Please can someone help?!! I use Chrome or I/E as my main search providers, but they seem to have been taken over by an annoying tool bar called search conduit which bombards me with annoying ad’s. I have read the forums on the subject and have used “browser clean up”, which says that all is well when it patently isn’t! Am a bit ignorant in I.T. so don’t want to meddle too much without advice. What is a PUP please? Loads of thanks for any forthcoming suggestions…
A PuP is a " Potentially unwanted Program".
Conduit is a very nasty toolbar that gets bundled with “free” software. You need to be very careful when installing any program.
Try this http://www.bleepingcomputer.com/download/adwcleaner/ ADW Cleaner should remove the problem.
If you still have issues, start a thread in the Viruses/Worms forum.
Thanks Adrian, have signed up to blinking computer, will try their clean-up process this evening when I have a little more spare time, I’m sure I will learn a lot in their forums too. So cheers again for taking time out to help a pc novice, much appreciated amigo!
Follow the instructions and attach the logs to your next post
http://forum.avast.com/index.php?topic=53253.0
MalwareBytes took care of it on my machine.
I have the log files that I got via adw cleaner, are these sufficient or would it be better to use the link you gave? Thx for advice so far…
You now have one topic here…and one in the viruses and worms forum section ( the correct place for virus and false positives issues)
Please stay in one topic so that the malware expert know where to reply http://forum.avast.com/index.php?topic=149167
Sorry, thought I was in right section…will be more careful next time!
Thanks guys, Malware bytes worked for me, I didn’t post the logs because after mwb re-booted my pc I didn’t see the option, but it definitely quarantined 2 search conduit entries and 1 other, and Chrome/I.E. work fine now. I am using this forum because that’s where the links were, so apologies. Hats off to all of you!!
Hi again, I hope this topic is still open for you to be able to help, I tried the link given for “viruses/worms”, but it came up that the topic there was “Off limits” to me. As I posted yesterday Malaware Bytes found and quarantined the "search.conduit " problem,or so I thought…today I used my home laptop and found that, again the thing had hi-jacked my Google Chrome browser. I didn’t download anything onto this machine and so I can only deduce that the PuP got in through my Chrome account. I downloaded MWB onto this PC and got the txt logs as suggested. I will leave it a day or so to see if you guys still see this message and the logs, if not I will open a new post in the virus/worms section. Thanks for your patience…just realised I can’t locate log, will add later.
Hi again, I hope this topic is still open for you to be able to help, [b]I tried the link given for "viruses/worms[/b]", but it came up that the topic there was "Off limits" to me.Malware expert posted instructions for you there, but since you never replyed there it was deleted
Right, sorry about that, I don’t want to waste anybody’s valuable time. I don’t know why, but the logs I was sure I sent to my desktop don’t seem to be there, and the history logs in my MWB account don’t give an option to resend the files. There is, however, confirmation that the PuP is indeed residing in my Chrome account,(I think!), as the location was…C:\Users\Dave\AppData\Local\Google\Chrome\UserData…Do I need to delete my Chrome account and re-register with them or is there an easier way? If you need the logs I will try to locate them and forward them ASAP. Many thanks once again Pondus and team…
A removal expert is notified about your topic here…it may take some time before he is online
Better not to use DDS as they will force me to use ComboFix which is unnecessary here. 
[*]Step #1 Scan with OTL
[*]Please download OldTimer’s Listit from one of the following locations and save it to your Desktop.
Download Link 1
Download Link 2
Downlaod LInk 3
[*]Copy and Paste the following code inside the Custom Scans/Fixes box;
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button;
[]After the scan two logs will be produced;
[]Attach the logs in your next reply
[*]Required Log(s):
[]OTL Log(s) –
[list][]OTL.txt;
[*]Extras.txt
[/list]
Regards,
Valinorum
I don’t know how to copy/paste, I did as you asked and found these logs in my downloads file, I hope this is correct? TY.
I don't know how to copy/paste,If you look at my instruction, there is a [b]select[/b] button beside the word [b]code[/b]. If you mouse-click on it, the instructions inside the box will be highlighted that is to say that they will be turned blue ( or any custom color if you have changed it). Put your cursor on them while they are selected and right-click and choose [b]Copy[/b]. This is called copying. [b]See attached image below[/b]
Run OTL.exe and put your cursor inside the Custom Scans/Fixes box and right-click and choose Paste. You will notice that the highlighted text that you copied has appeared inside the box. This is called pasting.
See attached image below
Un-install SpyBot Search & Destroy for now and you can re-install it if you wish after I clean your system.
Reset Google Chrome by perusing this article.
Regards,
Valinorum
Hi daveyden,
[*]Step #2 Fix with OTL
[*]Re-run OTL by right clicking and choosing Run as administrator;
[*]Under the Custom Scans/Fixes Box copy and paste the following contents inside the code box.
:Commands
[createrestorepoint]
:OTL
[2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2014/02/16 15:53:34 | 000,656,048 | ---- | C] (WildTangent, Inc.) -- C:\ProgramData\uninstall3214993.exe
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
CHR - homepage: http://search.conduit.com/?gd=&ctid=CT3321139&octid=EB_ORIGINAL_CTID&ISID=M84853D57-5421-4AA4-997F-4CB676FCDF92&SearchSource=55&CUI=&UM=5&UP=SP89898F7C-5041-47E6-8360-60FAA5F112BC&SSPV=
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: C:\Program Files\mcafee\msc\npMcSnFFPl64.dll File not found
:Files
C:\Program Files\mcafee
:Commands
[emptytemp]
[resethosts]
[*]Click on “Run Fix” and let the program run unhindered;
[]Your PC will reboot automatically and a log will be opened;
[]Please attach it in your next reply.
[*]Step #3 Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[]A log will be opened automatically after the restart;
[]Attach the log in your reply.[/list]
[*]Step #4 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
[]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
[*]Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
[*]Please be patient as the tool cleans your system;
[*]After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
[]Attach the log in your next reply.
[*]Required Log(s):
[]OTL Fix log;
[]AdwCleaner Log;
[*]Junkware Removal Tool Log
Regards,
Valinorum
Thanks Valinorum, I’ve re-set browser settings and all seems to be good for now, if the problem re-occurs I will follow your other steps. Thank you and others very much for your help here.
Kind Regards, Daveyden
It is recommended that you follow the steps should any remnants are left behind.
I think the thing was added when I downloaded Frostwire, as when I updated that site today I was given the choice, (in a quite confusing way of course!)…whether or not to allow search conduit to be my main browser setting, and if I want it to be able to stop attempts from any other browser hosts to change this. So they were upfront (if stealthy) about the product, which of course I refused this time around. Cheers, Dave