Quantcast

Jump to content

» «
Photo

Search Protect/Conduit/Trovi Malware - Last Resort

6 replies to this topic
Trevor Phillips Enterprise
  • Trevor Phillips Enterprise

    Gangsta

  • Members
  • Joined: 02 Aug 2009
  • United-Kingdom

#1

Posted 22 July 2014 - 09:28 PM Edited by Trevor Phillips Enterprise, 22 July 2014 - 09:29 PM.

Hey guys, just got an issue with malware on my laptop, as the thread title suggests, I've been infected with the common search protect/conduit/Trovi search malware. Basically, I've done near enough everything I can. It started about a month ago, maybe longer. I've been uninstalling it, running anti-malware software  (Malwarebytes and I've even downloaded the trial of Hitman Pro) and quarantining all the threats, then I've been running it a second and third time to make sure, to the point where both programs report 0 threats of malware. Then 12, 24, maybe even 48 hours (at the most) later and it's back again from beyond the grave, I have no idea where it's coming from or how to permanently remove it. I now seem to have another program downloading itself called "save clicker".

Another thing I've done is reset Firefox, but I don't think it has anything to do with my browser as the only add ons I use are Adblock Plus and HTTPS Everywhere and they're not dangerous.

Any idea how to get rid of this sh*t without restoring to factory settings?

 


Stinky12
  • Stinky12

    No title

  • Members
  • Joined: 14 Oct 2010

#2

Posted 22 July 2014 - 10:35 PM

Even if you did manage to take it out, the damage will probably be so bad, your system won't be performing like it's used too.

Best option would be to backup your important stuffs and do a clean install or in your case a factory reset.


sivispacem
  • sivispacem

    Look at his little spots!

  • Moderator
  • Joined: 14 Feb 2011
  • United-Kingdom
  • Contribution Award [D&D, General Chat]
    Most Knowledgeable [Vehicles] 2013
    Best Debater 2013, 2012, 2011

#3

Posted 23 July 2014 - 07:25 AM

Conduit is adware, rather than malware. It's notoriously for returning once it's been deleted as it uses a secondary autorun process to re-install itself on restart.

It shouldn't require a clean install to sort- I'd just follow this guide.

Stinky12
  • Stinky12

    No title

  • Members
  • Joined: 14 Oct 2010

#4

Posted 23 July 2014 - 04:48 PM

Search Protect and Conduit aren't that difficult to remove, I suspect the problem is wiith Trovi Malware


Trevor Phillips Enterprise
  • Trevor Phillips Enterprise

    Gangsta

  • Members
  • Joined: 02 Aug 2009
  • United-Kingdom

#5

Posted 23 July 2014 - 04:55 PM

Just tried that what you suggested sivispacem, no doubt it'll re appear soon though as I've followed those steps before


Wolf68k
  • Wolf68k

    always howling

  • Members
  • Joined: 12 Mar 2003
  • None
  • Most Knowledgeable [Technology] 2013
    Best Contributor [Technology] 2012

#6

Posted 23 July 2014 - 05:50 PM

You try follow these steps? http://www.lavasoft....-by-conduit-ltd and http://www.lavasoft....ve-trovi-search

Also try adding SpywareBlaster to your system. It doesn't remove anything, it immunizes; it just sets up some sites to be blocked.

As does Spybot with it's Immunize, which adds a bunch of things to the host file something that SpywareBlaster doesn't do.

The 2 do have some over lap, and that's a good thing, but SpywareBlaster blocks something things that Spybot doesn't and vise versa.

 

Something else to learn from this.....

There's a chance that you may have gotten these from installing something recently. If that is the case that the chances are increased if you installed something that you used for 1 specific purpose and aren't likely to use all that much.

Most people just let the installer do it's thing and don't think twice about it. Most installers have an advanced or custom install option; always, always always use this option. Because in most cases the option to install the adware, browser bar, aka crap you don't want or need is within this area.

Another idea to try, and that I highly suggest, is Sandboxie. This is like having a virtual PC without all of the hassle. It uses your own OS as the "host" but without the harm. Anything you install gets put into a special folder and any "changes" to the system are actually restricted to the sandbox, this includes registry entries. You can then delete this special folder (let Sandboxie do it) and everything is gone and your system is still unchanged.

You can also use Sandboxie to run private browser sessions which can be even more secure than having the browser do it even if the browser has the option.

 

I use Sandboxie for all installers I question, and more so when it's a program I have 1 use for and more so a 1/few time(s) limited use for. Cuts down on the bitrot that you commonly get when you install something of that nature.


sivispacem
  • sivispacem

    Look at his little spots!

  • Moderator
  • Joined: 14 Feb 2011
  • United-Kingdom
  • Contribution Award [D&D, General Chat]
    Most Knowledgeable [Vehicles] 2013
    Best Debater 2013, 2012, 2011

#7

Posted 23 July 2014 - 06:14 PM

I've been using sandboxie for web browsing for years now. Great way of isolating exploit kits and unintentional downloads.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users