer*** once I know what the windows selections in the tutorial mean. The only one that's clear is a repetitive -> Please donate via PayPal. If I can run it and it finishes conduit off, I'll donate to him - I've already donated to Adwcleaner. I am a strong believer in donations for services rendered. My biggies are CCleaner and Wikipedia.