Conduit Search/Toolbar Description
Type: Browser Hijackers
Search.conduit.com is an online search engine which is usually accessed through a toolbar for your web browser. This website and toolbar are the work of the Conduit software. There have been various reports that the Search.conduit.com toolbar makes unauthorized changes to your web browser and that, when it comes time to remove this Browser Helper Object, the lack of a legitimate uninstaller causes several problems on the computer on which Search.conduit.com is installed.
Problems Associated with the Search.conduit.com Website and Toolbar
Affected computer users have reported that the Search.conduit.com toolbar causes browser redirects, forcing the affected user to visit the Search.conduit.com web page. Affected users have also found that Conduit's toolbar makes unauthorized changes to their web browser settings, such as changing the browser's homepage or its default search engine toolbar. ESG security researchers strongly recommend that users take extra care when installing browser toolbars. These kinds of applications tend to set off red flags when it comes to computer security since browser toolbar are common delivery vehicles for various kinds of malware. There are varieties of browser toolbars that are really adware, spyware or browser hijackers. Hackers take advantage of security vulnerabilities associated with BHOs (Browser Helper Objects) in order to infect their victims with malware. Toolbars that are advertised as helpful are also a practical way for criminals to take advantage of computer users, which are not very experienced in computer security.
Removing the Search.conduit.com Toolbar from Your Computer System
One of the problems associated with the Search.conduit.com toolbar is that Search.conduit.com does not include an uninstaller, making the removal of this application somewhat troublesome. The Search.conduit.com toolbar can be removed through the add/remove programs panel in the control panel. However, affected users will have to restore all the changes that this toolbar makes to their web browser preferences. This means restoring the default search engine and home page. Since this can be a tedious process, some computer users may prefer to reinstall their web browser or to restore it to default settings once the Search.conduit.com toolbar has been uninstalled. The Search.conduit.com toolbar is not attacking your computer like other malware, but Search.conduit.com has characteristics that make Search.conduit.com and inconvenience to many computer users.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software
Detection
Ikarus
not-a-virus:WebToolbar.Rubar
Ikarus
PUA.ClientConnect
McAfee
Artemis!EAF8104FE812
McAfee-GW-Edition
Artemis!Trojan
Avast
Win64:Malware-gen
AVG
Generic.ABF
McAfee
Artemis!CB65DD8AD8BC
Antiy-AVL
RiskWare[WebToolbar:not-a-virus]/Win32.Rubar
DrWeb
Adware.Toolbar.225
Kaspersky
not-a-virus:WebToolbar.Win32.Rubar.a
Symantec
WS.Reputation.1
AVG
Generic.4CC
McAfee-GW-Edition
Artemis
McAfee
Artemis!82FC4EAFF415
AVG
SearchProtect.1DD
Technical Information
Screenshots & Other Imagery
SpyHunter Detects & Remove Conduit Search/Toolbar
File System Details
Conduit Search/Toolbar creates the following file(s):
| # | File Name | MD5 | Detection Count |
|---|---|---|---|
| 1 | A0028368.exe | ced18c00311fab6557daa7bfe9e3ba12 | 4,606 |
| 2 | tbcore3.dll | bed7f9bf0b91a9176c4af2ee157bc438 | 3,907 |
| 3 | tbhelper.dll | b03559bf4499f3707d5221c9743ecd53 | 3,414 |
| 4 | inventoria.exe | b92ba0932cf3a0cb17463844f8da9dd8 | 2,839 |
| 5 | ConduitInstaller.exe | c4f77c80ea5729f9bc66603e3cfcf6a6 | 2,013 |
| 6 | ConduitHelper.exe | f110c288e1c835cad172f37a62d6918f | 198 |
| 7 | avayvaxxvae.exe | bb17bcf355b790bf81670c0ca87ba2ec | 138 |
| 8 | NativeMessageHost.exe.vir | b9c364e152fe5f2f0795ef23dae9d9d5 | 37 |
| 9 | MLSClient.AutoUpdateService.exe | 2d4160fc44148d48ecc30b1073b557e1 | 36 |
| 10 | PwmNativeMessaging.exe | bceae9cb62eae582287bd1ff5a0bd96b | 35 |
| 11 | ConduitRBCB_e1v0.exe | 977941c772377e27827df41793ec6dae | 31 |
| 12 | MlsUI.exe | 591d9419d5945906f50627286d82e5c5 | 31 |
| 13 | ChromeInstaller.exe | 58a84e29355625656f65c27885ddff26 | 18 |
| 14 | A0121692.exe | f86a73c9497327a20ee960c2abca24a7 | 15 |
| 15 | prxtbuTor.dll | f539d488bde6d2417bd4819193643251 | 12 |
| 16 | avaxvyvax.exe | 21ce5e311a2a0a2cb7529b71c76578f7 | 8 |
| 17 | ConduitCrashHandler.exe | c19d8a382428bb91c6a80207fbd0c512 | 2 |
| 18 | The_Pirate_Bay.exe | b368aa0bdc4c00b31efc8a148485c110 | 2 |
| 19 | TBVerifier.dll | f7d2888e106d013de866310fe7993ec2 | 1 |
| 20 | fhgc.dll | 22684bf4b2ce6d61df96ad3283242b74 | 1 |
| 21 | fogiohohcp.dll | ce90b03d1dc5ed1afeb1c76d55022bd2 | 1 |
| 22 | TBMessagingHost.exe | 2a13d24e610026e86468fceb8043fec9 | 1 |
| 23 | BackgroundContainer.dll | 3944b6345d72e9d2dd734a1519a7a63b | 1 |
| 24 | ekneeicf.dll | 581b3272fcdab3b63a4d80f8d00c2988 | 1 |
| 25 | TBHostSupport.dll | beae83e2c0cd64fefd38944dd6c0b04d | 1 |
| 26 | UninstallerUI.exe | 0bfb8a5ba551c5bd6a5d6af2f1060de1 | 1 |
| 27 | NativeMessagingApp.exe | e521580e5facef89885cdcdb63e91101 | 1 |
| 28 | APISupport.dll | 0191d8c9da97bfa06ef02cbc9f2c2d2f | 1 |
Registry Details
Conduit Search/Toolbar creates the following registry entry or registry entries:
CLSID
{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{3c471948-f874-49f5-b338-4f214a2ee0b1}
{5CF209CF-1B8A-4D23-A927-1165BE2AEFD8}
{7473b6bd-4691-4744-a82b-7854eb3d70b6}
{afdbddaa-5d3f-42ee-b79c-185a7020515b}
{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}
{DFBEB35B-444D-4F25-8D7D-EB2683C206EC}
{E802027B-1F2B-40BD-B307-0BD96D036835}
Directory
%ALLUSERSPROFILE%\Application Data\Conduit
%ALLUSERSPROFILE%\Application Data\Tbccint
%ALLUSERSPROFILE%\Conduit
%ALLUSERSPROFILE%\Tbccint
%appdata%\Tbccint
%LOCALAPPDATA%\cctbplt
%LOCALAPPDATA%\Conduit
%LOCALAPPDATA%\Tbccint
%LOCALAPPDATA%\TBHostSupport
%PROGRAMFILES%\AstroburnBar
%PROGRAMFILES%\Conduit
%PROGRAMFILES%\ConduitEngine
%PROGRAMFILES%\Nova
%PROGRAMFILES%\pcreg
%programfiles%\PHPNukeEN
%PROGRAMFILES%\Tbccint
%PROGRAMFILES(x86)%\AstroburnBar
%PROGRAMFILES(x86)%\Conduit
%PROGRAMFILES(x86)%\Nova
%programfiles(x86)%\PHPNukeEN
%PROGRAMFILES(x86)%\Tbccint
%PUBLIC%\Conduit
%systemdrive%\users\appdata\locallow\Conduit
%TEMP%\38fdaae5-8e0e-493c-88ec-e05c3be06e42
%TEMP%\AstroburnBar
%temp%\Conduit
%temp%\ConduitSP
%TEMP%\CT3302872
%Temp%\CT3302999
%temp%\ct3309759
%Temp%\CT3310393
%Temp%\ct3311333
%Temp%\CT3317212
%Temp%\mam-ct3317212
%TMP%\ct2571160
%UserProfile%\AppData\LocalLow\Conduit
%USERPROFILE%\AppData\LocalLow\ConduitEngine
%USERPROFILE%\AppData\LocalLow\PHPNukeEN
%USERPROFILE%\AppData\LocalLow\Tbccint
%USERPROFILE%\Configuración local\Datos de programa\Conduit
%USERPROFILE%\Configurações Locais\Dados de aplicativos\Conduit
%USERPROFILE%\Impostazioni locali\Dati applicazioni\Conduit
%USERPROFILE%\Local Settings\Application Data\Conduit
%UserProfile%\Local Settings\Application Data\Tbccint
%UserProfile%\Local Settings\Application Data\TBHostSupport
%USERPROFILE%\Lokale Einstellungen\Anwendungsdaten\Conduit
%USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Conduit
File name without path
client.conduit-storage[1].xml
http_app.mam.conduit.com_0.localstorage
http_app.mam.conduit.com_0.localstorage-journal
http_cap1.conduit-apps.com_0.localstorage
http_cap1.conduit-apps.com_0.localstorage-journal
http_search.conduit.com_0.localstorage
http_search.conduit.com_0.localstorage-journal
http_storage.conduit.com_0.localstorage
http_storage.conduit.com_0.localstorage-journal
http_twitter.conduitapps.com_0.localstorage
http_twitter.conduitapps.com_0.localstorage-journal
https_facebook.conduitapps.com_0.localstorage
https_facebook.conduitapps.com_0.localstorage-journal
https_youtube.conduitapps.com_0.localstorage
https_youtube.conduitapps.com_0.localstorage-journal
Regexp file mask
%LOCALAPPDATA%\Conduit\BackgroundContainer\BackgroundContainer.dll
%LOCALAPPDATA%\ConduitInstaller.exe
%LOCALAPPDATA%\CRE\[RANDOM CHARACTERS].crx
%temp%\[RANDOM CHARACTERS]ConduitEngineSetup.exe
%TEMP%\ConduitInstaller.exe
%TEMP%\tbWhit.dll
%USERPROFILE%\Local Settings\Application Data\CRE\[RANDOM CHARACTERS].crx
%WINDIR%\System32\Tasks\BackgroundContainer Startup Task
%WinDir%\System32\Tasks\pcreg
%WinDir%\Tasks\pcreg.job
Registry key
SOFTWARE\AppDataLow\Software\AstroburnBar\toolbar
Software\AppDataLow\Software\BackgroundContainer
Software\AppDataLow\Software\Begin-download_FLV\toolbar
Software\AppDataLow\Software\Conduit
Software\AppDataLow\Software\conduitEngine
Software\AppDataLow\Software\ConduitSearchScopes
Software\AppDataLow\Software\MixiDJ\toolbar
Software\AppDataLow\Software\PHPNukeEN
Software\AppDataLow\Software\Produtools_Manuals_2.1\toolbar
Software\AppDataLow\Software\Produtools_Manuals_2.1_B2\toolbar
Software\AppDataLow\Software\Smartbar
Software\AppDataLow\Software\Tbccint
Software\AppDataLow\Software\TbccintSearchScopes
Software\AppDataLow\Software\TV_Bar_2\toolbar
Software\AppDataLow\Software\uTorrentControl_v2
SOFTWARE\AppDataLow\Software\YesStreamer_Bar
Software\AppDataLow\Toolbar\RegisteredSources\Conduitengine
Software\AppDataLow\Toolbar\RegisteredSources\CT3272718
SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
SOFTWARE\Classes\Toolbar.CT3272718
SOFTWARE\Conduit
SOFTWARE\DT Soft\Astroburn Toolbar
Software\Google\Chrome\NativeMessagingHosts\nmhostct408137
SOFTWARE\mamverifier
Software\Microsoft\Internet Explorer\Approved Extensions\{30F9B915-B755-4826-820B-08FBA6BD249D}
Software\Microsoft\Internet Explorer\Approved Extensions\{413c77a8-1554-46ac-b5e0-e5ac3c4e839e}
Software\Microsoft\Internet Explorer\Approved Extensions\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}
Software\Microsoft\Internet Explorer\Approved Extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
Software\Microsoft\Internet Explorer\Approved Extensions\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}
Software\Microsoft\Internet Explorer\DOMStorage\app.mam.conduit.com
Software\Microsoft\Internet Explorer\DOMStorage\conduit-apps.com
Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Software\Microsoft\Internet Explorer\DOMStorage\conduitapps.com
Software\Microsoft\Internet Explorer\DOMStorage\tbccint.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit-storage.com
SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Produtools_Manuals_2.1.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brch.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brff.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_brie.exe
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\tb_Conduit_Search.exe
Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9843474f-6082-4a44-b63d-5559d9e8c6a8}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e802027b-1f2b-40bd-b307-0bd96d036835}
SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{589d7cff-0173-47a9-966a-9afae3e5c249}
Software\Microsoft\Internet Explorer\URLSearchHooks\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879}
SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaevy
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
Software\Microsoft\Windows\CurrentVersion\Run\APISupport
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV2
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV3
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ConduitHelper
Software\Microsoft\Windows\CurrentVersion\Run\pcreg
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TBHostSupport
SOFTWARE\PHPNukeEN
Software\Tbccint
Software\Tbccint_HKLM
SOFTWARE\Wow6432Node\Conduit
SOFTWARE\Wow6432Node\conduitEngine
SOFTWARE\Wow6432Node\DT Soft\Astroburn Toolbar
SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\nmhostct408137
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9843474f-6082-4a44-b63d-5559d9e8c6a8}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{aefeda6a-9a49-47e5-9307-ecbec7d6d879}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C9CEFC16-8DBE-4DB8-A3E5-4C3CE4685756}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{e802027b-1f2b-40bd-b307-0bd96d036835}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJAutoUpdateHelper_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJAutoUpdateHelper_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJToolbarHelper_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\MixiDJToolbarHelper_RASMANCS
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{589d7cff-0173-47a9-966a-9afae3e5c249}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{dfbeb35b-444d-4f25-8d7d-eb2683c206ec}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\BackgroundContainerV2
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ConduitHelper
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\pcreg
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\TBHostSupport
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
SOFTWARE\Wow6432Node\MixiDJ
SOFTWARE\Wow6432Node\PHPNukeEN
SYSTEM\ControlSet001\services\pcregservice
SYSTEM\ControlSet001\services\TBSrv
SYSTEM\ControlSet002\services\pcregservice
SYSTEM\CurrentControlSet\services\pcregservice
SYSTEM\CurrentControlSet\services\TBSrv
Toolbar\RegisteredSources\CT408137
Uninstaller
CHCT408137
PHPNukeEN Toolbar
{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Site Disclaimer
Enigmasoftware.com is not associated, affiliated, sponsored or owned
by the malware creators or distributors mentioned on this article. This article should NOT be
mistaken or confused in being associated in any way with the promotion or endorsement of malware.
Our intent is to provide information that will educate computer users on how to detect, and ultimately
remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on
this article.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.
Man This Virus Was So Annoying! Took Me About 3-5 Months To Get It Off! First, I Had To Run Spyhunter's Scan And Remove The Threats. Then, I Had To Initally Remove It. If You See Any Free Downloads. Chances Are, They Could Include Conduit Search/Toolbar. I Highly Recommend That You Buy Spyhunter, Then Turn System Guard On So It Cant Get Onto Your Computer!
Como faco para deletar este search Protect criminoso que entro no meu PC e nada mais e que um vírus dominante, que aparentemente está oculto em alguma pasta de meu PC e dominou a internet, abre sozinho sites de publicidade, e vive tentando fazer eu instalar novos programas. Como faço para denunciar? Entrou no meu PC quando fui baixar o CCLEANER no Baixaki.