Solved

Browser Hijacker

  • 28 October 2012
  • 61 replies
  • 914 views

Chrome, on our our home computer,  has been subverted by a browser hijacker that allways directs it to secure.conduit.  It is quite annoying that the browser immediately goes to bing.  It cannot be removed using the Chrome search engine option though I did delete some browsers I didn't want.
 
Does/Could SecureAnywhere deal with this and if so how?
icon

Best answer by rayb-baby 10 April 2017, 03:59

View original

61 replies

Userlevel 7
Badge +56
We are talking about the Bad Conduit add-on.
 
HTH,
 
TH
Userlevel 1
Wow! the concepts the same.....
Get the user to install an addon of some description, then redirect... mm.... supose that's how they all work really.....
except mine fries to get me to install 'flash'. Obviously its NOT flash, but god knows what it will do if I click on it!!!!
Userlevel 7
Badge +56
If you feel your infected please Submit a Support Ticket and they can look at your Scan log and help you remove anything even PUA's.
 
Cheers,
 
Daniel 😉
Userlevel 7
Hi GettinBetter
 
So DON'T click on it.  http://www.emotiyou.com/galerie/films/animation/moi-moche-mechant/minions/201310250040YAU.gif
 
At this point it is worthwhile making sure that you are in possession of all the words of wisdom expounded in this thread so far, and that you may have missed (apologies if you have not...but thought it best to make sure...;)).
 
If you have not yet seen then them please see Daniel's wise words in this previous post...in case it can be of assistance.
 
Regards
 
 
Baldrick
Userlevel 1
Yeah, Cheers for that litle pearl Baldrick  😃 , I have now submitted a support ticket,  Not sure I qualify though I only have the trial version, but this could be a turning point as far as my security software goes.  I've been with ESET for years, but only because they were the only ones doing 64 bit software at the time.
 
Userlevel 7
Hi GettinBetter
 
I am sure that you qualify, even on a trail license, after all...they will want to make you a happy punter, I am sure...and what better way to convince than with great support...which is what the Webroot Support Team are renown for...amongst those who know.
 
Do keep us posted re. your experiences...and whether you decide to stick with WSA.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +62
:DI'm just going to follow friends on the community and add kudos....Learning everyday...
 
 
Userlevel 1
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Userlevel 7
Badge +56
@ wrote:
Yeah, Cheers for that litle pearl Baldrick  😃 , I have now submitted a support ticket,  Not sure I qualify though I only have the trial version, but this could be a turning point as far as my security software goes.  I've been with ESET for years, but only because they were the only ones doing 64 bit software at the time.
 
I was a Big NOD32 user fan and had Prevx running with it and found out I didn't need NOD32 as Prevx was protecting much better and Prevx was Acquired by Webroot in Nov 2010 and made it much better and with more features and you can't beat the Cloud as it's the future and it's here now! Only a 745kb installer 3 to 6MB of RAM and all the work is done in the Cloud!
 
Daniel ;)
 

Userlevel 7
Hi GettinBetter
 
Would you be able to clarify what you mean by "not approved"?  Has something been quarantined or set to 'Block' or 'Monitor'?
 
Regards
 
 
Baldrick
Userlevel 7
Badge +56
@ wrote:
Just updated my flash using the addons page in FF, went through as per normal, except that WSA says its not approved!!
Is that because its too new?
Download an install from here: http://www.adobe.com/products/flashplayer/distribution3.html
 
And much more info here: https://community.webroot.com/t5/Security-Industry-News/Adobe-Flash-Player-12-0-0-77/td-p/88640
 

Daniel
After hunting through the various posts regarding the Browser Hijackers, I learned a lot, as respects the terms PUP and PUA, so I went through all of the programs on my husband's PC, if something looked like an "odd" program name, I googled it, if it came up that it was a PUP or malware I deleted it. Thanks all of those posts were so helpful! Do have a question though about WebRoot. The scans said his PC was clean of malware, however, when I was looking for and deleting all of those PUPs/PUAs, quite often I'd get a pop up window from WebRoot saying it had identified a potential threat. But these threats weren't any of the ones I was deleting! It almost seemed as if the software was "thinking" and looking for patterns now that I'd been deleting stuff. Am I training WebRoot to be on the lookout for new patterns, or what?? It was interesting because all of a sudden it was finding things that it hadn't found or identified on the prior first scan.
Userlevel 7
Hi Charlotte
 
It is not so much that you are training WSA but rather that the Cloud that holds all the information on what is good and what is not good grows daily, what with all the Webroot Threat Researchers continually analysing new files and apps that are daily being released and/or new versions of existing files and apps.
 
So when your system is scanned the threat database in the Cloud will have changed, and things previously not flagged up will be, etc.
 
If you take a look at the excellent post that Daniel put up earlier you will see what all of that entails.
 
Hope that helps...and keep asking the questions. ;)
 
Regards
 
 
 
Baldrick
 
PS.  What I occassionally do is go into the Advanced Settings, Scan settings, and toggle off the Detect PUAs...setting, save the configuration, then go back in and toggle it back on, save once more and then run a scan.  This is a tip provided by one of the excellent Threat Researchers, as something that seems to 'bump' the detection of PUAs/PUPs...not sure how or why but it seems to, so yo many want to try it. :D
Userlevel 7
Baldrick has it right on the nail.  WSA has until recently not detected and removed what we call PUA's.. that is new to the 2014 version and the functionality of it is still in the beginning stages.  Each time someone posts here regarding a specific one, especially if we have them contact Support about it, that helps being more and more PUA's into the radar, getting them added to the Cloud detection.
 
In that sense, we are ALL 'training' Webroot, but it is on a global sale and trains it for all users at the same time 🙂
Userlevel 7
Browser Hijackers are not malware but in nearly all cases are user installed toolbars. PUA`s often come bundled with other junk that will install a toolbar or will change the default homepage. Please dont post links to 3rd party sites/tools, we can fix these issues for our customers without using them. 
Userlevel 6
@ wrote:
Hi,
Browser Hijacker is a nasty virus which enters into the system without permission. After that it displays pop-ups and also disable some application and because of this users cannot access the system. But to remove such virus, virus removal tool is used so that it can help you to get rid of virus.
Welcome to the community stephanic !
 
Nice to have you here!
 
Thank you for your input!
 
Beth
It often comes with third-party software downloads
Uninstall Conduit toobar from chrome.
Click on the chrome menu bar icon
Select tool option
Remove trash bin icons by clicking on extension
Restart chrome page
Userlevel 7
Badge +62
Hi Mary _Smith, you say,

It often comes with third-party software downloads
Uninstall Conduit toobar from chrome.
Click on the chrome menu bar icon
Select tool option
Remove trash bin icons by clicking on extension
Restart chrome page
-----------------------------------------

Thank you so much for your input! Sounds great!

Have a great day! 😉
I had the same search conduit browser hijacker.its such a pain. It doesn't matter if u change ur chrome settings and u won't find any programs to remove; it's still always there ruining ur browsing experience and making ur PC run at a snails pace.
 
Remainder of post edited/removed: References to competitor product.  Please note that any PUA that WSA does not automatically detect and remove can be removed free of charge by Webroot Support.  The proper path in this case is to file a Trouble Ticket.  By having Webroot Support remove the nuisance software, the software will be reviewed for possible inclusion in the detection/removal engines.  shorTcircuiT
 
 
@ wrote:
On the flipside alot of programs include other downloads as part of the software so are we supposed to blacklist Java/Flash/Adobe etc? Google search results are a common thing that are shown as "Evidence" of malware just because a program is difficult to remove it doesnt mean its malware. I spent ages over the weekend trying to remove .net to get it reinstalled again. Does that mean its malicious because its tricky to remove? Of course not but you can see where I am coming from.
 
As I have always said with these topics arrive I detest toolbars and these "free" programs you see on a lot of well known sites.
ok well why not add a program to webroot that uninstalls the program, then searchs the computer for other instances of it and/or similar programs/files and allows the person to choose whether or not to have webroot delete/uninstall them and then alerts the person anytime it sees this file or program try to recreate itself and lets them choose to block it or let it thru
Userlevel 7
Hi BobbyBoswell13
 
Welcome to the Community Forums.
 
Thanks for your input into the Great Debate...if only it were that simple but unfortunately PUAs come in all shapes and sizes, i.e., from different sources, impacting the system in different ways, embedding themselves in browsers, installed as programs, chnaging the Registry, adding services, etc., or any permutastion of the aforementioned and more.
 
As I am sure that you must have read in numerous threads and posts on the topic WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA.
 
There are thos that that are intentionally difficult to locate and remove are. But having said all of that Webroot does have an official stance on these annoying programs, which you can read more on here is you are interested.
 
Also, one of our gurus @ has posted an Idea for Webroot to consider asking them to increase PUA detection.  Please go along, review this, add your comments (this is the best place as the Development Team frequently review what has been raised/posted in the Ideas Exchange) and even kudo the feature request...it will all help to get traction on improving WSA...and after all that is one of the things we want to do...help make WSA a better product.
 
Regards, Baldrick
You can get easy and complete removal instruction of search.conduit and other browser hijacker program form ~snip Removed Link to off site help forums only OS support Forums like Microsoft snip~. This place provide complete details about threat and there removal  instruction in a easy manner. It helped me alot, my friends also get benefited form this place. In my view this is the best place for those user whose PC get affected with browser hijacker and other computer threats. Wish you be safe and secure in future. 
Userlevel 7
Badge +56
Hello @ please don't post links to off site help forums just forums for OS's such as Microsoft Answer Forums: http://answers.microsoft.com/en-us as Webroot likes to help there own users and members.
 
TIA,
 
Daniel 😉
Hi everyone, it is really tough to deal with browser hijacker becasue it is going to hurt the browser so badly, apart from overall system is aversely affected by it. Nevertheless, it is possible to remove Cheapcomputersupport.com browser hijacker.
 
for more visit: <URL snipped as contrary to Community Guidelines to post links to 3rd party security and/or malware removal sites>
Userlevel 7
Hi Stuart
 
Welcome to the Community Forums.
 
We appreciate your desire to assist other Community members but if you wish to promote malware removal tips from other site please do so outside the Forums, i.e., via an offer to PM (Private Message) with interested members.
 
For more information on the Guidelines please see here.
 
Regards, Baldrick

Reply