Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Win32.downloader.gen detected in Conduit program files - false positive?

  1. #1
    Junior Member
    Join Date
    May 2013
    Posts
    2

    Default Win32.downloader.gen detected in Conduit program files - false positive?

    Hi,

    as the title says, after downloading the latest update for Spybot it detected "Win.32.downloader.gen" in the program files for Conduit, after doing some research online apparently malware found in Conduit files are often false positives, especially the community alerts/alert.dll file which is one of the ones Spybot is telling me is infected (as well as AppData/Local/Conduit/). I also read that the "Win.32.downloader.gen" virus is generally found in another part of the system which leads me to believe it's a false positive.

    I'm not sure whether I should let Spybot remove these, are they false positives or could a legitimate trojan still hide in the Conduit program files? Sorry if this is a stupid question but I keep getting contradictory information about this. Please help!

  2. #2
    Junior Member
    Join Date
    May 2013
    Posts
    2

    Default

    Just to add to my earlier post:

    "Some malware camouflages itself as Alert.dll, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the Alert.dll process on your PC to see if it is a threat."

    The suspected trojan was found in the Alert.dll folder in the Conduit program files but I guess this doesn't mean it's 100% a false positive?

  3. #3
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    No, this is no false positive, as we detect Conduit intentionally.
    In the past Spybot S&D did not detect Conduit because it used to be the base for many different toolbars including legit ones.
    But since it became more more aggressive we started detecting it.
    The found item is part of that.

    Best regards
    Sandra
    Team Spybot

  4. #4
    Junior Member
    Join Date
    Jun 2013
    Posts
    3

    Question

    Hi,

    I've got the same problem as Chelsea1 and wanted to check that I understand correctly...

    Up until the latest update, any Conduit files on a PC would have been marked as safe and that it's only the latest update where Conduit files have started to be flagged as spyware? I'm just concerned that I've picked up spyware within the last week or whether I've always had these files and folders but they have been classed as safe until the latest update. Since receiving the warnings, I got the program to remove the files.

    Also, further to spybotsandra's reply, if I install a legit toolbar that uses Conduit, would I get the alert again? If so, would there be a way to mark the toolbar as safe but still keep the check in place in case a dodgy toolbar got installed?

    Thanks.

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by Staffy View Post
    Hi,

    Also, further to spybotsandra's reply, if I install a legit toolbar that uses Conduit, would I get the alert again? If so, would there be a way to mark the toolbar as safe but still keep the check in place in case a dodgy toolbar got installed?
    Yes, it would get flagged again, however the number of legit toolbars has decreased drastically. As of now we do not believe that there is any legit toolbar left that uses conduit. Since the way conduit behaves is just malicious towards the user.

    If you find a toolbar which you believe to be legit, feel free to name it so we can have a look at it.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  6. #6
    Junior Member
    Join Date
    Jun 2013
    Posts
    3

    Default

    Thanks for clearing that up, Yodama.

    Could you also tell me if I understood correctly why I got these alerts in the first place? i.e. what I said in my first paragraph. Basically, did Spybot always consider these files and directories as OK until the last update where they became suspicious from that point onwards? Which means I've always had these files and directories on my PC rather than something that was picked up within the last week? Sorry for sounding dumb but I just want to make sure I haven't misunderstood anything!

  7. #7
    Junior Member
    Join Date
    Jun 2013
    Posts
    1

    Default Win 32.downloader.gen - How do you remove it

    Hi all,

    Spybot is telling me I have this malware but Spybot is unable to fix the problem. How do I remove this malware?

    Mark

  8. #8
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by Staffy View Post

    Could you also tell me if I understood correctly why I got these alerts in the first place? i.e. what I said in my first paragraph. Basically, did Spybot always consider these files and directories as OK until the last update where they became suspicious from that point onwards? Which means I've always had these files and directories on my PC rather than something that was picked up within the last week? Sorry for sounding dumb but I just want to make sure I haven't misunderstood anything!
    Yes, you did understand correctly. The generic parts of conduit were ignored in the past, but since we now have evidence that conduit itself is acting malicious we are changing this.

    @Mark Kacmarik
    If you are using Spybot 2.0 please update to Spybot 2.1, also make sure that the latest detection updates are installed. It can also help to close your Internet browsers while cleaning.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  9. #9
    Junior Member
    Join Date
    Jun 2013
    Posts
    1

    Default Hi

    Quote Originally Posted by Mark Kacmarik View Post
    Hi all,

    Spybot is telling me I have this malware but Spybot is unable to fix the problem. How do I remove this malware?

    Mark
    I have been having the same issue SD can't fix? we do have the latest updates
    thanks again
    regards

    r8dr4lf

    version 2.0.12.0
    malware scanner 2.0.12.173
    Last edited by r8dr4lf; 2013-06-05 at 14:13. Reason: add info

  10. #10
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    Did you open Spybot with a right click and choose "run as administrator"?

    Best regards
    Sandra
    Team Spybot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •