Railworks America Website

[Ericmopar]

I've run across this on my and two other pcs so far. The only thing that seems to be common is the use of TV Guide channel's website.

[arizonachris]

Wow, that looks like a nasty little bugger: http://www.2-spyware.com/remove-conduit ... virus.html Not easy to get rid of. Apparently Malwarebytes won't remove it either. I'm hoping if I ever run into it the MSE realtime scanner will pick it up. Should let TV Guide know they are infected.

[Ericmopar]

Wow, that looks like a nasty little bugger: http://www.2-spyware.com/remove-conduit ... virus.html Not easy to get rid of. Apparently Malwarebytes won't remove it either. I'm hoping if I ever run into it the MSE realtime scanner will pick it up. Should let TV Guide know they are infected.

The easiest thing to do with it Chris, is to open a new account on the infected PC using a password protected administrator account. Then just copy and paste the documents, shortcuts, pics etc over to the new account.
Then delete the old infected one.
That's far quicker then trying to remove it.

Oh yeah, MSE wont stop it, and it loves IE...

[DapperDan]

Found this little bugger on the wife's computer about a month ago. We couldn't figure out how she got it as she doesn't do any surfing/searching on the internet. She only uses the internet for a couple of trusted websites. I had a devil of a time trying to get rid of it. An MSE full scan didn't show anything wrong. Add/Remove didn't get rid of all of it. I ran a scan using Malwarebytes quick scan and it found 28 various references to it. I still wasn't sure everything was cleaned out so I ended up running another full scan with Malwarebytes and it found 3 more references. Also ran a registry scan with CCleaner. Ran another full scan the next day with Malwarebytes and this time it had nothing to report. The one thing I can't seem to get rid of is a reference to it in IE's Manage Add-ons search providers. The reference is grayed out and show's it as being disabled. Have run a number of Malwarebytes full scans since and the scans come up clean, also registry scans with CCleaner don't show it anymore. Just can't figure out how to get rid of the reference in IE.

Regards,

[Ericmopar]

Your telling me all I have to do to save a HDD from being compromized by a virus is make a new account and delete the old one AND I can even back up files??? Won't they be infected too? Thinking of making a new user account on my current HDD just to see if its something hiding out in there if this is the case

It won't always save you Mike, but it's easier to try that first, than do a clean instal of windows.
You have to have at least one passworded administrator account on the PC, plus whatever accounts you do for other activities like gaming.
I leave the administrator account empty of games etc.

When windows creates a new account, it uses the protected archives in windows to do that.
When you get the new account up and running you have to make sure you delete the old one fully, including things like users files when it prompts you.

[arizonachris]

Guess it's a good thing I have a second hard drive, I already do a monthly backup of "steamapps" and Documents. All I would need to add to that would be Bookmarks. Hopefully it doesn't like Firefox.

[Ericmopar]

I keep backups on my Gaming drive which is a Samsung 840 120GB. Some backups I keep on the OS' HDD. I just create a new folder on C: drive and stick backups in there.
If you get a new edition of Firefox, make sure you are actually at Mozilla's website. In the process of getting rid of Conduit, I stumbled across a bogus Firefox site with more malware!
Conduit, Zedo and others, will redirect you to their own infested websites.

When you have two accounts on a PC, all you have to do is check the administrator one used only for new driver installs and the like, and see if it got infected too. If not, a person is good to go with the new account method of getting rid of the malware.

[Ericmopar]

I have a second HDD but don't know how to set it as the main HDD as I would like to

You don't need to do that to create a new account mike. It all stays on the C: drive.

For those that don't know, Accounts are managed by clicking on the little picture at the top of the Start Menu when you first open it. A lot of people don't know that one. In windows 8 I don't know how a person gets there. The tip I gave applies to Vista, 7 and I think XP.

You have to have a second account to do this, an administrator account. Then a person just goes to the little picture at the top of the Start Menu and clicks it. From there a person selects whatever they need. Manage an account, Delete an account, Create a new account etc.
From the administrator account a person can click on "users" in windows explorer and copy and paste photos, documents etc to the new account, which will also be in the users folder in the administrator account.
When in "users" a person can copy and paste shortcuts from the infected account's desktop to the new account's desktop.
All this requires that one password protected administrator account be on the computer. (before the infection)
I'm not sure what would happen if a passworded account was formed after. It might work and it might not.

[GaryG]

I've seen Conduit installed as part of another installation (not my computer). You need to read all installer windows and check the options really closely; you might think an option is to install when it actually meant unclick to install. English grammar can be twisted so be careful before clicking.

GaryG