Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I identified the virus: Search.conduit.com 1

Status
Not open for further replies.
Ngolem

Ngolem

Programmer
Aug 23, 2001
2,724
0
0
CA
I have started a new thread as the previous thread is not really relevant any more....

When I looked at the operation of IE7 I noticed the reference to Search.conduit.com and checking the internet I see it IS a virus. But in looking at solutions there does not seem to be a consistent attack to kill the virus....

I have talked to Norton but they don't seem to have a virus removal for this so far.

I saw a reference to an excutible called "'Search Protect" which you cannot find using normal add/remove programs but I did have the latest version of CCleaner and in its tools the application showed up and I uninstalled it.

But the problem still exists (no internet connectivity) I imagine thre are other instances (registry?)that still need removal

any help appreciated

Jim Broadbent

 
Sort by date Sort by votes
Read this first and try, then try my suggestions.

Reboot if asked by each application - don't proceed to next step if asked to reboot.
1. Run CCleaner and clean out all temp files that it finds (for each user on the PC if more than one).

2. Download and run RKILL (iexplore.exe or rkill.scr or rikll.com)

3. Run TDSSKiller

4. Run MalwareByte's Anti-Malware. You need internet for it to update, so try regular mode then
safe mode with networking. If it won't update, run it anyway and see what it can remove. Then
reboot and try the update and run MBAM again if it updates.

5. Run RogueKiller

6. If nothing above has worked, then I'd recommend the following:
Run Combofix AFTER removing anti-virus and rebooting

Download ComboFix onto a USB flash drive from another computer or the computer in question if possible.
Boot into SAFE MODE or regular mode (if required) and uninstall your anti-virus software. Yes -
remove it. Reboot.
Clean out temp files and registry with CCleaner. Save before making registry changes each time
until no more errors or the same errors persist.
Copy combofix to desktop and launch combofix and allow it to do its thing. Follow screen prompts
and do what it says to do/NOT to do.
When computer has restarted for the last time, check things out.
Turn OFF system restore to flush out anything left
Reinstall anti-virus and MalwareByte's Anti-Malware. Run a full scan using each (at different
times) and see if things are clean.
Turn System Restore ON.

"Living tomorrow is everyone's sorrow.
Modern man's daydreams have turned into nightmares.
 
Upvote 0 Downvote
Well after 2 weeks of being internet disabled I am finally up and running again

this is what I did once I identified that Search.conduit.com was the problem...AND THIS IS A PROBLEM as this beast is not considered malware but rather a PUP, a nuisance program.

1. using the free version of CCleaner, I found using their tools/uninstall section "Search Protect" (no quotes) and I could uninstall this with no problem.....the instance was invisible using XP's Add/Remove Programs.

2. I had uninstalled my version of Firefox which I still believe was the route this problem entered my computer through their automatic updates (no boxes to uncheck during this procedure)and tried IE7 and still could not connect to any website.

3. I opened Control Panel and selected Internet options there I found that

a) the Search.conduit address was still the default...I changed it the DEFAULT MICROSOFT ADDRESS.

b) Under General/Search/settings/toolbars and extensions I found a section devoted to Conduit Ltd. MixDJ V8 Toolbar...I had no option to remove this entry...I could only disable it....but in typing this I see it has been re-enabled....hmmm...I tried to uninstall using
CCleaner ... no luck there....I will go to the Program Files folder for this bugger and see what happens when I rename the folder....Don't
want to delete it at this point.

c) I then went to General/Search/settings/toolbars and extensions where I found another conduit reference which I did remove and it stayed removed....there is another nusiance item "KeyBar 1.19 Customized Web search" which is a Search.conduit item....I could not remove it from here but I could disable it and it stayed disabled (so far)

Now I tried IE7 and lo an' behold I had my connection to the Internet again.....Hurrah!!!!!

I don't like my band-aid solution to MixDj V8 Toolbar and I am sure that there are registry entries to Conduit that should be cleaned out

But I don't know how to do those things....but having said that I am learning :)

Help in that regard is appreciated

Jim Broadbent

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
200
Ign3us
Ign3us
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
244
Flinx
Flinx
Marguerite Bourgeois
  • Locked
  • Question
I have a document in which margins
Replies
2
Views
72
goombawaho
goombawaho
pmonett
  • Locked
  • Question
Here I am again - Windows 1 0 driving me nuts 1
2
Replies
29
Views
233
goombawaho
goombawaho
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
82
bobadams52
bobadams52

Part and Inventory Search

Sponsor

Back
Top