Be careful out there: Conduit Search spyware is annoying the Internet

UPDATE: In early 2014 a more aggressive version of Conduit Search started showing up. If the below instructions are not effective, we would suggest using Malwarebytes to remove the infection. You can download a free version of Malwarebytes here. (During installation, you may want to uncheck the “Enable free trial of Malwarebytes Anti-malware Premium” box if you don’t want a 30 day trial of the premium software to install.) Once installed, simply click “Scan Now” and Conduit Search (as well as any other infections) should be cleared up pretty quickly. Business professionals may want to consider TOAST.net’s Managed Antivirus product instead, which will block and clean infections as well as send you a regular security report to help you manage your network.

_______________________________________________________________________

Original Article:

We’re seeing a lot of reports of something called Conduit Search showing up on customer computers over the last few weeks, causing problems ranging from an inability to get to certain websites to getting completely locked out of your Internet connection. Conduit Search is essentially a
browser hijacker: a program or an add-on that attaches to your web browser and changes settings in ways you did not authorize.  In this case, browsers that are infected with Conduit will have their home page changed to search.conduit.com, and any searches performed will go through Conduit’s search engine rather than Google, Bing, Yahoo, or whatever search engine you are used to using. This search information is collected by Conduit for marketing and ads, then search results are displayed that make the business money with each click.
conduitinchromeConduit is a little unusual in that most browser hijackers target Internet Explorer, but in this case all major browsers can be infected (including Chrome, Firefox, and others).

“How did I get Conduit installed in the first place?”

While not a destructive infection (it’s considered spyware, not a virus), Conduit can expose private information to third parties, and the software is unethically generating money to its manufacturers through advertising and search manipulation. On top of that, Conduit encourages others to create their own “Conduit Toolbars”  through a Conduit Community website, promising a share of those advertising profits. Because of this, 3rd parties are using trickery to get you to install the software. One common method is to generate a fake “update” screen on a website, claiming to require an update to Flash Player or Java to continue. Another method is posting free software for download, and then piggybacking Conduit in with the installation.

Once installed, Conduit and the Conduit Toolbar hijack your web browser settings and change the homepage to search.conduit.com. The default search engine is switched to search.conduit.com, your homepage is changed to Conduit’s, and from that point on any attempts to use the address  bar to search the web, results will redirect to search.conduit.com. Conduit is paid when users click advertisements, as well as by the amount of page views they generate.

How to remove Conduit Search

Conduit Search is not a virus, so antivirus programs such as Microsoft Security Essentials, Vipre, and GFI Antivirus usually will not stop it from installing. You can manually remove the software from your computer using this method:

  1. Click the Start button, open Control Panel, and choose Uninstall a Program. (Windows XP users will choose Add/Remove Programs).
    controlpanel
  2. On the list of programs, look for Conduit Community Toolbar, or any other listings for Conduit. Highlight the program and click Uninstall.

Remove Conduit Toolbar and Search Engine

Microsoft Internet Explorer

  1. Click the Tools icon and select Internet Options. Under the General tab, make sure your home page address is listed correctly
  2. Click the Programs tab and click Manage add-ons.
  3. Click Toolbars and Extensions and remove any listings for Conduit.
  4. Click Search Providers and remove any listings for Conduit.
  5. Click OK when complete.

Google Chrome

  1. Click on the Customize button ( 3 bar icon in the upper right corner) and select Tools/Extensions.
  2. Look for any Conduit extensions and remove them by clicking the trashcan icon to the right of the listing.
  3. On this same screen, click Settings on the left menu.
  4. Under On Startup, if you have a dot next to “Open a Specific Page or Set of Pages”, click Set Pages and remove/adjust your home page address if needed.
  5. Under Search, click the Manage Search Engines, and remove any listings for Conduit by highlighting the listing and clicking the X to the right. You can then set your search provider to whoever you wish.
  6. Close the Settings tab.

Stay Safe In The Future

To prevent getting nasty infections, keeping up with updates and running good antivirus software are always a good idea, along with the steps listed on our Tips for Safe Computing page. Also be skeptical of windows that randomly appear saying “An update is required” or “A virus has been detected.” Pop-up windows like these are often designed to look authentic with the purpose of tricking you into installing malicious software. If you see a message saying:

“A virus has been detected, click here to clean” – Most antivirus programs automatically clean infections and then tell you what they did after-the-fact. It’s best to close these warnings and go directly to your antivirus software to run a scan if you’re in doubt.

“You must update to the latest version of Adobe Flash to view this content” – Adobe Flash is a browser add-on that allows you to play videos and show advanced features on some websites. Go directly to Adobe’s Web Site to check to see if you have the latest version installed instead.

“Your version of Java is outdated, click here to update.” – Just like Adobe products, Java is an add-on that allows you to see advanced web site content and is usually updated automatically. Go directly to the Java Web Site to see if you have the latest version.

TOAST.net

Like us on Facebook Follow us on Twitter! Email us!

Advertisements

About TOAST.net Internet Service
TOAST.net has been a leader in Internet, business, and cloud services for two decades. See how we can help you!

29 Responses to Be careful out there: Conduit Search spyware is annoying the Internet

  1. Reblogged this on Remove Your Malware and commented:
    Today’s reblog about the Conduit Search Engine comes from Daily Slice!

    Conduit uses a malicious search bar and search engine. It is a form of Spyware and is often included as a third party install in a legitimate or illegitimate download.

    For more information, or if you’re interested in other posts like this, head to blog.toast.net! Or follow Remove Your Malware for similar posts!

    • Ann says:

      I removed everything with conduit, bing, etc. and nothing now appears in the programs, but the darn thing is still there

      • If you haven’t already, try an Anti-Spyware solution such as Malwarebytes (www.malwarebytes.org) or Hitman Pro (www.surfright.nl) and run a free full/default scan of your computer. Use CCleaner (www.piriform.com) to remove any registry keys left behind by the program and keep your Antivirus solution up-to-date!

        If the problem persists, it is recommended that you ask for help on an online security forum such as Bleeping Computer’s forum (www.bleepingcomputer.com/forums) – There you can talk to trained experts that will guide you through the removal process of anything left behind.

        If you have any more questions, ask either me (RYM) or the writers of this reblogged article! (blog.toast.net)

        Good Luck and Stay Safe!

    • Very informative and interesting article! Information on how to remove it is great too, but how about some tips to avoid having to remove it at all? This is very scary too.
      I like that you verified that clicking on those false, ‘you need to update’ messages, that pop up suddenly, ARE very BAD.I knew that there were phony things like that out there, but never was sure 100%, If some could be real. Hard for the average user to know the difference, often Now I know and will be more careful!
      I liked how you wrote it in easy to understand language, making this valuable information available to a wider audience. Although I have been using computers since the 1980’s, (I was a tiny baby then, of course!), I really don’t know much about the workings of the internet, so appreciate information shared like this. Aloha nui loa, from Hawaii, Leilani

      • Danny Morton says:

        A well protected system with an Antivirus and Anti-Spyware solution will often help to protect you against spyware like Conduit! For extra protection, you could consider using a good Firewall program.

        Spyware infections like Conduit can be the fault of installing software that comes with third-party software, so it is important that you watch carefully what you’re downloading and installing – don’t speed through the installation process! Find out what you are installing.

        You can find some great advice on how to keep you and your family safe online at http://www.toast.net/protect!

        You can also find useful information on how to stay safe online at http://www.removeyourmalware.wordpress.com/protection/network!

        All credit for this article goes to Daily Slice (blog.toast.net).

        Stay Safe!

  2. Pingback: Be careful out there: Conduit Search spyware is annoying the Internet | Remove Your Malware

  3. Carie Staerker says:

    Finally! Thank you for the solution!

  4. midsam says:

    How do I get rid of Conduit Search in Mozilla Firefox?

    • We don’t directly support Firefox, but there appears to be a nice removal guide available here:

      http://malwaretips.com/blogs/remove-conduit-apps-search-and-toolbar/

  5. Sharon R. says:

    Guess what, now Divx (www.divx.com) will helpfully install Conduit for you by default! If a Quicktime video fails, Quicktime will helpfully direct you to a web page with links to codecs that might help. Divx is at the top of the list. Divx’s download page by default has the opt-in checked for installing the Divx toolbar and enabling Conduit search. Thanks for that.

  6. Pingback: How you can get stung in a Flash by Conduit Toolbars | sqwabb

  7. Rich P says:

    Apparently the evil minds behind Conduit “enhanced it” and made the steps outlined above inadequate, because Conduit thwarts its own removal.
    1. Reboot in the safe mode.
    2. Do the uninstall suggested. In my case, the software was “Search Protect” by Conduit.
    3. I edited my registry to remove everything related to Conduit, by using the edit, search function and then delete.
    4. Still in the safe mode, I deleted all directories under “Conduit” or “Search Protect”. To be sure I also removed them from the recycling bin.
    5. Reboot normally.
    6. You may see a boot up error message related to “BackgroundContainer” – remnant of Conduit. To resolve it I installed a Microsoft utility “Autoruns” to find “BackgroundContainer” and disable it.

    The criminals at Conduit should be prosecuted.

  8. Reblogged this on Sally's Special Services.

  9. andrewhagle says:

    Reblogged this on Home Grown News Media.

  10. Nessie Gray says:

    Almost every time I contact anything new…even Internet Security companies…they usually include conduit searches that it really screws my searches up …tho where I have to keep changing back my chosen search item. Isn`t there a way to stop those companies from using there wares to push them into someone`s personal places???

  11. Pingback: Lessons learned from the Conduit Search virus | B2B-TechCopy Technology Marketing Blog

  12. Christopher Bowman says:

    Has anyone ever had this mess up the wireless connection? I can’t get anything wireless to work on my computer and I found this program on it.

    • Christopher,

      It doesn’t have any access to hardware settings, so it shouldn’t affect your wireless connection at all. Maybe check to see if there’s a switch or key combination that shuts off your wireless. That happens to me a lot.

    • joe d says:

      Had a similar problem, no clue what was causing it, took my computer to my university tech center, tech uninstalled and removed all conduit folders, internet started working again

  13. Bon Vivant says:

    How many millions of man hours have been wasted because of Conduit? Why isn’t this considered a criminal enterprise?

  14. EASY FIX: First open Windows Control Panel > Uninstall Programs. Scroll down and uninstall “Search Protect”. Tell it to reset default settings. It only protects Conduit from being uninstalled. Otherwise nothing you do will be affective.

    Then open Free Auslogics Browser Care and remove the nonsense it installed in them.

    In Internet Explorer it would be a good idea to look in Manage Addons in case Auslogics missed something.

    If you have Superantispyware Pro open the Uninstall Unwanted Programs section to uninstall hidden toolbars no other program can find.

    I had to completely reinstall Google Chrome to get rid of all the junk Conduit installed in it.

    One program I know for sure that will install this junk on your computer is Free Zonealarm Firewall. If you don’t allow it you cannot install the firewall. It’s best to do this on a new computer or just after reinstalling Windows before installing other browsers. Then you only have to remove it from Internet Explorer.

  15. Tai Dawson says:

    only a software support specialist can remove it and even then it might take him or her three tries .It’s not annoying ,it’s infuriating!

    • kbkitz says:

      I got infected by it. HitmanPro can detect and remove all traces of inclusive of registry. But you have to buy it to enable the delete feature, but very well worth the 24.95 imo opinion, best money I spent, if I get it again my Hitman will thawart it.

  16. Bill Woodland says:

    Adwcleaner and mailwarebytes are all you need, and they are both free. Good instructions here:

    http://malwaretips.com/blogs/remove-conduit-search-virus/

  17. ryan says:

    How can you claim conduit is not a harmful program. Also if you only remove from add and remove programs 9/10 times you will break the operating system. You have to remove all traces from the registry itself or it will break as well as still be there. I work removing this stuff for a living and am just curious as to your claims. So for everyone reading you indeed have to clean from registry or risk losing everything. As one comment stated bleeping computer and other forums show how to do this.

    • This article was published 7 months ago and was accurate at the time. There is a newer version of Conduit Search going around that is more aggressive. We now suggest using an anti-malware tool to remove Conduit Search and all of its other variants. Nothing listed in the instructions above would harm anyone’s computer. Conduit simply added more “hooks” to reinstall itself if the above components were removed.

  18. ImADreamer says:

    Wouldn’t it be great if somebody could compose a list of software that piggybacks these annoying malware/spyware installs? Imagine if thousands of users opted not to use a particular software because they are associated with the likes of Conduit and other hijackers .. perhaps the power of the masses could stem this kind of insidious behavior.

  19. Chris McGee says:

    i see conduit on almost everybody’s computer as a repair tech .. and it does stop wifi from working on most of them. Honestly, for the time it takes to clean this thing out once you got it, it is faster and easier to format and reinstall windows … paid version of malwarebytes pro installed and free web of trust plugin on your browser immediately after you reinstall windows and ya, avoid the fake update messages from now on and you should not ever get infected again. Otherwise, it is very repetitive and people keep getting it over and over and over.

    I think conduit is the worst thing out there today, it is way to easy to get infected with this nasty shit.

  20. Stop talking about things you don't know. says:

    OMG another guy having a blog trying to give advices on how to remove an annoying very annoying malware… And not knowiout what you talk about…!

    Sorry to be that aggressive but you are A BIG PART OF THE PROBLEM when you write things like that!

    You tell people to go in the control panel etc … WHICH IS TOTALLY NOT SOMETHING TO DO WITH THAT MALWARE! It will be more damaging your computer by doing so.

%d bloggers like this: