Jump to content

Unable to remove PUP.Optional.Conduit.A - Solution


Recommended Posts

I've got an interesting situation here.

 

Malwarebytes detect PUP.Optional.Conduit.A in a single file:

 

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Okay, so neat I'll just delete it.  When I load Chrome up again the exact same file is created with Conduit nonsense in it.  Alright, lets see what's the actual problem is:

   "session": {      "restore_on_startup": 1,      "restore_on_startup_migrated": true,      "startup_urls": [ "http://192.168.0.199/", "http://search.conduit.com/?ctid=CT3311875&SearchSource=48&CUI=UN26411760636841516&UM=2", "http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=CA&userid=30051f9f-600d-74a9-a73a-ac77594194cc&searchtype=hp&installDate={installDate}", "http://www.google.com" ],      "startup_urls_migration_time": "13044733463109497"   },

Interesting.  I close down Chrome, make sure all the processes are killed and manually edit the startup_urls.  Reload Chrome and boom, the entries re-appear.  So I'm thinking it has to do with loading pre-existing tabs when I start Chrome.  Disable that setting, make sure my home page is set to something simple.  Kill Chrome and restart.  Entries still there.

 

Next step, lets delete the entire file.  Kill Chrome, delete the file.  Reload Chrome and recheck the file.  Entries are still there.

 

At this point I've spent too much time on this problem and just decide to cheat and throw snapdo and conduit into my hosts file, as well adding an entry into dnsmasq on my linux machine.

 

Problem remains for months with MWB unable to clean it: it just reappears regardless of what option I specify.

 

I finally get some extra time to look into it again and eventually found this setting in Chrome:

chrome://settings/startup

 

Those two URLS were identified in there.  After removing them they did not reappear in Chrome.

Link to post
Share on other sites

Hello Ackis81 and :welcome:

Malware removal actions are not permitted in this sub-forum.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic.

Thank you. :)

Link to post
Share on other sites

Hi 1PW, I posted in this forum because it was an odd situation that MWB couldn't clean and I had to find my own solution... I thought of it as more of a bug report than anything else which is why I provided so much detail as to what I did, what worked and what didn't work.

Link to post
Share on other sites

Hello Ackis81:

 

We're happy that you found a solution to your trouble and since you have documented your efforts, an Internet search can now find your fix.

 

Thank you for your good news.

Link to post
Share on other sites

  • 2 years later...

OP you fixed my problem, except it was with mysearchdial instead of conduita.

Same problem, I ran malwarebytes, Adwcleaner, jrt, and avira antivirus, and it would clean, but then chrome would resync.

I even deleted my chrome profile and reset everything, logged into a new gmail etc.

Still showed up.

Then I did what you said: chrome://settings/startup

Removed mysearchdial from there, and then restarted, set my preferences back to "from where I left off" instead of specific pages, and now I show up as clean!

Thank you OP! You fixed my problem, and like you I spent hours trying to fix this, and actually had fraud on my bank account for $710, so I think it was related to mysearchdial.

Cheers!

Link to post
Share on other sites

Hi, and welcome, @adblockerorelse2::)

This thread is actually more than 2 years old.  It's unlikely that the OP is still following it.  Moreover, fixes that may have worked for one computer 2 years ago may or may not apply to a different computer now (each computer is unique and the malware and removal tools may well have changed since then).  Conduit, in particular, can be tough to fully remove.

We're certainly glad that you found a solution to your issue.
If you would like a bit of free, expert help checking the system to be sure you are clean, then you may want to start here: Available Assistance for Possibly Infected Computers
It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process.
A trained malware helper will guide you through scanning, cleanup and repair.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.