Jump to content

Recommended Posts

1 hour ago, fr33tux said:

Hello,

Can you share a logfile showing this?

Thanks,

Hi

Unfortunately . I had to uninstall adwcleaner and I have done of using this tool to cleanup some stuffs https://toolslib.net/downloads/viewdownload/2-delfix/

is there any way to recovering what adwcleaner/delfix has to removed ?

Edited by Gt-truth
Link to post
Share on other sites

  • 2 years later...

I did a quick search and I came across this topic on Tom's where they were saying that a file called C:\END belongs to Conduit which is a well known PUP (Conduit Toolbar, a search hijacker essentially) and I suspect that's why this is being detected, most likely via a heuristics signature designed to target that threat.  Only Research would know for sure though.

Link to post
Share on other sites

2 hours ago, exile360 said:

I did a quick search and I came across this topic on Tom's where they were saying that a file called C:\END belongs to Conduit which is a well known PUP (Conduit Toolbar, a search hijacker essentially) and I suspect that's why this is being detected, most likely via a heuristics signature designed to target that threat.  Only Research would know for sure though.

thanks for your reply with this information ! however , I have no any toolbar or anything toolbars in any of the web browser . and the END folder is empty . any idea why ?

going to make a scan with both Malwarebytes anti-rootkit and Malwarebytes 3!

Edited by Gt-truth
Link to post
Share on other sites

14 hours ago, exile360 said:

It's most likely just a leftover trace.  Conduit is a very old threat so if it was ever active on the system, it's probably long since been removed and ADWCleaner is just detecting the leftovers.

Conduit NEVER been active on this system and I’ve never install any of apple software either on this windows 10 (but not sure why Microsoft is install the apple software on the users system :() . anyway , I have to upload the file to virus total and make a scan and I read a lot of comment out there and some users are saying this file is belong to Apple . so not sure  what was this file but here the scan result link  https://www.virustotal.com/#/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/detection

 

Link to post
Share on other sites

That file doesn't even have the same name as the file from your system; they are only the same in that they are empty 0 byte files and therefore have the same hash just as mentioned in this comment from VT:

Reading the comments here makes me want to cry, people arguing what the file is and is it safe or not without realising they've submitted an empty file, thus has the SAME FILE HASH as everyone elses empty file.

Link to post
Share on other sites

weird . I’m sure I have to upload the "END file" to virus total but not sure why they have give back  another name for this file ! I can to upload this file as in attachment if needed . anyway ، is this file safe or unsafe and why it has 0 byte anyway ? and also , VT says "file published by a trust developer" , in other word should I manually remove of this file since all other anti-malware scan came back clean expect adwcleaner ! 

Link to post
Share on other sites

Yes, I'm sure you did.  It is because just as with the file listed on that VirustTotal page, your file is a 0 byte file meaning it is completely empty/no content, and any file that is 0 bytes/has no contents (regardless of what it might be named) will have the same hash/checksum, so the results will be the same.  The file name and path/location is what you need to use to research it if you wish to find out what it is and where it came from which is why I speculated that it appeared to be a trace left over from a Conduit PUP/infection because Conduit would create a file by that name in that location according to the information I found (and I suspect that's the purpose of this signature in ADWCleaner that is detecting the file as well, though I do not know for certain as only Research would have access to that information).

Link to post
Share on other sites

Yeah, even in the thread you linked to there are several files in that location with that name that appear to come from different sources, one of which is the Contuit search hijacker I mentioned, another appears to be some Star Wars games and one user mentions that they believe it came from Photoshop.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.