Jump to content

searchnu and search.conduit homepages and toolbar


Recommended Posts

Hello experts,

I beleive there is some kind of infection on my pc. My homepage was changed to searchnu.com o Firefox, IE and also on Chrome. Chrome also opens intermittently search.conduit.com. Also I have searchresults in the firefox search engines list.

Malwarebytes didn't find anything.

Attached are DDS.txt and Attach.txt

Please help me!

Thanks in advance..

attach.txt

dds.txt

Link to post
Share on other sites

Welcome to the forum...............

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Hello Mrcharlie,

Thanks for your reply!.

Here is the contents of the log:

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 21:27:04

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Yogesh - COMPUTER

# Boot Mode : Normal

# Running from : C:\Users\Yogesh\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Found : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\searchplugins\Conduit.xml

File Found : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\searchplugins\Search_Results.xml

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Partner

Folder Found : C:\Users\Yogesh\AppData\Local\Conduit

Folder Found : C:\Users\Yogesh\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKU\S-1-5-21-3102565771-2103099571-1929986515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKU\S-1-5-21-3102565771-2103099571-1929986515-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\prefs.js

Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke US Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&Sea[...]

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=287&systemid=406&apn[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Yogesh\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.11] : homepage = "hxxp://www.searchnu.com/406",

Found [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]

Found [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6219551355444105&q={searchTerms}",

Found [l.1473] : homepage = "hxxp://www.searchnu.com/406",

Found [l.1725] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [3701 octets] - [03/11/2012 21:27:04]

########## EOF - C:\AdwCleaner[R1].txt - [3761 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Thanks again for your reply!

Here the delete operation output:

# AdwCleaner v2.006 - Logfile created 11/03/2012 at 22:08:48

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Yogesh - COMPUTER

# Boot Mode : Normal

# Running from : C:\Users\Yogesh\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Deleted : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\searchplugins\Search_Results.xml

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Yogesh\AppData\Local\Conduit

Folder Deleted : C:\Users\Yogesh\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKU\S-1-5-21-3102565771-2103099571-1929986515-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\prefs.js

C:\Users\Yogesh\AppData\Roaming\Mozilla\Firefox\Profiles\e88rvwph.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke US Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&Sea[...]

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=287&systemid=406&apn[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Yogesh\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://www.searchnu.com/406",

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]

Deleted [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6219551355444105&q={searchTerms}",

Deleted [l.1473] : homepage = "hxxp://www.searchnu.com/406",

Deleted [l.1725] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [3824 octets] - [03/11/2012 21:27:04]

AdwCleaner[s1].txt - [3750 octets] - [03/11/2012 22:08:48]

########## EOF - C:\AdwCleaner[s1].txt - [3810 octets] ##########

Link to post
Share on other sites

Great thumbsup.gif

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.