Conduit Search/Toolbar
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 63 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 1,043,235 |
First Seen: | January 2, 2013 |
Last Seen: | September 20, 2023 |
OS(es) Affected: | Windows |

Conduit Search/Toolbar Image
Search.conduit.com is an online search engine which is usually accessed through a toolbar for your web browser. This website and toolbar are the work of the Conduit software. There have been various reports that the Search.conduit.com toolbar makes unauthorized changes to your web browser and that, when it comes time to remove this Browser Helper Object, the lack of a legitimate uninstaller causes several problems on the computer on which Search.conduit.com is installed.
Table of Contents
Problems Associated with the Search.conduit.com Website and Toolbar
Affected computer users have reported that the Search.conduit.com toolbar causes browser redirects, forcing the affected user to visit the Search.conduit.com web page. Affected users have also found that Conduit's toolbar makes unauthorized changes to their web browser settings, such as changing the browser's homepage or its default search engine toolbar. ESG security researchers strongly recommend that users take extra care when installing browser toolbars. These kinds of applications tend to set off red flags when it comes to computer security since browser toolbar are common delivery vehicles for various kinds of malware. There are varieties of browser toolbars that are really adware, spyware or browser hijackers. Hackers take advantage of security vulnerabilities associated with BHOs (Browser Helper Objects) in order to infect their victims with malware. Toolbars that are advertised as helpful are also a practical way for criminals to take advantage of computer users, which are not very experienced in computer security.
Removing the Search.conduit.com Toolbar from Your Computer System
One of the problems associated with the Search.conduit.com toolbar is that Search.conduit.com does not include an uninstaller, making the removal of this application somewhat troublesome. The Search.conduit.com toolbar can be removed through the add/remove programs panel in the control panel. However, affected users will have to restore all the changes that this toolbar makes to their web browser preferences. This means restoring the default search engine and home page. Since this can be a tedious process, some computer users may prefer to reinstall their web browser or to restore it to default settings once the Search.conduit.com toolbar has been uninstalled. The Search.conduit.com toolbar is not attacking your computer like other malware, but Search.conduit.com has characteristics that make Search.conduit.com and inconvenience to many computer users.
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Ikarus | not-a-virus:WebToolbar.Rubar |
Ikarus | PUA.ClientConnect |
McAfee | Artemis!EAF8104FE812 |
McAfee-GW-Edition | Artemis!Trojan |
Avast | Win64:Malware-gen |
AVG | Generic.ABF |
McAfee | Artemis!CB65DD8AD8BC |
Antiy-AVL | RiskWare[WebToolbar:not-a-virus]/Win32.Rubar |
DrWeb | Adware.Toolbar.225 |
Kaspersky | not-a-virus:WebToolbar.Win32.Rubar.a |
Symantec | WS.Reputation.1 |
AVG | Generic.4CC |
McAfee-GW-Edition | Artemis |
McAfee | Artemis!82FC4EAFF415 |
AVG | SearchProtect.1DD |
SpyHunter Detects & Remove Conduit Search/Toolbar

File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | A0028368.exe | ced18c00311fab6557daa7bfe9e3ba12 | 4,614 |
2. | avayvaxxvae.exe | bb17bcf355b790bf81670c0ca87ba2ec | 143 |
3. | MLSClient.AutoUpdateService.exe | 2d4160fc44148d48ecc30b1073b557e1 | 36 |
4. | MlsUI.exe | 591d9419d5945906f50627286d82e5c5 | 31 |
5. | BackgroundContainer.dll | fa1e7216ecda699197cd4256bcfabdaa | 16 |
6. | BackgroundContainer.dll | 64b88809087171d885180e8b63979fa5 | 12 |
7. | APISupport.dll | 8d4739474723078967b674dc97ba3f1f | 12 |
8. | avaxvyvax.exe | 21ce5e311a2a0a2cb7529b71c76578f7 | 8 |
9. | BackgroundContainer.dll | e6e5bab9447d259fec8f652b7af2be17 | 7 |
10. | The_Pirate_Bay.exe | 92becf79224ac52f9e3943f6040090d7 | 5 |
11. | BackgroundContainer.dll | 0b51d7ac421cca21e9164d92302400a5 | 3 |
12. | ConduitHelper.exe | 280062cb75b91fbf44abc416fc464a80 | 2 |
13. | APISupport.dll | 5691d2e4dce886cab24668a4451c0b05 | 2 |
14. | UninstallerUI.exe | d2fb0b4bbec33768550194d19548b062 | 2 |
15. | BackgroundContainer.dll | 7183744a0b3fbb245d163ca1f4464974 | 1 |
16. | BackgroundContainer.dll | 6abb50c6f10866d877b80a0f56706633 | 1 |
17. | APISupport.dll | 0719fb9aa39b2f9fb32a2cfd79c15ec1 | 1 |
18. | TBMessagingHost.exe | 6d3282fa8d14e621193a4e83ea189a31 | 1 |
19. | APISupport.dll | af9ade58b26a0bec3cfca744979ba58e | 1 |
20. | APISupport.dll | 5d69ac8c1f0d99ce73da73446a742aa4 | 1 |
21. | APISupport.dll | 24bd5d772c3b22f265da59821d2df274 | 1 |
22. | APISupport.dll | 8c7475dcf6b7dacf5d6571514a33fe47 | 1 |
23. | UninstallerUI.exe | 3cb679b8f9bf317aa423487a23efe220 | 1 |
24. | ConduitCrashHandler.exe | a4185bdaca04cf569cc14de1b0e9013d | 1 |
25. | BackgroundContainer.dll | c493fbba3eb993039b872d6d47ebe8a3 | 1 |
26. | BackgroundContainer.dll | d42c388f33a2099abc3a311691fa406e | 1 |
Registry Details
Directories
Conduit Search/Toolbar may create the following directory or directories:
%ALLUSERSPROFILE%\Application Data\Conduit |
%ALLUSERSPROFILE%\Application Data\Tbccint |
%ALLUSERSPROFILE%\Conduit |
%ALLUSERSPROFILE%\Tbccint |
%LOCALAPPDATA%\Conduit |
%LOCALAPPDATA%\TBHostSupport |
%LOCALAPPDATA%\Tbccint |
%LOCALAPPDATA%\cctbplt |
%PROGRAMFILES%\AstroburnBar |
%PROGRAMFILES%\Conduit |
%PROGRAMFILES%\ConduitEngine |
%PROGRAMFILES%\Nova |
%PROGRAMFILES%\Tbccint |
%PROGRAMFILES%\pcreg |
%PROGRAMFILES(x86)%\AstroburnBar |
%PROGRAMFILES(x86)%\Conduit |
%PROGRAMFILES(x86)%\Nova |
%PROGRAMFILES(x86)%\Tbccint |
%PUBLIC%\Conduit |
%TEMP%\38fdaae5-8e0e-493c-88ec-e05c3be06e42 |
%TEMP%\AstroburnBar |
%TEMP%\CT3302872 |
%TMP%\ct2571160 |
%Temp%\CT3302999 |
%Temp%\CT3310393 |
%Temp%\CT3317212 |
%Temp%\ct3311333 |
%Temp%\mam-ct3317212 |
%USERPROFILE%\AppData\LocalLow\ConduitEngine |
%USERPROFILE%\AppData\LocalLow\PHPNukeEN |
%USERPROFILE%\AppData\LocalLow\Tbccint |
%USERPROFILE%\Configuración local\Datos de programa\Conduit |
%USERPROFILE%\Configurações Locais\Dados de aplicativos\Conduit |
%USERPROFILE%\Impostazioni locali\Dati applicazioni\Conduit |
%USERPROFILE%\Local Settings\Application Data\Conduit |
%USERPROFILE%\Lokale Einstellungen\Anwendungsdaten\Conduit |
%USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Conduit |
%UserProfile%\AppData\LocalLow\Conduit |
%UserProfile%\Local Settings\Application Data\TBHostSupport |
%UserProfile%\Local Settings\Application Data\Tbccint |
%appdata%\Tbccint |
%programfiles%\PHPNukeEN |
%programfiles(x86)%\PHPNukeEN |
%systemdrive%\users\appdata\locallow\Conduit |
%temp%\Conduit |
%temp%\ConduitSP |
%temp%\ct3309759 |
URLs
Conduit Search/Toolbar may call the following URLs:
&form=CONMHP&conlogo=CT |
ConduitAutoCompleteSearch |
npconduitfirefoxplugin |
www.ourtoolbar.com |