search.conduit Infection

Hello boys, I"M BACK! Haha. :major
Hope you all have been well.

Yesterday I was looking for a PDF utility (Via MG) and was infected by conduit.search

I have looked through the various redirect threads, they all seem to have different solutions that eventually involve an mbr fix plus. I did not readily notice a thread related specifically to conduit.search, so I started one.

This is what I know so far:
Windows vista 64x service pack #2
I have a My Book external hard drive as a back up utility/device.
The read me first steps have been taken
The redirect steps require dns flushing. I could not use the command. The error message was "elevation required". I'm assuming this means the command must be run from c:\> but vista runs the command line under specific users.
The MBR faked message is suspect. My machine seems to have a non-standard OEM MBR. (Dell) This was apparent in this thread: MBR Infection Thread
Malwarebytes and SAS both find the issue, but the problems recur immediately. Pup.bprotector
There are issues that TDSSKiller finds, but they are medium level threats and ignored.
Rogue killer finds cookies that cannot be deleted.
Empty (0 byte) folders appear in various places depending on what windows are open at the time. I have fought it enough that the folders now appear on the desktop and in the google apps folders. bprotectorforwindows and SearchPlugins
I uninstalled the current and all other versions of Java, as opposed to just clearing the java cache.

Note: I did not have UAC disable through some of the process. Let me know if I need to re-run, but I don't think so.

I will attach the logs in this and the next post.

 

More logs

Can't find the MWB log, ran the scan and fix a couple of times, can't find log. Hmmm...?

That's all I can find at the moment, attached.

 

Tried attaching the hitman log but unsuccessful

 

Stumped? :hammer

 

Re: search.conduit Infection solved

Thanks for all the input guys. rolleyes

Problem solved.

First and foremost, search.conduit is not actually malware or a virus, but it is a platform, or open door if you will to acquire such problems. Search.conduit IS a program that installs itself on your machine. Search.conduit hides in several ways. The latest versions as of today do not show up on your list of installed programs. You have to search it out and kill it with your bare hands.

Do this at your own risk, it worked for me.

Disconnect from the internet.

Run the MG malware read me steps. This will kill the unwanted programs that tag along with search.conduit.

Use your computer search function and find all files containing the name conduit and delete them. There are multiple variations.
Search again for bprotect and delete them
search again for searchplugins and delete them.
Look for a folder called Uninstall, make sure the folder only contains what you want to delete and delete it with all of it's contents. There are several .exe files that I do not remember the name of, I did not write it down, but they have a B icon and contain the word brain. If you find these, you have the correct folder.

Enter regedit and do same searches and delete the registry entries.

run cccleaner registry fixes.

open each browser you have and reset the home page option to the page of your choice.

reboot

connect to the internet

navigate to a browser and verify the redirect is gone.

Have your favorite adult beverage or two.

Hope this helps you.