Ackis81 Posted July 31, 2014 ID:860942 Share Posted July 31, 2014 I've got an interesting situation here. Malwarebytes detect PUP.Optional.Conduit.A in a single file: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences Okay, so neat I'll just delete it. When I load Chrome up again the exact same file is created with Conduit nonsense in it. Alright, lets see what's the actual problem is: "session": { "restore_on_startup": 1, "restore_on_startup_migrated": true, "startup_urls": [ "http://192.168.0.199/", "http://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26411760636841516&UM=2", "http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=CA&userid=30051f9f-600d-74a9-a73a-ac77594194cc&searchtype=hp&installDate={installDate}", "http://www.google.com" ], "startup_urls_migration_time": "13044733463109497" },Interesting. I close down Chrome, make sure all the processes are killed and manually edit the startup_urls. Reload Chrome and boom, the entries re-appear. So I'm thinking it has to do with loading pre-existing tabs when I start Chrome. Disable that setting, make sure my home page is set to something simple. Kill Chrome and restart. Entries still there. Next step, lets delete the entire file. Kill Chrome, delete the file. Reload Chrome and recheck the file. Entries are still there. At this point I've spent too much time on this problem and just decide to cheat and throw snapdo and conduit into my hosts file, as well adding an entry into dnsmasq on my linux machine. Problem remains for months with MWB unable to clean it: it just reappears regardless of what option I specify. I finally get some extra time to look into it again and eventually found this setting in Chrome:chrome://settings/startup Those two URLS were identified in there. After removing them they did not reappear in Chrome. Link to post Share on other sites More sharing options...
1PW Posted July 31, 2014 ID:860945 Share Posted July 31, 2014 Hello Ackis81 and Malware removal actions are not permitted in this sub-forum. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue. If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread. If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Thank you. Link to post Share on other sites More sharing options...
Ackis81 Posted July 31, 2014 Author ID:860946 Share Posted July 31, 2014 Hi 1PW, I posted in this forum because it was an odd situation that MWB couldn't clean and I had to find my own solution... I thought of it as more of a bug report than anything else which is why I provided so much detail as to what I did, what worked and what didn't work. Link to post Share on other sites More sharing options...
1PW Posted July 31, 2014 ID:860950 Share Posted July 31, 2014 Hello Ackis81: We're happy that you found a solution to your trouble and since you have documented your efforts, an Internet search can now find your fix. Thank you for your good news. Link to post Share on other sites More sharing options...
adblockerorelse2 Posted September 19, 2016 ID:1062581 Share Posted September 19, 2016 OP you fixed my problem, except it was with mysearchdial instead of conduita. Same problem, I ran malwarebytes, Adwcleaner, jrt, and avira antivirus, and it would clean, but then chrome would resync. I even deleted my chrome profile and reset everything, logged into a new gmail etc. Still showed up. Then I did what you said: chrome://settings/startup Removed mysearchdial from there, and then restarted, set my preferences back to "from where I left off" instead of specific pages, and now I show up as clean! Thank you OP! You fixed my problem, and like you I spent hours trying to fix this, and actually had fraud on my bank account for $710, so I think it was related to mysearchdial. Cheers! Link to post Share on other sites More sharing options...
adblockerorelse2 Posted September 19, 2016 ID:1062582 Share Posted September 19, 2016 There you can see my output, but I can't seem to copy/paste it here. hmm. AdwCleaner[C0].txt Link to post Share on other sites More sharing options...
daledoc1 Posted September 19, 2016 ID:1062612 Share Posted September 19, 2016 Hi, and welcome, @adblockerorelse2: This thread is actually more than 2 years old. It's unlikely that the OP is still following it. Moreover, fixes that may have worked for one computer 2 years ago may or may not apply to a different computer now (each computer is unique and the malware and removal tools may well have changed since then). Conduit, in particular, can be tough to fully remove. We're certainly glad that you found a solution to your issue. If you would like a bit of free, expert help checking the system to be sure you are clean, then you may want to start here: Available Assistance for Possibly Infected Computers It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process. A trained malware helper will guide you through scanning, cleanup and repair. Thank you. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now