Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Conduit malware

Oct 17, 2013 2:36AM PDT

Hello,
Using Windows 8 in a new Toshiba.
I am trying to delete the spyware search called Conduit. I have found as many references I can in the registry, and put xxxs beside their name instead of deleting for now. The trouble is that when starting the computer, I get this message -
"There was a problem starting C:\ Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll - The specified module could not be found" -
I know that is because of my xxxs, I just want to delete whatever program or App that is trying to find it, so I stop getting the message.
Thanks if you know anything.

Discussion is locked

- Collapse -
Answer
I'd try MalwareBytes in Safe Mode
Oct 17, 2013 3:46AM PDT

MalwareBytes is one of the better programs at getting rid of malware. I'd install it, get it up to date, then boot to Safe Mode and do a full system scan with it. It wouldn't hurt to do that with your antivirus program as well.
`
Good luck.

- Collapse -
Answer
In addition I would suggest..
Oct 17, 2013 4:34AM PDT
- Collapse -
Added note..
Oct 17, 2013 5:34AM PDT

After reading your post a second time.......

The error message at start up is not uncommon. But considering you changed (xxx's) the file names, you might be best served by downloading Autoruns which will enable you to search for conduit-related items.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

With the above said, I would still run AdwCleaner to see what it finds.

- Collapse -
Answer
Conduit removal
Oct 17, 2013 9:57AM PDT

I have found that conduit can be uninstalled from the regular uninstall programs in control panel. It is usually visible there and can be uninstalled that way. I think that will solve your problem. Sometimes it needs to be done a couple of times, but I've never been unable to uninstall it. I hesitate to mess with the registry unless there is no other way because it can cause more problems than it fixes.

Once you successfully uninstall conduit, you will need to re-apply your home page because your browser will continue to look for conduit and will not be able to find it. Just type in the address of the homepage you want to use and set it as your homepage. If you need further clarification of how to do that part, let me know what browser you use.

Hope that helps.

- Collapse -
Your post with site and contact information has been removed
Oct 17, 2013 10:58PM PDT

In case you weren't aware .......

• It states in your post of October 10th it was edited to remove the promotional link.

• I've requested the same action be taken with your post of October 15th.

• I removed your reply (October 17th) to the above post, where you included your website and contact information.

In case you're (still) questioning why .......

Please read CNET Forums and Comments Usage Policies.

Carol

- Collapse -
Answer
ConduitCt329857
Dec 29, 2013 5:04AM PST

Hi there,

I run Windows 7, and had the same problem...this is what I found during further investigation:

from system information in safe mode:
ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe "c:\windows\syswow64\rundll32.exe" "c:\program files (x86)\conduit\ct3298573\plugins\tbverifier.dll",runconduitfloatingplugin mfchmfgdaabgdjbcaophikcobddojjoe [your pc-name]\[your user name] Startup

This file exists exactly where stated, but Malwarebytes does not find it to be a problem

Also found via programs installed:
Search Protect
Default Tab
Both of these tie back to Conduit
Uninstalled both programs via cpanel while still in safe mode...
Moving conduit folder from HD to removable drive before deletion

Then ran AdwCleaner which found a WHOLE bunch of entries in the registry...running beautifully now...

- Collapse -
Answer
conduit\CT3298573
Dec 29, 2013 5:10AM PST

I omitted in my previous post to say that I found this information is generated by exploiting the rundll32.exe to run the code that I supplied via the startup folder, which was generated by Conduit, and is why nothing found it to be a problem, as it is so buried. I also used TDSS Rootkiller by Kaspersky to further eradicate the issue...

- Collapse -
Answer
What worked for me and others
Dec 29, 2013 11:01AM PST

This is what worked for me and other people that tried this solution. The error message you've been receiving was most-likely triggered by a scheduled start-up task left behind after removing the Conduit Malware. What you need to do is simply delete the task so it won't be executed at startup. How? Check-out, download and install the following Microsoft application:

"Autoruns for Windows v11.32"

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx


Once you install the program and launch the application, you can see a complete list of all autorun items (the default is the Everything tab). Note: it may take a few seconds for it to display the results. The Autoruns application will show multiple tabs, each representing a specific group of items. Click on the "Scheduled Tasks" tab to see only the scheduled autorun tasks. One of the entries will be "BackgroundContainer.dll". Uncheck the checkbox to the left of the entry, then right click and delete the entry/task. Restart your system and the start-up error should be gone.