Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vosteran + win32:conduit-d+win64: conduit-A


  • This topic is locked This topic is locked
6 replies to this topic

#1 paks

paks

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 January 2015 - 06:16 PM

Hi!

 

In December my Virus software (Avast free version)  told me I had a Win32: conduit-D and a Win64: conduit-A Pup. I think it took care of the problem because at the next boot scan it did not say I had it. Then a couple of days later another scan told me I had some decompression bombs in an archived directory so I just deleted them. The daily scan have been good for at lest 3 weeks. Then on a web site, the site told me that I needed to update my Flashplayer. I did not click on the link I just left the site, but It was to late Avast told me I had the Vosteran virus trying to install itself. I thought that it had stopped it but I was wrong. It had hijacked my web-browser (Explorer). I uninstalled the program with Uninstall from the control panel. By then I had two versions of  Flash player (same version number), I uninstalled both of them and went to Abobe.com to get a new version of it. Every thing seems normal now, except Avast tells me that it could not scan some 52 files because they were password protected. It names the 52 files but I can’t see them in Window Explorer.  Here is one of the names :

 

C:\ Users\Charles\Downloads\flash_set-up.exe|>images\bg-close-program.png

 

The files have the same name up to the |> symbols and then they are different.

 

The dialog box from Avast tells me to “select the required action for each result and click “apply”. There is no “apply” button to click and no choice of action to select. Usually it will give me the option to move to Chest or, delete or do nothing etc.

 

So, is my PC infected?

 

I’m running Window 7 Home premium, service pack 1.

 

The laptop is a Gateway Model M-7332h

With an Intel Pentium Dual core CPU T4200 @ 2.00GHz

4 gig memory

And a 64bit O.S.

 

Thanks

 

Paks

 

Attached File  Addition.txt   45.86KB   226 downloads

 

Attached File  aswMBR.txt   1.98KB   95 downloads

 

Attached File  FRST.txt   48.6KB   197 downloads


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,500 posts
  • Interests:Boo!....
  • MVP

Posted 05 January 2015 - 08:23 AM

Hi and welcome

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Instructions on how to backup your Favourites/Bookmarks and other data can be found below.Proceed with the reset once done.~~~~~~~~~~~
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
URLSearchHook: HKU\S-1-5-21-510212549-54136036-888789963-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ferrer:source?}
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> {6F2F1A59-B6A5-4F14-96E8-50212FF238E5} URL = http://websearch.ask...48-81C0FB016EA7
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-510212549-54136036-888789963-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Plugin HKU\S-1-5-21-510212549-54136036-888789963-1000: @yahoo.com/BrowserPlus,version=2.8.1 -> C:\Users\Charles\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll No File
FF user.js: detected! => C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\02gk2kkb.default-1403025182108\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\02gk2kkb.default-1403025182108\searchplugins\Vosteran.xml
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-510212549-54136036-888789963-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
U3 Appierv; No ImagePath
C:\Users\Charles\AppData\Local\Temp\APNStub.exe
C:\Users\Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp343apb.dll
C:\Users\Charles\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Charles\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Charles\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Charles\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Charles\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Charles\AppData\Local\Temp\mp3el.exe
C:\Users\Charles\AppData\Local\Temp\nsuED3A.exe
C:\Users\Charles\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Charles\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\Charles\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Charles\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Charles\AppData\Local\Temp\uninst.exe
C:\Users\Charles\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Charles\AppData\Local\Temp\wpsetup.exe
C:\Users\Charles\AppData\Local\Temp\_is86DB.exe
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510212549-54136036-888789963-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Charles\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~

BY4dvz9.pngAdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 paks

paks

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 05 January 2015 - 06:59 PM

Thanks Juliet.

 

Everything ran like it was supposed to here are the 3 files.

 

paks

 

Attached File  Fixlog.txt   12.98KB   98 downloadsAttached File  JRT.txt   112.23KB   113 downloadsAttached File  AdwCleanerS0.txt   3.82KB   121 downloads



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,500 posts
  • Interests:Boo!....
  • MVP

Posted 05 January 2015 - 08:34 PM

Goodness gracious that took out a chunk.

Download Malwarebytes' Anti-Malware to your desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
  • ~~~

    ^^^^^^^^

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.


    Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note:
      For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan.
    *************************************
Please post
Malwarebytes' Anti-Malware log
Eset log

Please tell me how the computer is now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 paks

paks

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 06 January 2015 - 01:15 PM

Hi again Juliet.

 

Yesterday I ran the MalwareBytes scan and then the online Eset scan, but after more than 3 hours my computer just turned itself off by itself. It was way past 1:AM so I went to bed. This morning I ran the online scan and 5 minute later the computer turned itself of again. I turned it on and re-ran the on line scan, it took more than 4 hours but it worked to the end of the scan. Last night scan ESET said on the Dashboard that it had found 3 threats : win32: conduit-a, and again win32: conduit-a and finally Win32: search protect something. But at the second scan this morning it did not find those 3 threats but it found  a variant of win32: Bundled toolbar. Ask.  Maybe I forgot to uncheck the remove threats box. I don't really remember doing it, but then again I'm a old fart that has a bad memory.  

 

My computer seems to be faster, but this morning when I got on your forum some words where green with a small arrow beside it, and when the cursor went over it I had a pop up with a HP add on it. Now I don't see it anymore?????? I looked in the browser's history but without seeing anything site suspicious just the one I visited for the purpose of the cleaning.  Since the  delete treats  was not checked, when will the file in quarantine be deleted?

 

Is there a good antivirus-antimalware suite that is for sale anywhere? I've always bought my virus protection before but since I retired, and that money is scarcer I've depended on Avast free download. And my problem started with their automatic update of my computers program, once it told me that my Java needed to be updated and that's where I got the win32: conduit-D and since then it's been a nightmare. 

 

Well, I thank you for you time and help. I hope things will get better on the WEB.

 

 

 

paks

 

Attached File  Eset.txt   144bytes   87 downloads

 

Attached File  malware.txt   1.43KB   101 downloads



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,500 posts
  • Interests:Boo!....
  • MVP

Posted 06 January 2015 - 03:14 PM

What Eset found I can fix, as well the MBAM quarantined items too and,  they are safely held in a folder that cannot harm the machine.

 

 

I'm a old fart that has a bad memory

Oh now you hush!,  I think you did very well and followed all instructions.

 

LOL!

 

 

Java needed to be updated

 

I can help with this too.

 

Go to your control panel,  add/remove programs.

Locate the Java javaicon.gif

 

Open the program, (double click) at the top is an update button,  click on that

Down at the bottom of the page that opens is an Update now button,  click on that and follow the instructions.

 

~~~~~~~~~~~~~~~~

Let's remove FRST quarantine and the other tools folders.

 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Downloading and installing a different antivirus is OK,  some,  request you remove your old antivirus before a download/install can complete.

 

As for which free versus paid for Antivirus I have to leave this up to you but, I've always stayed with a free version, that use less resources and consumes less time in updating. This is my personal opinion and also with free versions of Antivirus, firewall is not included.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~

 

Also,  I would like to post a few preventive tips

Please take the time to read over a few of my preventive tips.

Computer Security
http://malwareremova...=557960#p557960
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know

CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    How to prevent Malware: Created by Miekiemoes


    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article (http://www.forbes.co...o-disable-java/
    and this article (http://www.nbcnews.c...alate-1B7938755

    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo...ur-web-browser/) and How to unplug Java from the browser (http://krebsonsecuri...om-the-browser/))


    Avoid P2P

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.
     
  • FBI Cyber Education Letter
    USAToday
    infoworld

*********************************************
Please read the following safe computing articles..

Secure My Computer: A Layered Approach


Free Antivirus-AntiSpyware-Firewall Software

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

 


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,500 posts
  • Interests:Boo!....
  • MVP

Posted 12 January 2015 - 03:52 PM

Glad we could help. :)sparkle.gif

Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users