Trovi Attached

**ken545** · 2014-05-08, 16:47

Bud, When you run Malwarebytes and it finds the conduit entry and you checking it and having it removed ?

You need the 32 bit version of SystemLook

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

**Beadbud5000** · 2014-05-08, 22:20

Ken

I found the PUP conduit in a scan this morning and again this afternoon
See log below then I will try your suggest and thyen post those results.

Yes, I quarantine the PUP everytime.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/8/2014
Scan Time: 4:09:09 PM
Logfile: pup5-.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220151
Time Elapsed: 5 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[a8586f91d030ef11c6b2cf9d857f6f91]

Physical Sectors: 0
(No malicious items detected)

(end)

**Beadbud5000** · 2014-05-08, 22:28

SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/05/2014 by budzone
Administrator - Elevation successful

========== folderfind ==========

Searching for "Conduit"
No folders found.

========== filefind ==========

Searching for "Conduit"
No files found.

========== regfind ==========

Searching for "Conduit"
No data found.

-= EOF =-

**Beadbud5000** · 2014-05-09, 16:55

Ken

When I first ran the steps you advised in #31 I did get a conduit node (line) in Chrome. But on that first run I had trouble seeing the rteset browser settings in Chrome.
I ran the instructions in 31 just now after resetting as described. adwCleaner found a firefox line that was weird. I ran clean
Here is that log

# AdwCleaner v3.207 - Report created 09/05/2014 at 10:44:58
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16386

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

*************************

AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[R1].txt - [1434 octets] - [07/05/2014 09:36:37]
AdwCleaner[R2].txt - [1553 octets] - [09/05/2014 10:43:53]
AdwCleaner[S0].txt - [4004 octets] - [29/04/2014 16:57:29]
AdwCleaner[S1].txt - [1503 octets] - [07/05/2014 09:38:24]
AdwCleaner[S2].txt - [1482 octets] - [09/05/2014 10:44:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1542 octets] ##########

**ken545** · 2014-05-09, 17:05

Good, run Malwarebytes again and lets see if its gone

**Beadbud5000** · 2014-05-09, 18:07

Ken

Also I will be away from this pc started Satuday through M<onday night. Can you leave tyhe ticket open untill I get back?

Thanks!

Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/9/2014
Scan Time: 11:59:36 AM
Logfile: 5-9-14noon.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220518
Time Elapsed: 5 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

**ken545** · 2014-05-09, 18:30

Yes. Lets keep an eye on it, when you return run Malwarebytes again and see if it returns

**Beadbud5000** · 2014-05-10, 02:24

Ken

FRirefox did update security tonight but I decxided to run a scan and got this PUP
Here is the log file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/9/2014
Scan Time: 8:09:29 PM
Logfile: 5-9-14pm2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220770
Time Elapsed: 5 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[738d827ef60a52ae2c60511da2626b95]

Physical Sectors: 0
(No malicious items detected)

(end)

**ken545** · 2014-05-10, 03:04

Lets try uninstalling Chome and go from there

**Beadbud5000** · 2014-05-13, 01:35

Ken

I did uninstall Chrome. I ran a malwarebytes scan after the uninstall. All is cle

an right now.

Thanks for all your help!

Bud

Thread: Trovi Attached

Thread Tools

Display

Yes and...

SystemLook results

#31 Run again

2nd 5-9 run

Friday night, its back!

Thanks!

Tags for this Thread

Posting Permissions