Issue with single infection, MBAM can't clear it...

J

Joeyboy

Daemon Poster
Messages
605
Location
England
Right so noticed at times my browser would lock up, it seemed to be trying to re-direct one of my tabs elsewhere but was failing to re-direct right, message kept popping up saying a script wasn't functioning right and to let it continue or stop it, eitherway firefox locks up.

Mbam has found 1 infection, PUP.Optional.Conduit.A.

Every time I run it it says it has dealt with it, but if I re-start it'll find it again. Any advice?
 
Boot into Safe Mode, uninstall any Conduit or any related toolbars from your Programs & Features list.

Then run MBAM again in Safe Mode.
 
carnageX said:
Boot into Safe Mode, uninstall any Conduit or any related toolbars from your Programs & Features list.

Then run MBAM again in Safe Mode.
Click to expand...

Apologies for the delay in replying I've been working straight for the last two weeks pretty much and haven't gotten around to sorting it. It seems that didn't work, I booted in safe mode and couldn't see any conduit or toolbar stuff on the list of programs and ran mbam, it did the usual of finding 2 infections (pretty much the day after I posted that it has always found two, both PUP optional things, the new one is PUP valueapps and saying it's cleared them, but right way I had the re-direct problem once I was using it normally.

If it means anything, this is the script it keeps saying is unresponsive, which I assume is why it keeps trying but failing to re-direct my page, then firefox locks up.

chrome://findandremind/content/js/jquery.url.parser.js:33
 
My normal routine is:

Boot into safe mode
Run Rkill
Run MBAM
Run Combofix
Run MBAM
Run Combofix
Run Unhide if icons/files hidden (usually takes several times)
Boot back into regular mode and test
 
Trotter said:
My normal routine is:

Boot into safe mode
Run Rkill
Run MBAM
Run Combofix
Run MBAM
Run Combofix
Run Unhide if icons/files hidden (usually takes several times)
Boot back into regular mode and test
Click to expand...

With combofix is it important to disable any other anti-virus?

I got rkill and combofix from bleeping computer, avast warned me the latters file was unknown/rarely found and may be a risk, told it to ignore and let me download it. When I ran combofix in safe mode it warned avast still being active could cause system damage, but for some reason when I tried to load up avast it wouldn't respond, so I couldn't de-activate it. Is it all right to run combofix anyway?

Also combofix mentions how it can potentially cause system damage with incorrect use, is it as simple as getting it to run and asking it to fix any problems it finds? Btw is running unhide necessary if I do not seem to have this rogue spyware thing it mentions?
 
Joeyboy said:
With combofix is it important to disable any other anti-virus?

I got rkill and combofix from bleeping computer, avast warned me the latters file was unknown/rarely found and may be a risk, told it to ignore and let me download it. When I ran combofix in safe mode it warned avast still being active could cause system damage, but for some reason when I tried to load up avast it wouldn't respond, so I couldn't de-activate it. Is it all right to run combofix anyway?

Also combofix mentions how it can potentially cause system damage with incorrect use, is it as simple as getting it to run and asking it to fix any problems it finds? Btw is running unhide necessary if I do not seem to have this rogue spyware thing it mentions?
Click to expand...

It's fine to run Combofix in Safe Mode even if it gives the error about Avast still being active. If you can, just disable Avast temporarily, but in Safe Mode it shouldn't matter because the Avast services aren't running.

As for the incorrect use... it just gives that warning so people don't use it when it's not needed. Yes, all you have to do is run the Combofix.exe and let it run. It will automatically fix anything it finds - it doesn't prompt to remove anything which is why it gives the warning about "incorrect use" because if there's a false positive... you won't know until it's already deleted.

That being said... I haven't really had any issues running it personally.
 
Okay Trotter did your routine, though didn't run unhide as I forgot to download, and it seems it's still here. It hasn't locked up yet, but one page took a few more seconds to load and I saw search.conduit attempting to load at the bottom. Is unhide important or would you expect it the other three to have gotten rid of it between them? As usual though Mbam finds nothing now, because of it getting rid of it in safemode. If I re-start the computer a few times or check next day, it'll have found it again. I can't imagine I'm visiting a link which is re-infecting me every time as I'm only going on a literal handful of mainstream websites.

Also just to say, I've tested a couple of times and it seems this thing is only impacting on Firefox, IE does not seem to lock up, I loaded the same four sites and refreshed them, went to different pages on them etc. Until firefox had crashed twice, in this time and after it, IE seemed fine.

Ah ha found a Conduit Plugin active on firefox, that's so weird as I looked for one multiple times and it hadn't appeared before. I set it from always active to never activate, but how do I remove it? It says the associated file is npConduitFirefoxPlugin.dll. However I cannot seem to find this and none of these scans have picked that up as anything negative? Where would it be located.

EDIT: Disabled the search conduit plugin has not stopped it actually trying to re-direct to search conduit.

Right under Users and appdata for Mozilla, I have found a few folders which seem suspicious. I'll just write all the folder names and can anyone tell me if any should/can be deleted?

Ones which look suspicious to me considering Conduit is what it tries to re-direct to..

Conduit
Conduitcommon
Smartbar
CT1431126 (smartbar contains a folder which is similar)
CT2680363
Sweetpackstoolbardata
Searchplugins (has conduit, sweetim etc in it)

Then bar obvious ones I know should be there, there's...

Chrome
FVD singles
Weave
Webapps
 
Last edited:
Try this to remove the plugin(s):

You can set the plugin.expose_full_path pref to true on the about:config page to see the full path of plugins on the page:
Code: 
about:plugins

Issues related to plugins - MozillaZine Knowledge Base
About:plugins - MozillaZine Knowledge Base
About:config - MozillaZine Knowledge Base
It is best not to leave that pref set to true as it exposes that full path to web servers via the navigator.plugins object, so reset that pref to false after you are done with the about plugins page.

See "Manually uninstalling a plugin":

https://support.mozilla.org/kb/Troubleshooting+plugins
Click to expand...

From: https://support.mozilla.org/en-US/questions/951112
 
carnageX said:
Try this to remove the plugin(s):



From: https://support.mozilla.org/en-US/questions/951112
Click to expand...

Tried that guide of putting X in-front of the file for conduit search, so I'll see how it goes, I'll see soon enough.

Seems like it's worked, though I'm still perturbed there's one PUP optional, related to this, which mbam keeps "healing" then finding again on a re-boot. But at least nothing is happening any more.

EDIT: Spoke too soon, it's still there. Downloaded and tried running CCcleaner on advice, it hasn't solved it. Mbam finds the same 2 infections after each scan now it seems, I've tried physically removing all folders/files associates with conduit I could find as well...

PUP.optional.conduit.A
PUP.conduit.valueapps.A

Category says Registry Key.

What I don't get is sites discussing conduit search do not mention it locking up the browswer. But what I find happening is every now and then (but often enough), a tab I open/site I load will be trying to load conduit search, you can see it flickering in the bottom left, then it'll lock up and I'll get told a script isn't working right..

chrome://findandremind/content/js/jquery.url.parser.js:33

MORE EDIT GOODNESS: Right so I went on a folder deleting spree, ended up deleting every toolbar related thing, even stuff I'd previously used. Probably deleted stuff I shouldn't but oh well. So now it seems to be okay. I'll report on how it is after a restart tomorrow, but I haven't had any issues thus far (though mbam still finds the 2 infections)
 
Last edited:
You must log in or register to reply here.

Similar threads

G
Why can't my application import files on Windows 10 Home Single Language with i7 but it can on Windows 10 Pro with i5?
Replies
0
Views
1K
gib88
G
W
Covert Communication via modulated Ultrasonic Acoustic Pressure Waves
Replies
0
Views
1K
WhiteHatX74
W
S
Can someone help me deal with this online issue?
2
Replies
15
Views
4K
Scissorman
S
S
Understanding LM and things to do after installation of 19.3 .
Replies
0
Views
1K
Spud1200
S
A
Can't delete files from Recycle Bin.
Replies
2
Views
2K
Argingst1550
A
Back
Top Bottom