Adware Reports malware removal guides and threat research Updated security instructions for Windows users
Home/PUA
Threat report

Win32:Conduit-AR [PUP] (file analysis)

Published Apr 20, 2024 PUA category 2 min read
Report context

What to verify before removal

This pua entry is most useful when Win32:Conduit-AR [PUP] (file analysis) appears after a software bundle, browser extension install, or unwanted system utility. Treat it as moderate risk until you confirm whether the alert is tied to browser settings, scheduled tasks, or a persistent updater.

Start by comparing the local file name with D73494EFF437CEF221E4.mlw, then review the behavior notes for bundled installers, browser policy changes, notification abuse, and unwanted startup entries. This helps separate a matching detection from a different file that only shares a similar alert name.

Observed file
D73494EFF437CEF221E4.mlw
  • Compare the suspicious file name with D73494EFF437CEF221E4.mlw.
  • Confirm the detection name matches Win32:Conduit-AR [PUP] (file analysis) before removing related files.
  • Review the report for bundled installers, browser policy changes, notification abuse, and unwanted startup entries so the cleanup is based on observed behavior, not only the label.
  • Remove the unwanted app, reset affected browser settings, and check extensions before reconnecting accounts.

The Win32:Conduit-AR [PUP] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

What Win32:Conduit-AR [PUP] virus can do?

  • Sample contains Overlay data
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32:Conduit-AR [PUP]?



File Info:

name: D73494EFF437CEF221E4.mlw
path: /opt/CAPEv2/storage/binaries/fd564cd1cddf9661850196bafd5d8de237ffac2ef4fbbe3969e3945959b9fd77
crc32: FFEB66A0
md5: d73494eff437cef221e4b13a7c9e2ced
sha1: a9bf44ec4670aa2b61bd45065e10cc9fd708c405
sha256: fd564cd1cddf9661850196bafd5d8de237ffac2ef4fbbe3969e3945959b9fd77
sha512: 8f15271c76942f0ea913ef8d8bac9916e331f0c37ff57c9dc3c36c7e0a3eee4215e363d3133571ddea81b0eff9ad8036e5efe636316b88f11e079bcb6dd6dc0e
ssdeep: 12288:rnbTsk066P2YDqTcEZiP2rzckTW2/UP9cHdnbRSHT9NBO:okjZie3ckTb/R2Hhm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T129F4C7A4271ECE2EDB612DF159AC4F0F607C58EA03A52AC7D3D41A2B19B19C31B33957
sha3_384: 8cd2f016f0b11db07c7aa42330c481a6fc4869d4c3136ed6e9fa42fec0dd9f8903dd820655c92365eca4198fe3b5166a
ep_bytes: e858f30000e9000000006a1468e8a34c
timestamp: 2014-06-18 15:31:46


Version Info:

0: [No Data]

Win32:Conduit-AR [PUP] also known as:

Bkav W32.AIDetectMalware
DrWeb Adware.Conduit.513
Skyhigh BehavesLike.Win32.Generic.bh
McAfee Artemis!D73494EFF437
Sangfor Adware.Win32.Conduit.V5oi
NANO-Antivirus Riskware.Win32.Conduit.ejnyfx
Avast Win32:Conduit-AR [PUP]
Zillya Adware.SearchProtect.Win32.968
Jiangmin WebToolbar.Agent.fs
Microsoft PUAAdvertising:Win32/Conduit
Rising Trojan.Generic@AI.100 (RDML:hwx5fnKB4vZlt1xYh5S+NA)
Ikarus PUA.Toolbar.Conduit
AVG Win32:Conduit-AR [PUP]
DeepInstinct MALICIOUS

How to remove Win32:Conduit-AR [PUP]?

Recommended second-opinion scan

Verify the infection before changing system settings

Use GridinSoft Anti-Malware to run a full scan, review detected persistence entries, and quarantine confirmed threats before restarting Windows.

Download GridinSoft Anti-Malware
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.