Hi,

as the title says, after downloading the latest update for Spybot it detected "Win.32.downloader.gen" in the program files for Conduit, after doing some research online apparently malware found in Conduit files are often false positives, especially the community alerts/alert.dll file which is one of the ones Spybot is telling me is infected (as well as AppData/Local/Conduit/). I also read that the "Win.32.downloader.gen" virus is generally found in another part of the system which leads me to believe it's a false positive.

I'm not sure whether I should let Spybot remove these, are they false positives or could a legitimate trojan still hide in the Conduit program files? Sorry if this is a stupid question but I keep getting contradictory information about this. Please help!

Just to add to my earlier post:

"Some malware camouflages itself as Alert.dll, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the Alert.dll process on your PC to see if it is a threat."

The suspected trojan was found in the Alert.dll folder in the Conduit program files but I guess this doesn't mean it's 100% a false positive?

Hello,

No, this is no false positive, as we detect Conduit intentionally.
In the past Spybot S&D did not detect Conduit because it used to be the base for many different toolbars including legit ones.
But since it became more more aggressive we started detecting it.
The found item is part of that.

Best regards
Sandra
Team Spybot

Hi,

I've got the same problem as Chelsea1 and wanted to check that I understand correctly...

Up until the latest update, any Conduit files on a PC would have been marked as safe and that it's only the latest update where Conduit files have started to be flagged as spyware? I'm just concerned that I've picked up spyware within the last week or whether I've always had these files and folders but they have been classed as safe until the latest update. Since receiving the warnings, I got the program to remove the files.

Also, further to spybotsandra's reply, if I install a legit toolbar that uses Conduit, would I get the alert again? If so, would there be a way to mark the toolbar as safe but still keep the check in place in case a dodgy toolbar got installed?

Thanks.

Hi,

Also, further to spybotsandra's reply, if I install a legit toolbar that uses Conduit, would I get the alert again? If so, would there be a way to mark the toolbar as safe but still keep the check in place in case a dodgy toolbar got installed?



Yes, it would get flagged again, however the number of legit toolbars has decreased drastically. As of now we do not believe that there is any legit toolbar left that uses conduit. Since the way conduit behaves is just malicious towards the user.

If you find a toolbar which you believe to be legit, feel free to name it so we can have a look at it.

Thanks for clearing that up, Yodama.

Could you also tell me if I understood correctly why I got these alerts in the first place? i.e. what I said in my first paragraph. Basically, did Spybot always consider these files and directories as OK until the last update where they became suspicious from that point onwards? Which means I've always had these files and directories on my PC rather than something that was picked up within the last week? Sorry for sounding dumb but I just want to make sure I haven't misunderstood anything! :red:

Hi all,

Spybot is telling me I have this malware but Spybot is unable to fix the problem. How do I remove this malware?

Mark

Could you also tell me if I understood correctly why I got these alerts in the first place? i.e. what I said in my first paragraph. Basically, did Spybot always consider these files and directories as OK until the last update where they became suspicious from that point onwards? Which means I've always had these files and directories on my PC rather than something that was picked up within the last week? Sorry for sounding dumb but I just want to make sure I haven't misunderstood anything! :red:

Yes, you did understand correctly. The generic parts of conduit were ignored in the past, but since we now have evidence that conduit itself is acting malicious we are changing this.

@Mark Kacmarik
If you are using Spybot 2.0 please update to Spybot 2.1, also make sure that the latest detection updates are installed. It can also help to close your Internet browsers while cleaning.

Hi all,

Spybot is telling me I have this malware but Spybot is unable to fix the problem. How do I remove this malware?

Mark

:eek: I have been having the same issue SD can't fix? :mad: we do have the latest updates
thanks again
regards

r8dr4lf

version 2.0.12.0
malware scanner 2.0.12.173

Hello,

Did you open Spybot with a right click and choose "run as administrator" (http://www.safer-networking.org/faq/how-can-i-get-administrator-rights-under-windows-vista7/)?

Best regards
Sandra
Team Spybot

Yes, you did understand correctly. The generic parts of conduit were ignored in the past, but since we now have evidence that conduit itself is acting malicious we are changing this.


Thanks very much Yodama for confirming and also explaining what and why things have changed :)