Unwanted search program

Topic

New Reply

Yesterday I downloaded a program (smartdraw) from cnet. There were a number of programs riding with the download and I thought I had unchecked them all. Apparently I got something called search.conduit which has now replaced my google search and replaced my homepage. I have gone into google settings and made the google search my default again, but conduit still takes over. I also did a scan with malwarebytes and it found a number of problems which I deleted. I also did a restore on my computer to a date earlier than the problem, but nothing worked.
Otherwise my computer appears to be functioning properly.
How can I get the conduit search off my internet connection?
Alan

Reply | Quote

Replies

See if this helps:
http://malwaretips.com/blogs/remove-conduit-search-virus/

Jerry

Reply | Quote

This search.conduit has been popping up quite a bit recently.

Everyone has to be aware that whenever you get a piece of S/W from many of these free spots, there seems to be many of these “piggy backed” apps that few want along for the ride. This particular pest seems more difficult to remove than some. Here is one thread onsearch.conduit. It has been mentioned several times in addition to this. If you do a search for search.conduit perhaps you can find other discussions that have some valuable clues.

Reply | Quote

Jerry. Thank you. I went to the site and I followed it step by step. It was very difficult but it appeared to do the trick. My Internet Explorer seemed to be working well as did my default browser google chrome but when I shut google down and next time opened it I was back with the search.conduit screen. I redid the entire thing again the next day but still have the problem. Thanks anyway I will have to try another approach, but not today cause I’m too frustrated.
Alan

Reply | Quote

Just last week I uprooted search.conduit from a friend’s PC. I used AdwCleaner. It’s quite thorough, rooting out registry entries, processes, folders and files, and runs very briskly, as well.

It works on a wide range of Adware/Malware and unwanted BHO’s/Toolbars.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I’ve found Aswcleaner very effective as well.

Jerry

Reply | Quote

I have tried adwCleaner, regcure pro, malwarebytes and it would appear that I have removed most of the conduit files and registry entries but when I reboot the chrome comes up and all appears well. but as soon as I do a chrome search the search.conduit page comes up again. I notice that when this occurs a message saying “downloading proxy script” appears at the bottom of my screen and it takes about 30 – 45 seconds before my new screen comes up.
Other than the annoying wait for a new screen everything else appears normal. After a full scan with malwarebytes it shows no malware.
I think I’ll just get used to the delay unless anyone has another suggestion.
Alan (Thanks all).

Reply | Quote

Is there some kind of browser add-on that has to be disable/removed as well as the search engine. Perhaps an add-on is phoning home and getting the app back. This seems to be a very insidious search add-on/hijack.

Reply | Quote

The uninstall details from Conduits own page might help: http://support.conduit.com/HelpCenter/Uninstall

Reply | Quote

Also check:
Control Panel >Internet Options>Connections tab>Lan Settings button and make sure Use a proxy server ….
is not checked.

Jerry

Reply | Quote

Thanks Jerry
I checked and the use proxy server was unchecked.
Please anyone with an idea let me know, because although this is only annoying I’d sure like to get rid of it.
Alan

Reply | Quote

I did the same thing on a download. I unchecked all the add-ons offers. Or declined them. BAM!
I used free Malwarebytes Anti-Malware , AdwCleaner, and Combofix. Rebooted. Conduit and Visual Bee
search page back again. Went into Manage Add-Ons and removed Conduit in all browsers. Went into registry and deleted every Conduit entry. And Visual Bee. Restarted. Gone finally. Reran Malwarebytes Anti-Malware , AdwCleaner.
Under HOME PAGE Edit Box in each browser you got http://www.search.conduit.com, replace it to http://www.google.com, then click on apply and close. Reset Internet Explorer .
In Firefox type this command in the address bar “about:config”
Type “http://www.search.conduit.com” into search bar. Replace all the string from “http://www.search.conduit.com” to “http://www.google.com”
One by one, change them to “http://www.google.com”
Open “Troubleshooting information” page into Firefox. Click on Reset Firefox option, It will take time to reset.
Google Chrome, click on Settings icon. Manage search engines. Change your default search engine. Delete all others.
Remove search.conduit.com manually and completely
1. Launch the Task Manager by pressing keys “CTRL + Shift + ESC”, search for search.conduit.com processes and right-click to end them.

2. Get rid of the following files created by search.conduit.com:

C:WINDOWSassemblyKYH_64Desktop.ini
C:WindowsassemblyKYH_32Desktop.ini
C:WINDOWSsystem32giner.exe

3. Open Registry Editor (in Windows XP, go to Start Menu, run, type in “Regedit” and press OK; in Windows 7 & Windows Vista, go to Start menu, Search, type in “Regedit”), find out the following search.conduit.com registry entries and delete:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Componentsrandom
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrunrandom
HKEY_CURRENT_USERSoftwareMicrosoftInstallerProducts5ATIUYW62OUOMNBX256 “(Default)”=”1?
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall“UninstallString” = “‘%AppData%[RANDOM][RANDOM].exe” -u
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall“ShortcutPath” = “‘C:Documents and SettingsAll UsersApplication Data5ATIUYW62OUOMNBX256.exe” -u’”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce “5ATIUYW62OUOMNBX256” = “‘C:Documents and SettingsAll UsersApplication Data5ATIUYW62OUOMNBX256.exe’

Reply | Quote

I have my own funny way of getting rid of PUPs, including Toolbars etc. and it works for me every time.

Install the free “Everything (Search)”, “RegSeeker v. 1.55” ) (Major Geeks may have the latter) and the free “Unlocker.” Take care that there are no piggy-backers as free programs are becoming a dreadful nuisance in this respect.

Allow Everything to load: about 20 seconds, and your entire OS is loaded in alphabetical order, numericals first.

Type in the exact name of the program you want to delete e.g. Conduit. “Everything” will find every “Conduit” there is on your OS: delete directly from Everything. Use Unlocker if necessary, and reboot. Make sure the Recycle Bin is empty. Repeat the process just in case. When searching for toolbars, sometimes names like “Ask Toolbar” will bring up nothing, so try “Ask”. This applies to RegSeeker as well.

Now open RegSeeker and again, type in the exact name in “Find in Registry…” allowing spaces where there are spaces in the name of the PUP, or no spaces if the PUP name has no spaces. Hit enter, (or click Search), and allow RegSeeker to search to 100%, and wait for the “Select all” and “Action” to become active. Click “Select all”, and “Delete Selected”.

A backup will be made of the deleted stuff, if “Backup before Deletion” is ticked. (Exercise care: RegSeeker will bring up words like “operation” as well, if you search, for example, for names like “Opera”) Reboot and repeat the entire process to make sure your PC is clean. The backup can be deleted later by left-clicking Backup in the menu on the left of RegSeker, and highlighting the backup on appearance with a left click, and deleting from the right-click menu. Finally I run the Auto-Clean facility on RegSeeker – the Auto Clean appears when you click “Clean the Registry” on the menu of RegSeeker. It removes ONLY the green entries (safe). In ten years I have never trashed my registry.

It works for me every time! Cheers.

Reply | Quote

my first suggestion would be to go to winpatrol.com and download their latest free version of winpatrol.

under the options tab check the box the says ‘lock file types’ (it’s annoying when updating windows because it constantly asks permission to replace the existing files with the updated one).

winpatrol (i’ve used for years) will protect your homepage & search pages, host file, has built in ‘hijackthis’ watches your start up programs, ie browser helpers (toolbars), cookies, etc.

as for getting rid of the persistant ‘support.conduit’, (in winpatrol it would be under the ‘ie helpers’ tab or the ‘startup programs’ tab) after you’re finished ‘cleaning’ your system, i recommend that the last thing you do is delete all the files in your ‘prefetch’ folder and then immediately reboot the system. don’t delete the folder, just tag the files and delete them, the system will repopulate the folder at the next startup.

i delete the contents of this folder periodically just as a precaution because i cleaned up one system and the virus returned at every reboot because it hid in the prefectch folder and reinstalled itself at every bootup.

Reply | Quote

I used to think that CNET was a reputable site but not anymore. I just dont understand how CNET would let these add ons to their downloads, besmirch their once good name. Why do they allow such nasty addons? Do they not check? Well bye bye CNET!

Reply | Quote

I was bitten by this as well. I went to IE10>Internet Options and changed my homepage back to Yahoo. I’m not sure, but I think I also went to Control Panel and deleted one or more programs associated with this that were there.

Reply | Quote

I have tried pretty well all the above and in one or two cases it appeared to work, only to re-appear with the “search.conduit” after a re-boot.
Thank you all, but I think I will close this thread now as except for a slight delay in loading the proxy site there doesn’t appear to be any problem with my computer and the anti-virus and malware programs show nothing.
Alan

Reply | Quote

The issue here is Chrome. Chrome has something similar to the Firefox about:config file, and it’s located inside the Chrome per-user AppData (usually the Local AppData on 64-bit systems). It does no harm to manually delete the Chrome Local and Roaming AppData entirely, as they will regenerate whenever Chrome fires up. You may lose History and Cookies, but this is a small price to pay for being freed from the remnants which regenerate the browser Search Engine and Homepage hijacking. There are also Registry issues sometimes, but this aspect has already been covered in this Thread.

In Firefox, using FEBE to back up a user Profile allows the Profile, or even all of Firefox, to be removed (sometimes Revo Uninstaller helps here). FEBE can then restore the user’s Profile to an earlier time when it was free of the PUP contents.

Most antispyware and antivirus programs will protect your Homepage from being changed. How effective this protection is varies from vendor to vendor.

-- rc primak

Reply | Quote