Jump to content

Pup.Optional conduit a (Resolved)


saxman10
 Share

Recommended Posts

I'm running Windows 7, 64 and I have several anti-virus and malware software programs running on my system. Nevertheless it appears I picked up a virus, the pup.optional conduit a. The virus was initially discovered by Malwarebytes Anti-malware. I downloaded Adwcleaner and JRT. I ran the software and removed the required registry entries. I thought I had removed the virus. However, the next day when Malwarebytes ran its scheduled scan I discovered that the virus had returned. Obviously I, missed something. I've attached the logs from JRT, Malwarebytes and Hijackthis. These logs are from scans completed after the second discovery. Hopefully you can help.

 

 

JRT.txt

malwarebyteslog.txt

Link to comment
Share on other sites

Hi and welcome

Let's see if we can find remnants.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

Link to comment
Share on other sites

Please uninstall: blekko search bar <-- If found.

 

The following script will reboot your machine please don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

SearchScopes: HKLM - DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =

CHR StartupUrls: "hxxp://my.yahoo.com/?_bc=1", "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9EFC29EC85428CBE6B2B9D4FC384AF1F&tbp=homepage", "hxxp://isearch.avg.com/?cid={8BEDEB96-2076-4378-BF0F-AB0376955300}&mid=a38608d5f8fd47d0a206c593af2cd221-2b2fa0f2dac447bb054e8ec30d4dc20080487df2&lang=en&ds=od011&pr=sa&d=2012-07-05 17:15:14&v=11.1.0.12&sap=hp", "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT", "hxxp://www.google.com/", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0EtD0Bzy0AyD0AyB0DzzyEtA0BtA0A0BtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2030117041", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=DAD41ECF087743FEC775C150A17909D8", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=921ab3ab000000000000e0b9a5a7d843", "hxxp://mysearch.avg.com/?cid={7BD38EB7-DD1B-4C64-B257-0C64284375CC}&mid=79a1cc05301747d397d4c593af2cd221-2b2fa0f2dac447bb054e8ec30d4dc20080487df2&lang=en&ds=AVG&pr=sa&d=2013-08-26 21:17:29&v=15.6.1.2&pid=safeguard&sg=0&sap=hp", "hxxp://search.conduit.com/?gd=&ctid=CT3321728&octid=EB_ORIGINAL_CTID&ISID=M02F0A5A5-00CF-4A10-8F17-66316B4D5A34&SearchSource=55&CUI=&UM=2&UP=SP1BD22721-8BB1-4798-8737-ADA593A342AA&SSPV="

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KENSLA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-20]

C:\Users\Kens Laptop1\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Kens Laptop1\AppData\Local\Temp\Quarantine.exe

AlternateDataStreams: C:\ProgramData\Temp:3AEA6AF9

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The below scanner can take quite a while depending on how full your computer is. It is a thorough scanner that we rely on often. Please be patient.

 

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Please post:

fixlist.txt

Eset log

 

how is the computer now?

Link to comment
Share on other sites

Using the following created script your computer will reboot to remove the malicious files, please don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\Program Files (x86)\Restorator 2007\patch.exe

C:\Users\Kens Laptop1\Desktop\wavepad.exe

C:\Program Files (x86)\NCH Swift Sound\WavePad\uninst.exe

C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe

C:\Program Files (x86)\NCH Swift Sound\WavePad\WavepadSoundEditor.4.40_v4.40.exe

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~`

 

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
~~~~~~~~~~~~~~~~~~~~~~`

Please run this security check for my review.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please post:

Fixlog.txt

Hijackthis

checkup.txt

 

How is your computer?

Link to comment
Share on other sites

Update Adobe reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

     

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html

    UNcheck the McAfee security scan.

     

    After installing the latest Adobe Reader, uninstall all previous versions.

    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

       

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

************

 

You have an extraordinary amount of applications loading at boot up. We can disable of few of those to speed up the system.

All Items can be placed back and or researched here http://www.bleepingcomputer.com/startups/

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

 

Now reboot the computer to set the registry.

 

***************

 

Now, update me on how the computer is at the moment.

Link to comment
Share on other sites

Dang, thats kinda my fault. It's in the Google settings that we can reset.

 

We need to reset Chrome back to defaults to completely clear out what is going on.

 

We can keep the bookmarks by exporting them - Export Bookmarks

 

 

Then I need you to go Google Sync and sign into your account

 

scroll down untill you see the "Stop and Clear" button and click on button

 

At the prompt click on "Ok"

 

Now we need to uninstall chrome

 

I want you to uninstall Chrome and if asked about user data or settings then remove this also

 

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

 

After you have Chrome reinstalled please check things out and let me know how it is doing.

Link to comment
Share on other sites

LOL

 

Let's remove the tools and quarantine folders or future scans will find these.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

 

 

start

DeleteQuarantine:

end

~~~~~~~~~~~~~~~~~~`

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

     

    ~~~~~~~~~~~~~~~~~

     

    Your good to go, good job!

     

    Please take the time to read over a few of my preventive tips.

     

    Computer Security

    http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    Be prepared for CryptoLocker:

     

    Cryptolocker Ransomware: What You Need To Know

     

    CryptoLocker Ransomware Information Guide and FAQ

     

    to help protect your computer in the future I recommend that you get the following free programmes:

     

    CryptoPrevent install this programme to lock down and prevent crypto ransome ware

     

    CryptoPrevent.JPG

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

     

     

    Firefox 3

    The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

     

    AdblockPlus

    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

    Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
    • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
    • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
    • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...