Browser Hijacker

  • 28 October 2012
  • 61 replies

Chrome, on our our home computer,  has been subverted by a browser hijacker that allways directs it to secure.conduit.  It is quite annoying that the browser immediately goes to bing.  It cannot be removed using the Chrome search engine option though I did delete some browsers I didn't want.
Does/Could SecureAnywhere deal with this and if so how?

Best answer by rayb-baby 10 April 2017, 03:59

This DEFINITELY worked for "Guruofsearch" on Chrome, but I suspect that it will work for other browser hijackers and it also fixed my Internet Explorer.

I went to Chrome Help at this link:

It was EASY and QUICK!  I was rid of "Guruofsearch" in no time.


Or you can go directly to the Chrome Cleanup Tool for Windows 7 thru 10.


"Clean Chrome of unwanted ads, pop-ups, & malware

If you're seeing some of these problems with Google Chrome, you might have unwanted software or malware installed on your computer:

  • Pop-up ads won't go away.
  • Your Chrome homepage or search engine keeps changing or is not set to Google anymore.
  • Unwanted Chrome extensions or toolbars keep coming back.
  • You keep getting redirected to unfamiliar webpages."   
 "Chrome will open a new tab, and ask you to reset your settings. Click Reset".


It literally worked in seconds.  I'm no expert, but I think it cleared the cache as all of my saved sign-ins were gone.  A small price to pay.  I hope you know all of your passwords .      It also disabled my extensions, so enable any extensions that you're using.


I'm not even sure if there is any relation, but the "plugin" link for FlashPlayer still didn't work, so I went here:

The link still doesn't do anything, but now when a FlashPlayer video comes up it asks me if I want to activate it.  Goodbye plugin link, hello ask me on screen.  That's good enough for me!  I even like it better that way!

If anyone still has the problem, I hope it works for you.  And YES, it's SAFE to use.

View original

61 replies

...and that should have been search.conduit
Userlevel 7
Thank you for your post HydroNick.
I am not quite sure what you mean by "browser hijacker" but I would certainly like to help you out.
From what you are describing, it sounds like a browser extention has been changed through your browser. Please follow the instructions below.
Navigate to your Google Chrome Settings:

Change your search engine to Google if that is what you prefer:

If you are ever affraid that you have an infection, please Submit a Support Ticket. This is the best place for issues that involve an infection because we can keep track of the interaction and get logs from your system to help investigate.
Userlevel 2
Sorry, I disagree with your solution.  not that you are wrong, but that its not that simple.  Conduit is a hijacker and once you get it, you may spend weeks getting rid of it.  Once its on your system if you have multiple browsers like Internet Explorer, FireFox, Opera, etc. it will infest all of them and you need to clean eachone seperatly, and then clean your system, uninstall it and it comes right back.  I dont know why we cant have webroot do a cleaner for it or a filter to prevent it. its a real pain.  check out the internet, everyone if fighting this nasty unwanted hijacker.
Userlevel 4
Looks like a lot of fun.
Userlevel 7
Badge +56
It's not an infection it's a PUA have a look at this KB Article: also have a look at this thread:
Userlevel 7
We are fully aware of Conduit and the like they are classified as PUA. The majority of these programs are user installed and will ask the user a number of times if they want to install said toolbar.
If they dont and/or the dont uninstall correctly we will mark the bad in our database. However just because people dont like the software doesnt mean its automatically is bad software. We mark thousands of pieces of PUA bad every day.We are constantly testing these and will adjust them from good->bad or bad->good depending on changes that are made to the software.
Userlevel 1
I'm upset that the techs for webroot haven't classified this as a PUP (potentiallially unwanted program) or PUA (application). I ended up with this extremely annoying toolbar that I NEVER agreed or consented to, and all my attempts to remove it have failed. Evidently, this add-on,  tool bar, or browser hijacker (which is what i prefer to call it, because you NEVER get your REAL browser back....EVER) what ever you want to call it, comes secretly bundled to whatever program you download. I ALWAYS do the CUSTOM install, whenever I download anything, so I can UNCHECK all the programs and extensions and add ons I DON'T want. But this CONDUIT never EVER appeared in any of my custom installs. It changed the layout, color and font size of my google chrome page, added the mixidj search bar, added the delta search bar, allowed for constant pop ups and unwanted ads, and changed the layout and font size of my face book page. Now, it may not TECHNICALLY be a VIRUS, but is SURE is an UNWANTED program, that I didn't CONSENT to. When you spend at least three weeks trying to remove this UNWANTED software, believe me, you've tried going to programs and looking for conduit to remove it or going to the settings option and resetting your page as whatever, or resetting your default page as whatever or resetting your browser as what ever in addition to REMOVING this PUA, PUP...whatever, MULTIPLE times, ONLY to have it RETURN, EVERY TIME. I've gone into the REGISTRY to tried to delete the specific files, but they ALWAYS come back. Now, if THAT'S not the very DEFINITION of a VIRUS, I don't know what is. Your software developers need to study this PUP and find out how to develop a FILTER for it, because believe me, it is HIGHLY UNWANTED. To suggest the very basic program removing techniques is an INSULT after how much time and energy so MANY ppl have spent trying to get RID of this PUP. 
Userlevel 4
Threat Researcher Rakanisheu:
Yours is a stock answer that comes from  most AV companies and comes from an old spyware program'.s description. I recently got it and received the same reply from Bitdefender.
Conduit is MALWARE-- it downloads and installs WITHOUT asking your permission--it changes your home page and search engine to the Conduit search engine which is a paid ad placement / paid position search engines with questiionable sites and no usefull purpose...
Its a bitch to get rid of. The windows installer will not get rid of it as it would a legitimate toolbar or browser plugin.
Google How to get rid of conduit search engine and you will get hundreds of hits. If it were legit it would be simple to uninstall. It loads code throughout your machine.
It is sometimes possible to get your old home page and search engine back using your browser but the program remains throughout your system. It's an unvited intruder that infests your machine.
Userlevel 7
There are plenty of paid for products that are extremely difficult to remove! A programs difficulty to remove doesnt indicate that its malware. I regularly test these toolbars and from time to time we do reclassify I only recently tested Conduit and it does require a number of checkboxes to be ticked in order to be installed.
Using Google as a reference to determine if a piece of software/file is malware isnt a good idea. As a test Google any legimate Windows process and I guarantee that a number of results will come back saying its malware. Its one of the reasons why I see people blocking Windows processes.
I have said on many of an occasion that I hate 99% of all toolbars (I dont use any) and I would love to block them all but a large number of people do use them. Just because a number of people dont like them doesnt mean that its malware. It is worth noting that we do block tens of thousands of PUA every day.
Userlevel 4
I wonder if the new 2014 version handles this differently with the new PUA detection. And if upgrading to the new 2014 version would solve this issue.
Userlevel 7
No the process in this case wont change as the files have to marked as PUA in order for them to be detected/removed. But the PUA detection in 2014 is something that we really looking forward to using over the coming months. 
Malwarebytes treats this as a PUP and so should Webroot. Malwarebytes will remove it from registry etc. but you still have to go into each browser to change some settings.
Userlevel 4
I was not referring to the toolbar -- that is not a hijacker -- it's a tool bar
In my case I got my home page and home page search engine changed to the Conduit homepage with the Conduit Search engine,or searching results are constantly redirected to, which I described in my original post as a useless scam. There was never a visible install process and I never agreed for it to be downloaded. That's a hijack much worse than some toolbar, because it seizes control of your browser.
Userlevel 2
I totally agree, I have spent several days on multiple computer,s removing conduit from my office environment because it kills my medical applications, and a couple of nights fixing home users that want to switch to linux now to save themselves from the constant barage of maleware they are seeing.   Even after all the other browser edits and registry hacks we do, I finally have to run MalwareBytes to finally get it to go away.  So I dont want to be buying MalwareBytes because Webroot my antiv of choice wont help me clean it out. 
At least give us an option to remove or protect against selected PUA's because the accidential install of these malicious pests cause hours of work to remove and return my systems to a functioning stage.
Userlevel 2
I disagree,  as stated earlier, several people I know suddenly have conduit and dont know how they got it.  you have to remember the vast majority of computer users now a days dont really know what they are doing other than buying things from amazon, doing facebook or sending emails.  These are the people we need to protect, not the professionals.  Once you have conduit it infects every browser you have installed on your system and then comes back again if you dont malewarebye it.
Userlevel 7
Conduit has now been changed to PUA so we are blocking the installers. I still stand by my original point that a large number of these toolbars do require a user to click yes to install. We cant block every single installer of programs that people dont like, if we did that I`d guess that about 95% of software programs would be blocked!
Userlevel 7
Badge +56
@ wrote:
Conduit has now been changed to PUA so we are blocking the installers. I still stand by my original point that a large number of these toolbars do require a user to click yes to install. We cant block every single installer of programs that people dont like, if we did that I`d guess that about 95% of software programs would be blocked!
Hi Roy I believe they all should be Blocked all As a PUA inside the software then if the user wants to install they can bypass the Block then it's out of Webroots Hands as they have been warned. Also if Conduit is on someone's system I hope WSA can remove this unrelenting (Adware, Crapware, Malware) in any case as I seen on so many security forums they are treating it as Malware. Just my opinion.
Userlevel 7
On the flipside alot of programs include other downloads as part of the software so are we supposed to blacklist Java/Flash/Adobe etc? Google search results are a common thing that are shown as "Evidence" of malware just because a program is difficult to remove it doesnt mean its malware. I spent ages over the weekend trying to remove .net to get it reinstalled again. Does that mean its malicious because its tricky to remove? Of course not but you can see where I am coming from.
As I have always said with these topics arrive I detest toolbars and these "free" programs you see on a lot of well known sites.
Userlevel 2
This is great news as far as I am concerned.  We are baraged by toolbar bloat and accelerators that eventually corrupt out machines and steal resources.  the old webroot had a toobar blocker, that I always liked, but now even C-Net is bundeling crap ware with normal download, so if you are not vigelent with every click, you load things without knowing it.  this is a step in the right direction.  Thank you for you input for both sides of the argument.
Userlevel 7
Badge +56
That's what we try to do is have a conversation and in the end hopefully everyone will be happy. But the point is Conduit & I never seen an update from Java or Adobe with Conduit.
My sympathies!! My husband's PC gets his browser constantly hijacked. He stopped using IE and is using FireFox but still gets them. I've helped him go through the Control Panel to delete per FireFox Mozilla's suggestions but they keep coming back. (Luckily for me, I have a MAC and have never had this problem!!)

You're right, it's nothing you sign up for but often there's lots of confusing windows which keep popping up, maybe telling him he needs an update for a legitimate program he has like Adobe Flash Player but if you look at the address it's not an Adobe one.
Userlevel 7
Hi Charlotte
Welcome to the Community Fora...:D
Sounds like you husband should heed your advice, as should a good many is sound  (apart from the bit about the Mac...;)...but then again, I am a diehard PC head and no fan of the Glowing White Apple).
Dispensing that sort of advice please do stick will be most welcome.
Regards, Baldrick
Userlevel 7
Badge +56
Hello Charlotte_Sterling and Welcome to the Webroot Community Forums!

Yes that is possible and so many sites add PUA's to software but most of the time if it's a Fake Adobe update it would be mostly a true infection also Adobe adds Crapware to there installers and users have to watch when installing and make sure to uncheck any unwanted add-ons.
TH ;)
Userlevel 4
It might be conduit because i've had a simular problem with conduit, remove the homepage and that might do the job!
Userlevel 1
This sounds remarkably like the same problem I'm having.  Is this Conduit you speak of the Conduit SDK for mobile applications by any chance?