Today I was using Chrome on my desktop and got hijacked by Conduit Search. Conduit Search had loaded onto my computer without warning the only way I saw a problem was the resource monitor showed an activity was spreading into registry keys and even hidden operating system files - so I shut down the computer using the power off button press and hold method. My computer runs AVAST Free, and this makes the third time this week that it has been compromised. Chrome, FireFox, IE and Opera seem to be blind to this kind of attack, and it is becoming an extreme source of frustration that I loose an hour of my day removing it from my system.

As I am typing this note from my Linux powered notebook computer I am running Malwarebytes from a USB rescue drive on my desktop PC. In the last few minutes of running it has found no less then 250 entries regarding Conduit Search in registry keys and hidden files. If this PUP is allowing this many changes to registry settings and hidden files and such a PITA to remove why has AVAST let it in? I would like to see it blocked from installing ANYTHING at ANYTIME into my computers, period.

If Malwarebytes can remove it (again) from my desktop computer based on definitions alone, should not AVAST also be aware of it and block all attempts to install? Browsing on www.foxnews.com, www.cnn.com and www.newegg.com on Chrome, FireFox and Opera at the time of attack, so I doubt it came from them directly. I believe that it came in on an add or when the browser updated the page content.

Come on AVAST - lets get this crap added to the “denied” list.

UPDATE: Malwarebytes has finished, found several instances of Qvci and Troji (known viruses) tied to the folder that conduit created as a hidden file in c:windows\users under my account name. This was destroyed by Malwarebytes successfully and I am hoping that it does not come back. Will update this post as needed.

why has AVAST let it in?

you need to turn it on in all shields / scan types where you want it

We can help you remove it here if you want?

if you want help, see instructions here https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool … run as instructed and attach the two diagnostic logs

I have PUP scan activated, set heuristic to high the last time I had to clean it out of the system. Right now am in the process of rebooting my desktop - will check again when I have logged back on.

It might be worth checking if Chrome has been changed to developer mode

Dear victim,

You also have to check whether your Chrome has not got the updater disabled - another nice Conduit crap trick to stay on >:(
If one has experienced Conduit once, you could swear to it that this is outright criminal malware, but the Conduit folks have a large legal department and they will take anyone to court that says their application is an undesirable piece of crap. That is why we have detection as it is, they will just testify itheirs is a useful application :o. But all those infested by it can get cleansed through the expertise and instructions of our qualified removal experts. They are dedicated and know exactly how to cleanse this pest from your machine.

polonus