Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

PUP.Optional.ConduitTB.Gen Detected


Recommended Posts

Greetings Everyone,

I'm new to the Forum and kindly request assistance to resolve a recently discovered PUP detection in 2 Registry Keys.
On March 15th, the MBAM Threat Scan returned the following result:
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2016
Scan Time: 10:19 AM
Logfile: MBAM PUPs Found 160315.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.15.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454690
Time Elapsed: 31 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, , [7c94ccbcb0e956e094a4612728dcb64a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1000205722-994604624-1204801306-1000\SOFTWARE\Conduit, , [45cb85032b6e5adc4bec5a2ee0247090],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As indicated below, the affected Registry Keys were quarantined:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/15/2016
Scan Time: 10:19 AM
Logfile: MBAM ScanLog PUPs Quarantined 160315.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.15.04
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454690
Time Elapsed: 31 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\Conduit, Quarantined, [7c94ccbcb0e956e094a4612728dcb64a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-1000205722-994604624-1204801306-1000\SOFTWARE\Conduit, Quarantined, [45cb85032b6e5adc4bec5a2ee0247090],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

As of 2016,0317 the MBAM Threat Scan returned the following result without any mention of the previously detected Reg Key PUPs:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/17/2016
Scan Time: 6:24 PM
Logfile: MBAM Scan History Log 060317.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.17.05
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455440
Time Elapsed: 31 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

A subsequent search of the MBAM Forums returned the following link to a very similar comprehensive Topic & Resolution:
https://forums.malwarebytes.org/topic/179634-pupoptionalconduittbgen/

As of this writing, I'm not certain if I've taken the necessary actions to correct the Reg Key PUPs mentioned previously. The resolution instructions described in the above link seem to be specific for that Topic Author's PC and may not apply to my situation. Any assistance provided to help resolve my current situation will be greatly appreciated.  Thank you, Jenna.

Link to post
Share on other sites

Greetings TwinHeadedEagle,

Thank you for your prompt response to my post. Got home from work a few hours ago and ran 2 scans, (i) MBAM and (ii) ESET Online. MBAM results

indicated Zero Threats Detected; same as yesterdays' scan.  However, ESET results indicated 9 Threats Found. I've also attached an image file of the

ESET Scanner Result GUI. Both scan logs are included below. Can you provide an opinion regarding the severity of the 9 Threats ESET found and

recommendations as to how I can remove them from my system.

I have not deleted the ESET program or any files used or created during the scan of my PC. Also, I have not closed the ESET Scan GUI.

Any assistance you may provide will be greatly appreciated.

Cheers,  Jenna.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ESET Scan Result 160318,1355:

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll,  a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe,  a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe,  a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\CCleaner\CCleaner_DownLoad\ccsetup514,5493.exe,  Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Program Files (x86)\CCleaner\CCleaner_DownLoad\ccsetup515,5513.exe,  Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\f79c39.msi,  a variant of Win32/Systweak.L potentially unwanted application
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

MBAM Scan Result 160318,1410 provided for reference only:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2016
Scan Time: 2:10 PM
Logfile: MBAM Scan Result 160318,1410.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.18.05
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 455963
Time Elapsed: 35 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ESET GUI Scan Result 160318,1355.png

Link to post
Share on other sites

ESET detections are not necessarily malware. They are detected as potentially unwanted application meaning they came bundled with some installer or have one or more components that are considered as unwanted (installing without user notice).

If you don't need WinZip, you can uninstall it and delete the other detected files manually.

Link to post
Share on other sites

Hello TwinHeadedEagle,

Upon further investigation, I've concluded that the WINZIPSS.* files ESET detected were bundled with the original online purchase of WINZIP Pro several years ago. I never gave it much thought, but during the WINZIP installation, I elected not to install the WINZIPSS package as I had no use for it. It seems these files have remained dormant and unknown to me for the past several years until disclosed earlier today by ESET. I've moved the entire WzSysScan Folder off the system drive and onto a external USB Drive. WINZIP.exe seems to function as before without any issue. I will monitor WINZIP functions & PC stability over the weekend and report back to this thread early next week.

Thank you for your time & expertise thus far in assisting my resolution of this matter.

Cheers,   Jenna.

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.