Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 06, 2016, 06:11:08 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Automated Conduit and Entrusted Toolbar Removal Needed  (Read 4640 times)

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 510
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
Automated Conduit and Entrusted Toolbar Removal Needed
« on: April 28, 2013, 05:06:44 PM »
This may not belong here, If not, could someone please move it to the right forum please.

A recent episode of dealing with Conduit and the Entrusted toolbar left me spending hours of time trying to tease out the key to the absolute removal of this "Thing".  I cannot believe that Conduit is still not considered Malware but apparently it gets a pass in some way.  Malwarebytes and all the usual "helpful tools" did their best and still could not find the last piece which left me with a "rundll" error  every time I used Right click.  even after I thought the "bug" itself had been removed.
By turning on the "show system files"  (I had already turned on show hidden files) I finally found the last piece hiding as "counter.dat" in the Temporary Internet Files folder.  Even then, I had to take ownership of it to get rid of it.   This after I had run every malware /virus remover I could find.  I was wondering if anyone else had run across this issue and/or anything similar and could offer a better way to search for and remove objects like that.  
Even Avira's Forum seemed to be "try this, if that doesn't work. try that" so I don't know if I was just lucky  or worse  if I just think I am rid of it.  The counter.dat file said it could not be deleted as "No one was the owner" which is why I had to take ownership to remove it.  And it only showed up after setting to see "system files".  

I wanted to add that after removal of this file, the system immediately began to function properly.  Before removal, you never knew what might happen.  I had already removed at least 20 different places where the entry for a "Search protector(?)" (I cannot for certain remember the last word after "search" But I kept notes and will edit this as soon as I can get to them) that appeared in the registry and in Windows 7 subfolders and multiple other places.  All of these had been create by this one piece of Malware that came from downloading a "Free" Scan to file" utility found on a Google Search.  I took several days of effort with a lot of "false" successes which is why I am not certain even now.  Most people seemed to be in favor of the "format and reload" routine with many even cleaning the MBR as well.  Considering the time factor, normally, so would I. 
It has been a week now so maybe I won the battle.  But it shouldn't be that hard for something that apparently isn't even considered a threat by the AV companies.  The fact it make Bing your Default Home page on every browser is also puzzling  If I ever see it again, I probably will also "format and reload" but the fact it used a system file with "no owner" I thought odd enough that maybe there would be a way to search for that.
(I should also add that the normal "net user administrator /active:yes" activation would say there was no such user.  So the elevated command prompt was all I had to work with)
« Last Edit: April 28, 2013, 05:36:49 PM by questorfla, Reason: Final results »

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,367
    • View Profile
    • Donate to Member
Re: Automated Conduit and Entrusted Toolbar Removal Needed
« Reply #1 on: April 28, 2013, 10:55:11 PM »
Thanks for reporting your experience. Could well help someone else.