Malware infection in IE11
This is a Dell XPS8400 running Win7 and IE11 with latest updates.
I was looking for a cheap free file conversion application and found one on CNET which I downloaded and installed. Terrible mistake to put it mildly! This is really embarrassing but my system immediately started displaying indications of malware or a virus. Some of the things I began seeing were:
1) Pop up ads on IE pages that never had pop up ads. Several of this suggested I click to download some driver update. At least I was smart enough not to do click on any of these.
2) Opening a new tab which should be blank, takes me to a site with the URL search.conduit.com/.... which has a pop up ad
3) If I try to open IE Manage Addons the screen goes gray and IE crashes. I can only open Manage Addons through the Control Panel/Internet Options. Once open, there are a couple of addons that I don't remember seeing before but they are disabled.
4) Chrome started displaying similar symptoms so I deleted it.
So, my questions are:
1) Does this seem likely to be a security risk or is it mainly just annoying?
2) What steps should I follow to rid myself of this pest?
3) I've considered going back to a recent restore point. Is this a reasonable approach and will this affect any user files?
Thanks for any advice you can offer. I'm getting ready to do my taxes which involves quite a bit of computer activity. I can do this work on another PC but it would be more convenient to my main system.
Wayne
I was looking for a cheap free file conversion application and found one on CNET which I downloaded and installed. Terrible mistake to put it mildly! This is really embarrassing but my system immediately started displaying indications of malware or a virus. Some of the things I began seeing were:
1) Pop up ads on IE pages that never had pop up ads. Several of this suggested I click to download some driver update. At least I was smart enough not to do click on any of these.
2) Opening a new tab which should be blank, takes me to a site with the URL search.conduit.com/.... which has a pop up ad
3) If I try to open IE Manage Addons the screen goes gray and IE crashes. I can only open Manage Addons through the Control Panel/Internet Options. Once open, there are a couple of addons that I don't remember seeing before but they are disabled.
4) Chrome started displaying similar symptoms so I deleted it.
So, my questions are:
1) Does this seem likely to be a security risk or is it mainly just annoying?
2) What steps should I follow to rid myself of this pest?
3) I've considered going back to a recent restore point. Is this a reasonable approach and will this affect any user files?
Thanks for any advice you can offer. I'm getting ready to do my taxes which involves quite a bit of computer activity. I can do this work on another PC but it would be more convenient to my main system.
Wayne
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes. I had this kind of problem with a client and we solved it by the above method. I used the free malwarebytes.
I use and this client uses Symantec Endpoint Protection but like any Anti Virus, sometimes clicking on a bad link evades the Anti Virus.
I use and this client uses Symantec Endpoint Protection but like any Anti Virus, sometimes clicking on a bad link evades the Anti Virus.
Conduit virus.
Check the other ee questions one was just answered about how to get rid of conduit
ASKER
John,
Do you think I should be concerned that this might be malicious (ie, key logger, stealing personal information, etc.) or is it more likely just extremely annoying?
I do have Norton 360 and have run a full system scan.
Do you think I should be concerned that this might be malicious (ie, key logger, stealing personal information, etc.) or is it more likely just extremely annoying?
I do have Norton 360 and have run a full system scan.
I am not sure if it is a key logger or just malicious annoying. In addition to running malwarebytes (good practice in these situations), also look at the link below for removing the Conduit Search from your system.
http://www.techsupportall.com/how-to-remove-conduit-search/
I think if you can get rid of it, that your information may be ok.
http://www.techsupportall.com/how-to-remove-conduit-search/
I think if you can get rid of it, that your information may be ok.
ASKER
OK I'll look at that. Do you think a system restore to a known good restore point might also solve this?
I would do the scans first. If that fixes things, you might not wish to restore to a prior point as that will undo recent changes.
In the last couple of years the amount of additional 'software' that is installed along with the program you wanted has skyrocketed.. One must be extremely watchful when installing any downloaded software. You must decline the installation of all but the desired program (which will be the last one in the list of installers) .. Conduit is one of the major funders for the free download sites. It used to be the ask toolbar but times have changed. Conduit isn't malware by definition it is doing exactly what you agreed to when you installed it (by mistake of not reading everything in the install process)
1) If anything unknown is running, of course it's a security risk. We cannot say from here if it is really a simple adware or not, you should...
2)...scan the system offline, for example using a boot CD with updatable virus scanner or simply MS windows defender offline
3) restore points can be used but will of course not cure file infections (if any)
2)...scan the system offline, for example using a boot CD with updatable virus scanner or simply MS windows defender offline
3) restore points can be used but will of course not cure file infections (if any)
ASKER
OK, finally getting back to this.
John, you said "From another computer, download Process Explorer from Microsoft. Run Process Explorer on the affected system. See if, down the left side, under Explorer, if there is an alphanumerically labeled process. If so, kill the process but do not restart."
Not sure what you mean; there are several alphanumeric labeled processes; Snagit32.exe for example.
John, you said "From another computer, download Process Explorer from Microsoft. Run Process Explorer on the affected system. See if, down the left side, under Explorer, if there is an alphanumerically labeled process. If so, kill the process but do not restart."
Not sure what you mean; there are several alphanumeric labeled processes; Snagit32.exe for example.
I should have said random alphanumeric like 0000E48ADC .... SnagIt32 is fine - I use it. If there are no such random processes as the prior line, then close Process Explorer and go on to finding malware with Malwarebytes and other tools as suggested.
ASKER
Running Process Explorer, I see CLTMNG.exe by couduit. Tried to kill the process but got access denied.
That should go. That process is what keeps the pop ups going.
Close Process Explorer, close IE, and close down anything you are not using (Outlook, Office, Adobe).
Now right click on Process Explorer and select Run as Administrator. Authorize. Now try to kill CLTMNG.EXE and see if you can.
If so, close Process Explorer but do not shut down. Run Malwarebytes again. See if you can uninstall conduit now that the process is not running.
Close Process Explorer, close IE, and close down anything you are not using (Outlook, Office, Adobe).
Now right click on Process Explorer and select Run as Administrator. Authorize. Now try to kill CLTMNG.EXE and see if you can.
If so, close Process Explorer but do not shut down. Run Malwarebytes again. See if you can uninstall conduit now that the process is not running.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Running MalwareBytes quick scan shows 167 malicious objects. The first few of them have the name PUP.OPTIONAL.CONDUIT.A and the rest all start with PUP.OPTIONAL. Some of these are registry keys. Should I remove all 167 of these files? Deleting registry keys makes me very nervous.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Interesting comment on the MalwareBytes home page:
"CNET Editor's Rating - OUTSTANDING" with 4 1/2 start out of five.
"CNET Editor's Rating - OUTSTANDING" with 4 1/2 start out of five.
ASKER
I re-ran Malware Bytes quick scan; it reports 157 object labeled as:
Files - 105
Folders - 22
Memory Process - 4
Registry Data - 2
Registry Key - 22
Registry Value - 2
All found objects are named PUP.Optional.xxxx
You are saying I should have MalwareBytes remove ALL of these objects, correct?
Files - 105
Folders - 22
Memory Process - 4
Registry Data - 2
Registry Key - 22
Registry Value - 2
All found objects are named PUP.Optional.xxxx
You are saying I should have MalwareBytes remove ALL of these objects, correct?
ASKER
This thing has a strangle hold on IE. I clicked on "Buy Now" to see what the cost would be and IE hangs then crashes.
If they all look related (say PUP... ), then I would say delete them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I registered at MalwareBytes and did a search on the forum. The most recent case I found (Aug. 2013) was a user that was guided through a long involved 7 step process that included downloading several other scan tools. The MalwareBytes staff person seemed quite knowledgeable and helpful. At the end of a week of back and forth postings the user had installed the Pro version of MalwareBytes and "seemed" to have eliminated the problem. Yet some here have suggested this would be a simple matter of having MalwareBytes remove 157 suspicious objects (including some registry items) and restarting the system. This feels a little 'brutal' and I'm a little reluctant to proceed but really need to put this behind me and move on with life.
Does anyone else have thoughts on the best way to go from here?
Thanks to everyone!
Does anyone else have thoughts on the best way to go from here?
Thanks to everyone!
ASKER
re. Malwarebytes, is the free version sufficient?