Search Conduit : what a plague.

[CougTek]

This f**king malware is a tough bitch to kill. It survives Spybot S&D, MalwareBytes, Superantispyware, SmitFraudFix, Combofix and all the free antivirus programs (normal since it's not a virus per se). I searched Google and found this, which seems too simple to work, but I'll try it.

Also, the last two machines I had at the shop that were infected by it also had an issue with WindowsUpdate. The web site gave me an error code 0x80070424 when I tried to update the OS. I had to execute "regsrv32 wuaueng.dll" to fix WindowsUpdate.

It really is a pain in the ass. I don't know where it comes from, but my customers are experts to find it.

 

[Bozo]

Years ago we did fresh installs every6-8 months to keep the OS running. (Win95)
Now I guess you need to reinstall just to clean out all the spyware, viruses, trogens, and all the other crap that infects computers.

 

[Mercutio]

I've never seen Search Conduit. It looks like it infests one's Firefox Profile, and if that's the case the best thing to do is probably just nuke the profile and start over.

 

[CougTek]

Only the search engine of Internet Explorer is affected. I blocked many known malware sites using the immunization of Spybot S&D and SpywareBlaster. Firefox has been cured as far as I can tell. I've told the customer to either use Firefox or I need to reinstall. She chose the first option.

 

[Howell]

Posted 6-7 days ago:
[URL]http://www.ehow.com/how_5104414_remove-conduit-toolbar.html
[/URL]
It has to be a joke.

 

[CougTek]

It is much more complicated than that. It's not only Search Conduit ; the infection redirects you anywhere on their affiliated sites. I simply noticed that Search Conduit becomes the defacto home page on infected computers before I start the cleaning. I think the Babylon toolbar does the same thing. I gave up fixing IE's search engine and I simply told the customer to use Firefox.

 

[Mercutio]

Coug, do you have a sample of that thing or know where I can infect something with it? I want to see what my removal practice does to it.

 

[CougTek]

Both customers who were infected got their machines back today. I'll tell you next time I receive one. In the meanwhile, I suggest you to install Windows XP SP2, unpatched, on a spare computer you have and then hit "search conduit" on Google. You can also try to install the "babylon search" toolbar. "Eazel_fr" toolbar too, even if you don't understand french. The goal is to infect the machine, not to learn a new language. Try to fuck around with those toolbars and I'm pretty sure your search will be sodomised.

 

[CougTek]

Got another of those infections this week. After scanning with the portable version of Superantispyware, the Antivir rescue disk, Eset online scanner, Combofix, Spybot, Smitfraudfix, Malwarebyte's, Microsoft's MRT, the userinit.exe still gets re-infected after each reboot. The file assosciation is broken after each reboot (Combofix cures it, but it breaks after reboot) and the search engine redirects researches on Internet.

I would gladly make an image of the installation and send it to you, but it's in French, so you wouldn't be able to do anything with it anyway.

Backup and re-install.

 

[Clocker]

My father-in-law swears by Comodo. Might be worth a try...

http://www.comodo.com/

Clocker

 

[Mercutio]

I have a machine with the Conduit Toolbar right now. It has 14 other toolbars installed and has had its .exe file association jacked and some other nasty stuff done to it as well. I'm going to see where I wind up with it.

 

[MaxBurn]

Burn the hard drive while wearing hazmat suit.

Put on YouTube

Profit?

 

[CougTek]

If you search something on Google, is it redirected?

 

[Mercutio]

The machine is fine now with IE and Firefox.
I deleted and recreated his Firefox profile, as I indicated would most likely work.