How to remove conduit search engine from pc
Upcoming SlideShare
Loading in...5
×
 

How to remove conduit search engine from pc

on

  • 250 views

Infinite Tech Blog for those tech junkies looking for that fresh byte of technology on daily basis, the most updated technology blog on the planet.

Infinite Tech Blog for those tech junkies looking for that fresh byte of technology on daily basis, the most updated technology blog on the planet.

Statistics

Views

Total Views
250
Views on SlideShare
250
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

How to remove conduit search engine from pc How to remove conduit search engine from pc Document Transcript

  • Infinite Tech Blog – InfinitelyMore.org How To Remove Conduit Search Engine from Firefox, Chrome, Internet Explorer and Your PC or Computer Brought to you by: InfinitelyMore.org Tech Blog Follow this Webpage for Updates on this Technique Please try my detailed explanation of Registry cleaning of the keys and entries manually added by conduit, if anyone experiences re-infection after restart this is why, if you only uninstalled via control panel you did not solve the problem, you may have fixed your newtab issue on one browser, however the malware still exists in the background and there is still keys in the computer registry that point to re-write new executables. Follow these steps if nothing else has worked for you, they will remove the core keys of conduit, these keys point to temp files that rewrite the main executable in turn re-hijacking browsers or just acting as spyware for everything your doing. Open "Run", type "Regedit" (Pic below) Infinite Tech Blog Page 1
  • Infinite Tech Blog – InfinitelyMore.org This will open the Computers Registry, here is a Pic of the window below Okay, now we can see two main entries that we will work with out of the 5 folders, we will use only the 2nd and 3rd one or more specifically, HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. Now we visualize the two folders that contain all the malwares behind the scene instructions, these are where the programs are directed to open and install things over and over again when you try to remove or delete them ect, so we can solve this now pretty easy if you are following for anyone reading this, this is universal for all malware/virus ect. So, we know these two folders, we will start with the 2nd one or "HKEY_CURRENT_USER" on your computer, so we click the folder and expand it so we can see all the folders it holds inside it, easy? Okay, now you've opened the folder and it shows this below: Infinite Tech Blog Page 2
  • Infinite Tech Blog – InfinitelyMore.org Okay, this looks like yours, so your really following me now, this is good. You see software folder I highlighted, this is the next folder we will expand, not many steps left so stay with me please! Open software, if you are on a infected computer you will right away see "Conduit" in the folder list, its alphabetical by the way, so it would be in the C named folders near the top! See below: Infinite Tech Blog Page 3
  • Infinite Tech Blog – InfinitelyMore.org Okay you see the folder, you will delete "conduit" from the softwares list of folders, this is something you can feel comfortrable about doing, just don't delete anything but the specific "conduit" named folder, leave everything else. :D So, we just deleted Conduits main software folder in the registry entry "HKEY_CURRENT_USER/Software" folder, so now we will go ahead and navigate further into the expanding folders, now that you are still in software, continue searching down to the Microsoft folder, near the M alphabetical order obviously. Good you found Microsoft folder that is inside the software folder, now navigate to the folder called "Windows" inside the Microsoft folder which is inside the main software parent folder, you have expanded 3 folders, you see inside the "Windows" folder there is another folder called "CurrentVersion", and inside that folder is "Run" folder and "RunOnce" folder. You found the start up programs for the computers registry current user directory, congrats, this list inside the "Run" folder contains start up programs entries that tell the computer which application to start, and the location or target of the program its being told to start see pic below: Infinite Tech Blog Page 4
  • Infinite Tech Blog – InfinitelyMore.org You see on that list above in the picture, its 3 entries, 2 of them are for my legitimate programs, I created a Conduit one for you to visualize, this is where it will be on your computer, it will have Conduit as key name, and the data where it says EXAMPLE will just be a path to the conduit malware its starting! You can safely delete that "Search Conduit" entry, or just "Conduit". Okay we are 50% done, you did the main directory for "HKEY_CURRENT_USER" but we still need to do "HKEY_LOCAL MACHINE" folder, and expand that so we can do the SAME STEPS as above in current user directory, simple right? I made more pics just the same thing but this time in the 3rd folder, should be getting easy by now... There is the main folder here in LOCAL MACHINE: Infinite Tech Blog Page 5
  • Infinite Tech Blog – InfinitelyMore.org Now you navigate to Software> and then Look for Conduit. under local machine and inside software folder, its called "conduit" on the list, delete Conduit as shown in the picture. Infinite Tech Blog Page 6
  • Infinite Tech Blog – InfinitelyMore.org okay now we just gotta locate the same "Run" and "RunOnce" folders as we did before but this time we will stay under this new "LOCAL MACHINE" directory instead of being under CURRENT USER as before. After deleting conduit on the list, move down to Microsoft folder again, expand, navigate to "Windows", expand it, and look for "Currentversion" folder. Inside the CurrentVersion folder locate "Run" folder, open it and inside it find "Conduit" or any related conduit seach protector entries as shown in the picture below: Delete only the conduit, now your registry is free of main conduit folders, and free of re-writing on restart of the malware. I would recommend using the registry tips and guide I provided or else it will end up most likely re-writing on restart. I am on windows XP guys, but these steps are much the same on win8, the directories will be the same! Good luck, I just removed this a few days ago, but for person who isn't used to using registry you don't have to format, you can follow the steps above to fix it. 100%. I hope this helped someone who felt like none of the "uninstall" via control panel solutions that have people thinking its fixed, that is not really a solution, and I wouldn't use any private data on a computer with Infinite Tech Blog Page 7
  • Infinite Tech Blog – InfinitelyMore.org malware/spyware still infecting the system, I do believe the mentioned programs could solve the registry entries automatically, but I've known how to do them manually for a while, as Run folder is for ALL start up programs, and its commonly used by malware/spyware, as the average user will never venture into the registry. TIP: With registry open, try CTRL+F and then search whole registry for the specific term your looking for, in this case I used "Conduit", this will automatically give you the navigation to these mentioned folders in the long explanation above, maybe I should have just recommended that, but the reason I didn't is because other programs might use the term "conduit" like hotspotshield, but has nothing to do with the specific malware we are erasing, so when searching for keys only search looking to find what I had shared, Conduit main folder in software under the 2 directories I mentioned CURRENT USER and LOCAL MACHINE; and the Run folders as provided pics of above. Steps To Remove Conduit Search Engine from Google Chrome A few different things you have to do for chrome differently then other browsers. First maintain your settings in chrome, goto Settings>On start up, click the option "new tab" upon startup, also click the button "Set pages" and then look for conduit on that list, delete it: pic shown Infinite Tech Blog Page 8
  • Infinite Tech Blog – InfinitelyMore.org Okay, after that goto Settings>Manage Search Engines: Then look for Sweettunes, or Conduit/Search Protect on that list: Infinite Tech Blog Page 9
  • Infinite Tech Blog – InfinitelyMore.org Delete them. Open Run, then Type Regedit: Search these few terms: Conduit (If there is no conduit related keys move on to next term) NativeMessaging (This one is important, it brings you to google folder inside registry, you will find some malicious entries or sub folders if your chrome is infected, it should look like mine did): Infinite Tech Blog Page 10
  • Infinite Tech Blog – InfinitelyMore.org Malicious sub folder "nmhostct3311875", is holding a key pointing to a DLL, which points to a conduit temp .exe. That above is a registry key in HKEY_LOCAL_MACHINE directory in google folder that survives malware scans, so check it if you want to attempt cleaning google. After you search that, search it again, because there is more then one directory that holds Google and the subfolder NativeMessaging, with the subfolders or keys you want to delete, I leave the nativemessaging folder there, but deleted the sub folder of it and any keys contained inside it. Here is the 2nd directory holding the NativeMessaging sub folders with keys, this one is in HKEY_USERS instead of HKEY_LOCAL_MACHINE like the one above: Infinite Tech Blog Page 11
  • Infinite Tech Blog – InfinitelyMore.org (Note the directory at the bottom of the screenshots to see where I navigated or just search the term mentioned before. Lastly, search TBHostSupport As you can see this TBHostSupport hi-jacks the windows "rundll32" to rewrite conduit related temp files ect: Infinite Tech Blog Page 12
  • Infinite Tech Blog – InfinitelyMore.org Delete that TBHostSupport key inside Run folder, DO NOT delete the folder of Run; just the one key of TBHostSupport, right click the key and delete it. Check for any Proxy servers on your registry keys for Internet Settings: Infinite Tech Blog Page 13
  • Infinite Tech Blog – InfinitelyMore.org I had ProxyOverride and ProxyServer both added to the InternetSettings folder as keys, so I deleted those two keys but I took screenshots of it before just incase I needed to re-add them. You can backup your registry first by clicking File>Export then save the file. Note the Navigation bar at bottom if you need help finding Internet Settings folder in the registry, it shouldn't be a major problem. Its actually easy after you get used to navigating to software>microsoft>windows>currentversion>InternetSettings The only thing that changes is the main directory your looking in, since HKEY_LOCAL_MACHINE, HKEY_CURRENT_USERS and HKEY_USERS are all containing relevant keys to the mentioned searches in infected computers, depending on level and browsers effected. After you did the Chrome settings, deleted related keys in Registry, Run anti malware bytes then when it prompts restart, do it. Should eliminate your problem with chrome. I see you have malwarebytes, unfortunately it misses some of the keys I showed above to find in registry, a person who can play with the registry is more effective then anti-malware bytes anyway, but the reason I Infinite Tech Blog Page 14
  • Infinite Tech Blog – InfinitelyMore.org would recommend anti-malware bytes to a new user is just because of that, they are a new user to the registry and probably don't know how to navigate it well, you can render your computer needing a reinstall of windows if you don't be careful, but following the directions for just specific conduit related stuff, and nativemessaging, and TBHostSupport related sub folders/keys. Click edit on prefs.js for firefox users and search the file for conduit, smartbar, or sweettunes, I found remenets of it in there even after scanning and removing the newtab issue. The About:config can have a "prefs.js" file permissions set to read only which would prevent changes being made to it, but I believe it would still show, and not be disabled, for the Original poster who had mentioned the about:config being disabled in Firefox. A new install of the program might solve your issues if its related to a profile save, but clearing with search in registry and left over folders in a few directories is what I did before scanning, then it scanned and removed any physical files detected, corrected a few reg keys, and missed a few, especially related to chrome native messaging key, I think it may have detected it when I scanned with anti-malware bytes but it re-writes once you open a browser that still has the profile or configuration setup of conduit URL or sweettunes extension/add-on. The folders/files and registry keys re-wrote themselves when I opened a browser with conduit engine still set on the browser, but after clearing computer's registry and physical files of infected malware it had appeared to be clean, it simply rites when it gets new prompt from an infected browser, or when you reboot perhaps. You will see an out of the norm rundll32.exe going in task manager after reboot if you still have TBHostSupport entry in your registry, so its a loop of sorts if your not on top of it, you could uninstall and delete chrome all together, hence the terms I mentioned above searching in registry, "conduit" "nativemessaging" and "TBHostSupport" looking for the key entries I posted pics of; and then after deleting chrome, and doing regedit check on those terms, you can check for physical files like my pics above or just let anti-malware take care of the physical files part. Rundll32 is ofcourse a windows related file, so its fine to run but you want to prevent the TBHostSupport registry key from hijacking it via "Run" regedit key. Infinite Tech Blog Page 15
  • Infinite Tech Blog – InfinitelyMore.org The problem with marking it as solved/solution when one browser is "clean" and the others are still hijacked, is the malware/trojan ect is still able to perform all of its data mining and activities regardless, it modifies not just one browsers settings but generic Internet Settings in registry, as I was explaining. So it would be not solved to say one browser works but my other one doesn't, that means your computer is still infected as it was with initial infection of your preferred browser, I wouldn't recommend it personally. Some Other recommended tips and tricks:                       How to Increase BSNL Broadband Speed How To Check BSNL Broadband Usage – Step by Step Instructions BSNL Broadband Usage Check through SMS BSNL Broadband User Guide BSNL Broadband Usage FAQs How To Download Instagram Photos and Back Up On SkyDrive How To Run Apple iOS Apps On Windows 8 / 7 / Vista / XP How to hide WhatsApp Last Seen Time-stamp on Android 3G vs 4G – Advantages and Disadvantages of 4G Service Buying Guide For Top 5 Smartphones Of 2014 The Internet – How to Save Money on WiFi and More Top Tips For Buying Cheap Or Budget Camera 2 Best Free Video Editing Software For Windows To Use Now How to Take Screenshot on Android Phone / Tablet How To Connect Internet on PC via Android Mobile / Tablet How To Download Torrent Files On Your Android Smartphone / Tablet How To Increase Mobile Signal Strength | Mobile Signal Booster How To Use Multiple Whatsapp Accounts on Android Device How to Factory Reset or Unlock Password Protected Android Phone How To Transfer Files Between Android and Computer How To Get Free Whatsapp For Lifetime | Free Lifetime Whatsapp How to Increase Ram in Android v02 Infinite Tech Blog Page 16
  • Infinite Tech Blog – InfinitelyMore.org Infinite Tech Blog Page 17