A while back in this post I wrote about the plague of malicious toolbars, browser hijackers, browser add-ons, and browser extensions. One of the most prominent of these insidious, unwanted programs is a little gem called Conduit.
Conduit is a browser hijacker, which is promoted via other free downloads, and once installed will add the Conduit Toolbar which will change your browser homepage and default search engine to search.conduit.com.
Conduit Search will display advertisements and sponsored links in your search results, and may collect search terms from your search queries. The Conduit infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.
Conduit it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.
Many times after I remove Conduit, I get the following RunDLL “Error loading…” message on boot up:
This is because a Conduit orphaned registry entry still remains (even after removal), and is telling Windows to load the file upon boot up.
Here is the fix:
1. Go to Start > Control Panel > Administrative Tools.
2. Open Task Scheduler and click on Task Scheduler Library.
3. Look through the list for an entry related to BackgroundContainer.
4. If found, right-click on it and select Delete.
5. Exit all programs and reboot the computer when done.
Professor Randy says: Be extra cautious when downloading third-party browser add-ons, extensions, plugins, toolbars, browser helper objects, and generally most software. Conduit may “come along for the ride”.