[Solved] Conduit redirect

This forum is intended to help the users to disinfect their computers.
Post Reply
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

[Solved] Conduit redirect

Post by wmmiller »

Hi Fred,
I have a remote Dell Inspiron 1521 Windows 7 x64 laptop computer. I don’t know why but I’m having a heck of a time getting rid of conduit redirect in IE 11. I don’t get it. I’ve never found this to be problematic, but I’m sucking swamp water on this one for some reason. :oops: I deleted
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] “Start page=) It comes right back as soon as I open a web page. I used AdwCleaner, it finds it and claims to have deleted it, but it’s not gone. It is not active in safe mode. Will you please give me some advice? Maybe I’ve just lost a brain cell or two, but that’s beside the point. :roll:
Bill
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Hi Bill. Can I have a UVK log from that computer?

If not, try the following fixes:

Reset IE and internet settings
Reset Chrome for all users (if chrome installed)
Reset Firefox for all users (if FF installed)
Fix browser shortcuts

Thanks
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Also check out if there are any bad IE BHO or toolbars, in the Autorun manager section, and remove them, including the associated file.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

I did try all those fixes yesterday and again just now without luck. It does show up in auto run manager and I have deleted the entry as well as the file a few times and it just comes back. Here’s a log to take a gander at. Thanks!

NOTE: IE is the only browser that is used on this computer so any entries to all others can be removed.
Attachments
Lake George Tech repair tool Log.txt
(543.26 KiB) Downloaded 1240 times
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Do you know what these files are related to?

C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe

VirusTotal says they are goodware, but I know of many goodware programs that change IE's home page and search providers.
An example is Incredimail.

Maybe worth to kill those processes, reset the home page and try again.
Or temporarily move them to the recycle bin, reset the home page and try again.

Also check if there aren't any root/boot kits with TDSSKiller and aswmbr.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

I do know what those are. The first two are something from Nike. She’s a runner and athletic trainer. I don’t know if they are safe or not, but that’s why they are there.
The third one is there because my remote support app can’t see the Dell dock on some computers. That one is safe. I have it on all my dell computers as well as many other Dells.
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Well, you won't loose anything by simply killing the processes to check out.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

What happens if you try to set the home page in the Internet setting applet? Does it succeed?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

I ran TDSSKiller, MalwareBytes Anti-Rootkit and McAfee Rootkit Remover and they found nothing.
I’ll kill those and see what happens.

“What happens if you try to set the home page in the Internet setting applet? Does it succeed?” Nope, it doesn’t. It does not give any error either.
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

IMHO it is a running program that is monitoring the Start page value.

I would also check out the wltrysvc service.
C:\Windows\System32\WLTRYSVC.EXE
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

I wondered about that one too and Googled WLTRYSVC.EXE and it seems to be related to Broadcom Corporation Wireless, so I’m reluctant to kill it because I would be cut off.
.
I killed and it didn’t make a difference.
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Users\Bunny\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Windows\Temp\ShAeroDisabler.exe


When I set default home page in internet option it changes to go.microsoft.com something but when you close it and reopen it, it is changed back to conduit.
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

That is weird.

Please post a new log. this time, before clicking Start scan do the following:
Uncheck Hide all Microsoft files.

Click the text box under Custom to clear its contents and paste the following code:

Code: Select all

 <Reg>
HKCU\Software\Microsoft\Internet Explorer
HKLM\Software\Microsoft\Internet Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

Here it is Fred.
Attachments
Lake George Tech repair tool Log.txt
(2.04 MiB) Downloaded 1133 times
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Thanks. I'm gonna have a look now.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Bill, I'm assuming you already tried setting the IE's start page using UVK, from the Autoruns manager. Is that correct?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

Fred,
OMG! I just figured this out and now feel foolish. :oops: SuperAntiSpyware was keeping the home page from being changed. Somehow it got set to conduit and SAS hijack protection was set, the “display notification when home page changed” box wasn’t check so it wasn’t popping up a warning of the change when it was reset. I don’t know why I didn’t think of that. I discovered this because I started to kill processes one by one and when I disabled SAS it magically was fixed, so I started looking at the SAS settings. I do apologize for wasting your time and thank you for all your help. :roll: Here’s a screen shot with the box that should have been check circled in red.
Bill

Once again, I have learned something today and would think that this won’t happen to me again.
Attachments
Fred.PNG
Fred.PNG (79.17 KiB) Viewed 45140 times
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Can you believe it? I thought about that, launched SAS and couldn't find that option. Didn't search for long, though.

So I thought: Maybe they don't have the option anymore...

Well, glad you figured it out! :)

Can we mark this topic as Solved?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
wmmiller
Posts: 1098
Joined: Fri Dec 07, 2012 6:02 am
Location: Minnesota, USA

Re: Conduit redirect

Post by wmmiller »

Solved it is. :D I really appreciate your taking the time to help me and again apologize for wasting your time.
Bill
Play stupid games….win stupid prizes
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Conduit redirect

Post by Fred »

Oh, you don't have to apologize at all. This happened to you, and could certainly happen to others.

Hopefully other people having the same problem may find the solution in this page.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Post Reply