Malware

AdWare.Win32.Conduit.ctb (file analysis)

Malware Removal

The AdWare.Win32.Conduit.ctb is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.Conduit.ctb virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Attempts to modify Internet Explorer’s start page
  • Drops a binary and executes it
  • Uses Windows utilities for basic functionality
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Creates a hidden or system file
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings

Related domains:

www.fullscreensavers.com
www.bing.com

How to determine AdWare.Win32.Conduit.ctb?



File Info:

crc32: 38BF82C3
md5: 6f0d2edbc4e2005272621a45c2ab674d
name: fire.exe
sha1: 78eb5805c1db257f610ee4e07eb07d80b354bffb
sha256: ce5138a585fef2d421bee5112ec220f3439fee0fd78ea7479ce41a961aefefe4
sha512: c40df6c57641f2199cac51cb2845149dc1d40c3d48b3765495b439b9acf527c4e533982497a4ea52a61eaa69ed1fd887878dd8c5a2a8cc24c42b661422ed46cd
ssdeep: 393216:6BxUBLE4CxeIRPfES7lxx5chO1cCczzRvTywhGL:6wVE4qhRPfj715cajcBenL
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright:                                                                                                     
FileVersion:                     
CompanyName: FullScreensavers.com                                        
Comments: This installation was built with Inno Setup.
ProductName: Fire Screensaver                                            
ProductVersion:                     
FileDescription: Fire Screensaver Setup                                      
Translation: 0x0000 0x04b0

AdWare.Win32.Conduit.ctb also known as:

GDataWin32.Adware.Conduit.B
Kasperskynot-a-virus:AdWare.Win32.Conduit.ctb
NANO-AntivirusRiskware.Win32.Conduit.enpell
AegisLabTrojan.Win32.Generic.4!c
DrWebAdware.Conduit.37
EmsisoftApplication.Toolbar (A)
Antiy-AVLRiskWare[WebToolbar]/Win32.Conduit.b
ZoneAlarmnot-a-virus:AdWare.Win32.Conduit.ctb
MicrosoftPUA:Win32/Vigua.A
VBA32SigAdware.ConduitLtd
ESET-NOD32a variant of Win32/Toolbar.Conduit.B potentially unwanted
RisingPUF.Conduit!8.122 (TOPIS:E0:WETiQTapZhB)
FortinetRiskware/Toolbar_Conduit

How to remove AdWare.Win32.Conduit.ctb?

AdWare.Win32.Conduit.ctb removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment