Avast just detected Win32:DomaIQ-AP [PUP] and Win32:DomaIQ-AN [PUP]

Please advise Thank you! have not moved to chest

Karen

Hi,
Run Malwarebytes to remove posible remainst and then OTL and aswMBR tools for diagnostic.
http://forum.avast.com/index.php?topic=53253.0
Post results here.

OK …WILL DO thanks

Magna…Avast is giving a warning message when attempt to download OTL ?

Magna

I just realized that I never put the items in quarantine before doing the scans? Was I supposed to?

I was able to do MBAM and OTL I did the full scan MBAM

but … the link to aswMBR.exe will not work - Chrome says web page not available and will not refresh

also FYI - today when I used CNET Downloads that Conduit installed even though I declined all CNET add-ons
It did hijack my home page in browsers - I googled how to get rid of and I learned to UNINSTALL which I did - I also attempted to remove it from Firefox numerous times - but it persists

I do not want to use Firefox with that Conduit thing active and IE does not work at all though Conduit is listed on there a;so

Chrome does not list it at all as an extension

also note …after MBAM restart see the error message that came up (see attched screen shot)

Hi Karen R,

Follow magna86’s instructions to the dot
and he will help you cleanse your comp from this unsolicited and probably unwanted crap/junk.
It is a pity really to see these profit driven “bundlers” give our removal experts so much additional work.
magna86 and the other qualified removers do a magnificent job here.
Thanks from all of us go out to them,

polonus

Hello Polonus and Thank you

Finally I was able to do the MBR scan…I tried again to download the link provided and Avast sent a pop up warning about the link just as last night with the OTL link … I must have missed seeing to ALLOW for the MBR but did so successfully this morning (so that pop up by Avast is an issue?)

Also see screen attached …while Chrome does not list CONDUIT as an extension - it says I have no extensions - I noticed in the Chrome settings to change the startup page from “last where left off” I see CONDUIT there as a search option in Startup page settings choices.

Finally
all scans are now attached here per Magnus instructions - (still seeing that other message about DLL - see screen shot attached from last night)

Hi,

  1. Follow this guide for setting up home page and search page back to google.
    https://support.google.com/chrome/answer/95314?hl=en

  1. Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{9B4141F4-7857-42E5-A27A-17D26490B1F9}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cacql
IE - HKU\S-1-5-21-3886293462-2656852358-2641576973-1000\..\SearchScopes\{9B4141F4-7857-42E5-A27A-17D26490B1F9}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cacql
IE - HKU\S-1-5-21-3886293462-2656852358-2641576973-1000\..\SearchScopes\{DD4BCDF0-EF21-4DA6-8D41-20B39DE94134}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN13158619311818327&UM=2
O4 - HKU\S-1-5-21-3886293462-2656852358-2641576973-1000..\Run: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\Windows\system32\Rundll32.exe" "C:\Users\staples\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil File not found

:FILES
C:\Users\staples\Desktop\*.tmp
C:\ProgramData\Conduit
C:\Users\staples\AppData\Local\Conduit
C:\Program Files\Conduit
C:\Users\staples\AppData\Roaming\SearchProtect

:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log


  1. Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

How’s your computer running now?

Thank you Magna …I will do now

Karen

Hi Magnus!

yes good now for Firefox and IE and Chrome NO MORE CONDUIT THANK YOU!!!

and I guess I now seem to have the Avast REPUTATION popping up at download times …which is new to me.

Also - I may need to speak to support for Avast due to last week Avast Internet Security which is my version (paid) it updated/upgraded itself automatically to a whole new interface and then my computer would not work properly at all …
so I had to RESTORE POINT to earlier known good config…so I am now using the old version of Avast (it reverted)

Do you know anyone else with this issue and I dread having to use restore point if it updates when I renew my subscription?

One last question - my Internet IE9 will ABSOLUTELY NOT WORK - blank screen for tabs - it worked for one or two days last week after a long time not working at all but again not working - is it Avast security related at all??

Thanks for all your help and to Polonus also!

Hope I am clean now!

Hi,
I am not avast support member, I am just volunteer helper here. :slight_smile:

Abaut avast2014, I would tried again, as it probably install process by itself gone some wrong or something was active in the background…etc
You may contact the avast support because you paid your license.

Reset your IE to there default settings and that should fix your problem.
http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

To remove OTL and aswMBR just re-run OTL and click on CleanUp! button.

You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.

Then re-run AdwCleaner and hit Uninstall button.

thank you again Magnus!!

You are a great helper!

Best Regards
Karen

Magna

Conduit is still there as the DEFAULT search in Chrome ???

I thought I unchecked it yesterday to NOT be default search - today there is no X to UNCHECK as default

why is it still there?

Thanks

Hi Karen R,

You also have to check whether you are able to update Chrome any further.
Conduit disables that in the settings by default so you cannot get rid of it in Chrome.
Yes this Conduit is a nasty piece of “whatever you like to call it”. >:(
Let Magna help you to restore Google Chome update settings!

I know this, I have been there, won that T-shirt ;D

Damian

Thank you Damian!!!

will await Magna before I do anything

Karen Yes, polonus advice is valid.

This is just in Chrome settings, why just don’t remove them?

Also, follow this for reset Chrome to defaults. This shall solve your Chrome problem.
https://support.google.com/chrome/answer/3296214?hl=en&ref_topic=3227046

thank you Magna

yesterday there was no X to remove from the list of search options in Chrome settings

the day before there was …and I did remove 2 days ago …i.e. it came back

I will try your link and see

thank you

THIRD update to Magna

it came back again after Xing it out and choosing google as search
after closing out of Chrome and opening again Conduit was the Default AGAIN

absolutely insane!

update to Magna this is INSANE!

I did RESET Chrome

STILL Conduit is DEFAULT search …and there is NO X to REMOVE it

… Sorry CORRECTION yes there is X to remove - if you choose another search option - will test again to X out the Conduit and see what happens

you can choose another default search but why is Conduit still defaulting???

Maybe this is a Chrome issue

Should I RESTORE my system to BEFORE this Conduit invaded???

Really frustated and worried to use Chrome for sensitive online connections like banking

Hi Karen R,

You cannot do that without clicking and going to Google Chrome advanced settings and then click to restore browser settings.
You can image some folks cannot come to that point without experienced removal help,

Damian

hello Damian

Well you must know I have changed the Chrome advanced settings and even RESET to default many times - in Chrome Conduit comes back each time …it will not go away

so each day I RESET Chrome before I begin the day.

I could use Firefox… but I like Chrome so .this is a defect wiith Chrome maybe.