conduit & the after effects of some nasty virus

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by fixerH, Jun 15, 2013.

  1. fixerH

    fixerH Private E-2

    I have been trying to fix my dad's computer for a total of 15 hours. A few days ago, a computer shop reinstalled XP. Since then, my dad put a program on called "Mindful Clock." He said it required him to install some other things too (I'm assuming toolbars). I deleted all the toolbars in add/remove programs. When I type a search term into the browser of IE, "conduit"... pops up in the browser. This was a problem I noticed last week before my dad took it into the shop/before XP was reinstalled. Last week (before the reinstall) I ran Malwarebytes, CCleaner, Norton 360, etc. to no avail. I am assuming the computer had some kind of nasty virus that Norton may have removed (there were six problems in the results), but the after effects are still plaguing the computer. Today (after the reinstall of XP) I followed the steps in the "Windows XP Malware Removal/Cleaning Procedure," but I was not able to install Malwarebytes. Instead, I got an error message that said, "CoCreateInstance failed; code 0x8004054. Class not registered." I am attaching the results from the scans, but I couldn't find the HitmanPro log. Now, the computer won't install updates. It won't let me turn my firewall on. I can't even view my programs in add/remove programs. And, when I click "Start" and then "All Programs" nothing happens. What is going on and what should I do? :confused
     

    Attached Files:

    fixerH, Jun 15, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

 
:Files
C:\Documents and Settings\Jon Loker\Application Data\PriceGong
C:\Documents and Settings\Jon Loker\Application Data\SwvUpdater
C:\Documents and Settings\Jon Loker\Local Settings\Application Data\Conduit
C:\Program Files\Conduit
C:\Documents and Settings\Jon Loker\Local Settings\Temp\*.*
C:\Documents and Settings\Jon Loker\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{780C8AC7-7720-4DF3-9137-F0240FCE46CD}.ico


:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

[HKEY_USERS\S-1-5-21-2000478354-1202660629-682003330-1003\Software\Microsoft\Windows\CurrentVersion\run]
"MSMSGS"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{780C8AC7-7720-4DF3-9137-F0240FCE46CD}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Jun 16, 2013
    chaslang, Jun 15, 2013
    #2
  3. fixerH

    fixerH Private E-2

    Hello and thank you for your reply. I tried to do what you said, but my computer is still experiencing the same problems. When I tried to remove Windows Messenger, I got a message that said, "Run-time error '429': ActiveX component can't create object." When I tried to run OTM, I got a message that read, "OTM has encountered a problem and needs to close. We are sorry for the inconvenience." I ran Junkware removal tool and am attaching the .txt file. I ran MGtools, but I could not find the C:\_OTM\MovedFiles log or the JRT.TXTlog. I am, however, attaching the MGlogs.zip file from my desktop.
     

    Attached Files:

    fixerH, Jun 15, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please shutdown your protection software and try again.


    I did not ask you to run this>>> C:\Documents and Settings\Jon Loker\My Documents\Downloads\MGtools.exe
    In fact please delete this file because MGtools.exe does not belong here.

    What I asked you to run was C:\MGtools\GetLogs.bat Please see my previous instructions and run this as instructed. But only run it if you have been able to run OTM properly.

    Also please tell me exactly what problems you are having. Please do not talk about previous problems. Only tell me current problems.
     
    chaslang, Jun 15, 2013
    #4
  5. fixerH

    fixerH Private E-2

    the C:\_OTM\MovedFiles log
    the JRT.TXTlog
    C:\MGlogs.zip

    Hello. I disabled Norton 360 again, the same as I did the last time, and I again got the same error messages when I tried to run "Disable/Remove Windows Messenger" and "OTM." Since I could not run "OTM," I cannot provide you with the MovedFiles log. When my computer starts up, Windows Firewall is turned on. Then about a minute later it turns off and it won't turn back on. I am unable to run a command prompt from my desktop, because when I click "Start" there is no "run" icon. Therefore, my dad ran a command prompt in safe mode; he went old school and was able to delete MGTools.exe and run MGTools\GetLogs.bat. You already have the JRT.TXTlog if I'm not mistaken. I am attaching the MGlogs.zip file.
     
    fixerH, Jun 16, 2013
    #5
  6. fixerH

    fixerH Private E-2

    Also, I just got a popup from "Power Speed System Optimizer." It prompted me to clean my registry. I just clicked it off. I think it is probably part of the conduit malware problem unless it is a result of a clock chime program my Dad put on the computer. When I try to attach "MGlogs.zip" I get an error message saying that I've already attached it in this thread.
     
    fixerH, Jun 16, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You cannot attach the same MGlogs.zip file. You have to run a new scan first but as stated previously, I don't need it until you have been able to get OTM to run.

    Seems that Norton 360 is probably still having services run and it is getting in the way. Please try to run the procedure in safe boot mode. You do not have to run JRT anymore. Just OTM and then GetLogs.bat. If OTM runs, then reboot back into normal mode before running MGtools. If you still cannot run OTM, just tell me. We may have to uninstall Norton.

    It is supposed to be off!!! You have Norton 360 installed and it has its own firewall. You should leave the Windows firewall disabled!!

    That's how you have it configured. If you want it enabled, you have to provision it that way by right clicking Start and selecting Properties. And then from the Start Menu tab select the Customize button and then Advance tab. Scroll to the Run command check box and check it.
     
    Last edited: Jun 16, 2013
    chaslang, Jun 16, 2013
    #7
  8. fixerH

    fixerH Private E-2

    I guess I got bogged down and confused by all this. I wound up formatting the hard drive and installing Windows7 which is running much more smoothly. Thank you for the responses.
     
    fixerH, Jul 6, 2013
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You''re welcome. Happy to hear you have it running now!
     
    chaslang, Jul 6, 2013
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds