Conduit browser hijacker's got ahold of my Win7 machine... what to do?

Muse · Jun 3, 2014

My last image was Mar. 31, and I've installed a fair number of things since. The Win7 32bit Home Edition installation was only days before that.

I don't notice anything in my usual browser, Pale Moon, but when I opened IE yesterday (Pale Moon was hung up), Conduit was evident. I think it tagged along when I installed 7zip or something.

I see stuff out there to deal with Conduit and other browser hijackers, but don't know what to trust. I used to use Superantispyware, but CNet indicates it's iffy, and kind out out of the loop lately. Should I restore my image from Mar. 31 or download and install some kind of malware/anti-spyware detection/removal utility? Suggestions appreciated! :|

Muse · Jun 3, 2014

I'm going through the steps at malwaretips, the first one being removing stuff in Add/Remove Programs, but I don't see anything to remove.

http://malwaretips.com/blogs/remove-conduit-search-virus/

... however, the conduit search has hijacked the home page in IE!

Muse · Jun 3, 2014

Well, I followed the other steps, basically resetting IE to initial settings, deleting my personal settings and restarting. Only change I've made is making Google my home page...

PliotronX · Jun 3, 2014

Adwcleaner has been an invaluable tool for this kinda of crud.

ussfletcher · Jun 3, 2014

Conduit just changes the home page and default search engine AFAIK, so just change them back.

VirtualLarry · Jun 4, 2014

ussfletcher said:
Conduit just changes the home page and default search engine AFAIK, so just change them back.

And installs services, to keep them that way...

I use FreeFixer, and Malwarebytes.

Muse · Jun 4, 2014

VirtualLarry said:
And installs services, to keep them that way...

I use FreeFixer, and Malwarebytes.

Um, malwarebytes isn't free, right? TIA...

smakme7757 · Jun 4, 2014

Muse said:
Um, malwarebytes isn't free, right? TIA...

Its free. But if you want realtime scanning and scheduling then you need a license.

corkyg · Jun 4, 2014

There is MBAM free and MBAM Premium. Your choice.

PliotronX · Jun 4, 2014

MBAM doesn't always get the roots of adware, especially some variants of Conduit which is why I followup with Adwcleaner and yet Adwcleaner doesn't catch everything. They compelement each other nicely. I'd peg the failure rate to completely clean systems with these two tools at less than 1% with a sampling size of over 300 systems.

Muse · Jun 5, 2014

PliotronX said:
MBAM doesn't always get the roots of adware, especially some variants of Conduit which is why I followup with Adwcleaner and yet Adwcleaner doesn't catch everything. They compelement each other nicely. I'd peg the failure rate to completely clean systems with these two tools at less than 1% with a sampling size of over 300 systems.

Ah, so, I haven't rebooted this machine yet. This post has me thinking that after a reboot and restart of IE, I can probably expect that the home page and search will be through conduit. :twisted: I may have to restore from an image. I found one, I think, from May, so I may be doing that. :|

PliotronX · Jun 5, 2014

I didn't mean to cause alarm, I have never had to reload an OS to eradicate Conduit. Adwcleaner is another freeware tool. What I'm saying is this is easily removable with free tools to save yourself from the effort of a reload.

xgsound · Jun 6, 2014

What the hell, we're all friends here. At the risk of overstepping some boundaries, I'm enclosing the printout I leave with the relatives/ friends machines after malware removal. I'm sure step 2 will save you a lot of effort. Adwcleaner even leaves a .txt (I print some of that too) with what was changed upon reboot. Feel free to use or ignore any of this.

************Doctors and Lawyers guide**
******* Suggested General Virus/ Malware strategy ********
Store program shortcuts in Utility folder on Desktop

1. Use one and only one anti virus and keep it updated
The free ones are MSE, AVG, Avira, Avast

2.periodically or when there are problems:
a. run tdsskiller this checks for rootkits and corrects -3 minutes
b. run ADWcleaner- very fast malware cleaner scan/ select clean -5 or 10 minutes

3. If problems persist:
a. run rkill it takes 2 or 3 minutes to start and 3 more to finish DO NOT REBOOT
b. when rkill finishes, run Malwarebytes a full scan and fix all - 1hour or so

If you have made big changes, run ccleaner :
a. analyze, wait, select all and run cleaner
b. select registry on left: scan for issues /select all /backup yes / fix all selected issues
This is the only registry cleaner I trust. It only removes things that lead nowhere

Download from www.bleepingcomputer.com if availiable

TDSSKILLER
Adwcleaner
Rkill
Mbam
ccleaner
Startup Control Panel
cpuz
************

Jim

Muse · Jun 6, 2014

Ever so cool, xgsound! Bookmarked!

Not sure what you're doing there (have just scanned this visually), ... I always store the shortcuts that I intend to use with any frequency at all in a utility folder on my desktop, do that with all my machines. I find the Start menu just utterly nutty.

Vanth · Jun 7, 2014

Try running herdProtect. It's free, has cloud scanning, and removes infections quite well.

Aldon · Jun 18, 2014

Conduit is not just a browser plugin. Be careful, whenever you remove the plugin in the browser settings, it is not deleted (!) from your hard drive. Conduit is still on your hard drive, so be sure to check everything.

Revolution 11 · Jul 1, 2014

Muse said:
Ever so cool, xgsound! Bookmarked!

Not sure what you're doing there (have just scanned this visually), ... I always store the shortcuts that I intend to use with any frequency at all in a utility folder on my desktop, do that with all my machines. I find the Start menu just utterly nutty.

I have gone through some crippling virus infections so I might be able to help. In my experience, rootkits are malware that is particularly hard to detect with software like MBAM. A rootkit cleaner is designed to target those types of malware. Some rootkits can restore malware that you just cleared from the system one power cycle ago.

rkill is a script/program you run, no installs needed, that will kill active malware processes. Often, you can not clean malware well unless you have disabled the active malware processes. I would change xgsound's recommendation order in this because you will want to run rkill before you run rootkit cleaners, anti-spyware/antivirus, and anti-malware programs.

You will need to run rkill every time you reboot or log in and the safety you gain for rkill only lasts until you restart or log off the computer.

*
If you are having trouble with your cleanup, go to www.bleepingcomputer.com and create a help thread in the right forum section. They will guide you through the whole process. The site also has a ton of very detailed guides on hardening your system from malware. Finally, the site offers a program called ComboFix, considered to be the "nuclear" option by the community there. It is very effective in cleaning malware but can also mess up your system. Do not use unless they tell you to.
*

Hope this helps.

Search

Conduit browser hijacker's got ahold of my Win7 machine... what to do?

Muse

Lifer

Muse

Lifer

Muse

Lifer

PliotronX

Diamond Member

ussfletcher

Platinum Member

VirtualLarry

No Lifer

Muse

Lifer

smakme7757

Golden Member

corkyg

Elite Member | Peripherals

PliotronX

Diamond Member

Muse

Lifer

PliotronX

Diamond Member

xgsound

Golden Member

Muse

Lifer

Vanth

Member

Aldon

Senior member

Revolution 11

Senior member

TRENDING THREADS