How did Conduit get installed?

User Help for Mozilla Firefox
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

How did Conduit get installed?

Post by rick7 »

I just installed Firefox 8 and now I see that when I open up New Tab it loads something called conduit.com ready to be used as a search engine. Google is still my search engine in the toolbar, and Mozilla Firefox Start Page is still my home page under Tools | Options, but this is scary. Any idea how Conduit got installed, and how do I get rid of it? Thanks for any help.
User avatar
DanRaisch
Moderator
Posts: 127187
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: How did Conduit get installed?

Post by DanRaisch »

1. From what URL did you download Firefox 8.0?
2. Did you install any extensions recently or any plug-ins like Flash, Java or anything of that sort?
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

Thanks. I realized that I shouldn't have attributed it to installing Firefox 8, and that today I did install an Add-on to Thunderbird. I did get that add-on directly from addons.mozilla.org, so it should be copacetic but I'll have to investigate. In the meantime, any help uninstall this would be greatly appreciated. It's not installed as a toolbar but only as something that loads when I do New Tab. It also does NOT appear when I initially start Firefox. Thanks for any help.
User avatar
JayhawksRock
Posts: 10433
Joined: October 24th, 2010, 8:51 am

Re: How did Conduit get installed?

Post by JayhawksRock »

Conduit is a Trojan that Hijacks your search. It is disguised as a "Free" Toolbar
Remove from Firefox by
1. Open Firefox
2. On the address bar, type – about:config in the URL. Press Enter.
3. You will be warned about Warranty. Click on “I’ll be careful…”
4. On the Filter dialog box type – search.conduit
5. It will display all related entries. Right-click on Preferences Name and Reset

Sometimes installed without toolbar by sites that say like "Your flash is out of date..... click here to update. or some other Free offer

Edit: Also Delete your cookies or at least the ones you dont recognize.... Conduit leaves a tracking cookie.
Last edited by JayhawksRock on November 25th, 2011, 3:15 pm, edited 1 time in total.
"The trouble with quotes on the internet is you never know if they are genuine" ...Abraham Lincoln
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: How did Conduit get installed?

Post by LoudNoise »

What was the extension?
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

I was initially a bit hesitant to mention it because I'm not at all positive this was the culprit but it's called TBDialOut and is at https://addons.mozilla.org/en-US/thunde ... tbdialout/. I will follow the above directions to remove it. I have NoScript so at least Firefox didn't run any scripts from the web site. Thank you.

Edit: I reset all the config entries that contained search.conduit (about four or five) but it's still happening. I then searched for just the string 'conduit' in about: config and I see there are now about 50 entries containing either conduit.com or conduit-services.com. About half of these have Preference Name beginning with CTnnnnn and the other half begin with CommunityToolbar...'. Help is appreciated.
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: How did Conduit get installed?

Post by KWierso »

Reset all of those, then restart the browser.
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: How did Conduit get installed?

Post by KWierso »

I just looked through the code in that extension (which is for thunderbird?), but I don't see any references to "conduit" in there...
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

(1) Doing that right now... There are a few entries whose value is 'ConduitIntegration'. I should reset those also, yes?

(2) Considering that NoScript should have blocked any scripts from running from conduit.com, how important would you say it is for me to delete cookies? The idea of deleting all my cookies (with all my logons and preferences) is not an easy thought -- but of course I'll do it if it's necessary to get rid of this.

Thank you VERY much.

P.S. Yes, that's a Thunderbird extension, so... at this point I just am not sure how I got this...
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

Eighteen of the about:config entries have a Preference Name whose name includes the string 'conduit.com' or 'conduit-services.com'. Can/should these be simply deleted?
KWierso
Posts: 8829
Joined: May 7th, 2006, 10:29 pm
Location: California

Re: How did Conduit get installed?

Post by KWierso »

If you reset them to default (with the extension that created those entries disabled/uninstalled), they should disappear the next time you restart Firefox.
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

Yes! All those about:config entries deleted when I restarted, and now no entries contain the string 'conduit'. I also deleted all cookies with 'conduit.com' or 'conduit-services.com' in their name. Doing New Tab now gives me a big ole beautiful blank page. Do you think I'm ok now? Should I consider combing through other cookies, or deleting all cookies to be safe, or...?

I'm curious if a computer-wide malware scan would reveal anything.

Thank you VERY much. I may never know exactly what happened...
User avatar
L.A.R. Grizzly
Posts: 5396
Joined: March 15th, 2005, 5:32 pm
Location: Upstate Ohio, USA
Contact:

Re: How did Conduit get installed?

Post by L.A.R. Grizzly »

rick7 wrote:Yes! All those about:config entries deleted when I restarted, and now no entries contain the string 'conduit'. I also deleted all cookies with 'conduit.com' or 'conduit-services.com' in their name. Doing New Tab now gives me a big ole beautiful blank page. Do you think I'm ok now? Should I consider combing through other cookies, or deleting all cookies to be safe, or...?

I'm curious if a computer-wide malware scan would reveal anything.

Thank you VERY much. I may never know exactly what happened...


Just to be safe, you should check the about:config in Thunderbird for conduit entries as well.
Win7 Pro SP1 64 Bit
Comodo Internet Security
Pale Moon 33.0.2, Epyrus Mail 2.1.2, Firefox 115.8.0esr, Thunderbird 115.8.1, and SeaMonkey 2.53.18
rick7
Posts: 285
Joined: July 16th, 2005, 5:33 am

Re: How did Conduit get installed?

Post by rick7 »

Thanks; there's nothing in Thunderbird's about:config for 'conduit'.

I'm curious: would you expect this kind of trojan to show up in a general anti-virus scan on the computer, or is it limited in effect to the web browser?
User avatar
Frank Lion
Posts: 21173
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom
Contact:

Re: How did Conduit get installed?

Post by Frank Lion »

rick7 wrote:... at this point I just am not sure how I got this...

You have Hotspot Shield?
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
Locked