win32/Small.CA virus

radman3d · Mar 11, 2013

Will do, it will have to wait until tomorrow...at work until mid-night. Do I just attach it here?

cottonball · Mar 11, 2013

If the file is not too long, you can just pot it.

If not, attach is fine.

radman3d · Mar 12, 2013

Here is the text file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Asus on Mon 03/11/2013 at 10:41:35.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\Users\Asus\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Asus\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\smartbar
Failed to delete: [Folder] C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Successfully deleted the following from C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\prefs.js

user_pref("CT2260173.1000082.isPlayDisplay", "true");
user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT2260173.1000234.TWC_TMP_city", "STOCKBRIDGE");
user_pref("CT2260173.1000234.TWC_TMP_country", "US");
user_pref("CT2260173.1000234.TWC_country", "UNITED STATES");
user_pref("CT2260173.1000234.TWC_locId", "USGA0538");
user_pref("CT2260173.1000234.TWC_location", "Stockbridge, GA");
user_pref("CT2260173.1000234.TWC_region", "US");
user_pref("CT2260173.1000234.TWC_temp_dis", "f");
user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"56°F\",\"temperatureClear\":\"56°F\",\"highTemperature\":\"64°F\",\"lowTemperature\":\"39
user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.FF19Solved", "true");
user_pref("CT2260173.FirstTime", "true");
user_pref("CT2260173.FirstTimeFF3", "true");
user_pref("CT2260173.UserID", "UN42062467072460616");
user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2260173.addressUrlXPETakeover", "true");
user_pref("CT2260173.autoDisableScopes", -1);
user_pref("CT2260173.defaultSearch", "false");
user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2260173.enableAlerts", "always");
user_pref("CT2260173.enableFix404ByUser", "FALSE");
user_pref("CT2260173.enableSearchFromAddressBar", "true");
user_pref("CT2260173.firstTimeDialogOpened", "true");
user_pref("CT2260173.fixPageNotFoundError", "true");
user_pref("CT2260173.fixPageNotFoundErrorByUser", "true");
user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2260173.fixUrls", true);
user_pref("CT2260173.installDate", "6/3/2013 9:05:56");
user_pref("CT2260173.installId", "dm");
user_pref("CT2260173.installType", "conduitnsisintegration");
user_pref("CT2260173.isCheckedStartAsHidden", true);
user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.keyword", "true");
user_pref("CT2260173.lastVersion", "10.14.65.43");
user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
user_pref("CT2260173.migrateAppsAndComponents", true);
user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fus-mg6.mail.yahoo.com%2Fneo%2Flaunch%3F.rand%3D5csapj8ojjckr\",\"EB
user_pref("CT2260173.openThankYouPage", "true");
user_pref("CT2260173.openUninstallPage", "true");
user_pref("CT2260173.revertSettingsEnabled", "false");
user_pref("CT2260173.search.searchAppId", "128848965243869715");
user_pref("CT2260173.search.searchCount", "2");
user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362578782894");
user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1362970498713");
user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362578781742");
user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1362943903760");
user_pref("CT2260173.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363005465871");
user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362578781703");
user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1362943903884");
user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1362943903663");
user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1362943903908");
user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362578781639");
user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1363005467629");
user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1362943904403");
user_pref("CT2260173.settingsINI", true);
user_pref("CT2260173.shouldFirstTimeDialog", "false");
user_pref("CT2260173.smartbar.CTID", "CT2260173");
user_pref("CT2260173.smartbar.Uninstall", "0");
user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
user_pref("CT2260173.startPage", "false");
user_pref("CT2260173.toolbarBornServerTime", "6-3-2013");
user_pref("CT2260173.toolbarCurrentServerTime", "11-3-2013");
user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1363011081312,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN42062467072460616&UM=UM_ID&q=");
user_pref("smartbar.originalSearchAddressUrl", "");
Emptied folder: C:\Users\Asus\AppData\Roaming\mozilla\firefox\profiles\95rsgyio.default\minidumps [7 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/11/2013 at 11:02:18.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cottonball · Mar 12, 2013

radman3d,

MyWebSearch, to my understanding is powered by Conduit, which shows on the report.

It also comes bundled with other stuff.

When you download programs, keep an eye on the fine print, or on an occassional item that is checked...
It might be a Gotcha!!

radman3d · Mar 12, 2013

I saw conduit on the report. Not sure where it came from. I try to catch all those that are checked and uncheck them. One may have slipped by. I will have to be more vigilant for now on. Thanks for the help, cottonball.

cottonball · Mar 12, 2013

Glad to help!

Good luck, radman3d!!

win32/Small.CA virus

radman3d

New member

My Computer

cottonball

Retired ol' hound...

My Computer

radman3d

New member

My Computer

cottonball

Retired ol' hound...

My Computer

radman3d

New member

My Computer

cottonball

Retired ol' hound...

My Computer

Similar threads