CONDUIT MALWARE

[marcuspassey]

Hi guys I get the error below hope someone can help literally had microoft support on it for 2 days no luck
I cant do windows updates or update IE8

Really hope you can help

there was a problem starting c:\users
\marcuspassey\local\conduit
\backgroundcontainer
\backgroundcontainer.dll
c:\users\marcuspassey\alldata\local
\conduit\backgroundcontainer
\backgroundcontainer.dll is not valid
win32 application

I also get these errors

receive error code: 0x80070646, error code: 646, or error code: 1606 when you use Windows Update or Microsoft Update

Also guys ive seen similar threads on here and twinheadedeagle has solved it. I was going to follow those instructions but my malware may need a different approach. Looking forward to hearing from one of you guys.

Thanks

Marcus

 

[g3n-h@ckm@n]

hello welcome to MalwareTips

Download and register ADWCleaner to your desktop from this direct link : http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Launch it , (For vista / 7 / 8 = > right click " to execute as administrator ") then click on "scan"

when done, click on "clean" and post C:\Adwcleaner[Sx].txt

 

[marcuspassey]

Hey thanks for the welcome will that get rid of it?

cheers

marcus

 

[marcuspassey]

I did that I attached report, what else do I have to do?

 

[g3n-h@ckm@n]

you have some adwares in your browsers, we're going to delete their rests

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/download/shortcut-module/

save it to your desktop

Attention : It'll close all the programs opened like IE, Firefox, Word etc...

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

attach the report

 

[g3n-h@ckm@n]

click on "clean" sorry

 

[marcuspassey]

Hey man I did that but I still cant install my windows updates :-(

 

[g3n-h@ckm@n]

i didn't say it could be resolved with only one tool, do what I ask please, we don't have finished

 

[marcuspassey]

sorry im no good with this malware just doing second step

 

[g3n-h@ckm@n]

ok

 

[marcuspassey]

Hey its taking a while, I see you are from France I stayed at a place called Besancon very nice place

 

[g3n-h@ckm@n]

yes , I am et Valence ( dept 26)

 

[marcuspassey]

What does the shortcut module clean? its taking absolutely ages

 

[g3n-h@ckm@n]

all what adwcleaner didn't clean
did you deactivate your antivirus as it was asked ?

 

[marcuspassey]

I turned off the firewall I have mcafee, Yes I mean the shortcut module its working a green line is moving along but its taking ages is it ment to take a while?

 

[g3n-h@ckm@n]

your pc has really a problem , in mine the scan is no longer than 10/15 mn

 

[marcuspassey]

The scan seemed to be stuck so I had to restart my computer. I have mcafee I turned the firewall off but I cant seem to turn off the virus scanner

 

[marcuspassey]

I have had to uninstall my mcafee, there seemed to be a problem with it. scan is almost complete I can attach the report soon.

 

[g3n-h@ckm@n]

ok let's do a diagnostic

Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe

Save it to your desktop

If you have XP => double-click , else , right-click "Run as administrator" to launch it

configure it like this : ("Analyse" = "RUN Scan" will be pressed after pasting the following blue bold text )

if a 64 bits checkbox appears let it checked.

copy/paste what is below in blue bold under "Personnalization" in OTL :

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT

click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.

Dont post them in the forum !!!! ( they're too big )

Attach them here or on http://cjoint.com or other site and give the links you obtained.

 

[g3n-h@ckm@n]

ok we answered in the same time

I wait for the report and do the diagnostic after