-
Bud, When you run Malwarebytes and it finds the conduit entry and you checking it and having it removed ?
You need the 32 bit version of SystemLook
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code:
:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
Yes and...
Ken
I found the PUP conduit in a scan this morning and again this afternoon
See log below then I will try your suggest and thyen post those results.
Yes, I quarantine the PUP everytime.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/8/2014
Scan Time: 4:09:09 PM
Logfile: pup5-.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220151
Time Elapsed: 5 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[a8586f91d030ef11c6b2cf9d857f6f91]
Physical Sectors: 0
(No malicious items detected)
(end)
-
SystemLook results
SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/05/2014 by budzone
Administrator - Elevation successful
========== folderfind ==========
Searching for "Conduit"
No folders found.
========== filefind ==========
Searching for "Conduit"
No files found.
========== regfind ==========
Searching for "Conduit"
No data found.
-= EOF =-
-
#31 Run again
Ken
When I first ran the steps you advised in #31 I did get a conduit node (line) in Chrome. But on that first run I had trouble seeing the rteset browser settings in Chrome.
I ran the instructions in 31 just now after resetting as described. adwCleaner found a firefox line that was weird. I ran clean
Here is that log
# AdwCleaner v3.207 - Report created 09/05/2014 at 10:44:58
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\adwcleaner(1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.16386
-\\ Mozilla Firefox v29.0 (en-US)
[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
*************************
AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[R1].txt - [1434 octets] - [07/05/2014 09:36:37]
AdwCleaner[R2].txt - [1553 octets] - [09/05/2014 10:43:53]
AdwCleaner[S0].txt - [4004 octets] - [29/04/2014 16:57:29]
AdwCleaner[S1].txt - [1503 octets] - [07/05/2014 09:38:24]
AdwCleaner[S2].txt - [1482 octets] - [09/05/2014 10:44:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1542 octets] ##########
-
Good, run Malwarebytes again and lets see if its gone
-
2nd 5-9 run
Ken
Also I will be away from this pc started Satuday through M<onday night. Can you leave tyhe ticket open untill I get back?
Thanks!
Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/9/2014
Scan Time: 11:59:36 AM
Logfile: 5-9-14noon.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.09.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220518
Time Elapsed: 5 min, 47 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
Yes. Lets keep an eye on it, when you return run Malwarebytes again and see if it returns
-
Friday night, its back!
Ken
FRirefox did update security tonight but I decxided to run a scan and got this PUP
Here is the log file.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/9/2014
Scan Time: 8:09:29 PM
Logfile: 5-9-14pm2.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.09.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220770
Time Elapsed: 5 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[738d827ef60a52ae2c60511da2626b95]
Physical Sectors: 0
(No malicious items detected)
(end)
-
Lets try uninstalling Chome and go from there
-
Thanks!
Ken
I did uninstall Chrome. I ran a malwarebytes scan after the uninstall. All is cle:euro:an right now.
Thanks for all your help!
Bud:euro: