Sign in to follow this  
Followers 0
Atomic Wanderer Chicken

Conduit Search Engine Virus Windows RT

32 posts in this topic

I inadvertently downloaded the Conduit search engine virus downloading a program. The conduit search engine got onto both my Windows 8.1 laptop and my Windows RT Asus tablet. I ran Malwarebytes on my laptop and got rid of it. However on my Asus Windows RT tablet, it put itself onto Internet Explorer. I reset my Internet Explorer on my Asus VivoRT tablet. Am I safe with Windows RT or should I remove everything and reinstall windows? I ran Windows defender multiple times and it found nothing.

Share this post


Link to post
Share on other sites

Could someone please help? I reset Internet Explorer. Am I safe browsing on Windows RT after the conduit engine added itself, or should I completely reinstall remove everything and reinstall Windows?

Share this post


Link to post
Share on other sites

Scan your tablet using Recuse Disk 10:

http://support.kaspersky.co.uk/4162

 

Assuming your tablet let's you boot from a USB device, then it should work.

Share this post


Link to post
Share on other sites

This is Windows RT though

Share this post


Link to post
Share on other sites

I don't think RT is vulnerable yet, but I might be wrong.

Share this post


Link to post
Share on other sites

Wut?  How did this infect Windows RT?  I thought you couldn't install any x86 software, or anything for that matter that doesn't come from the windows store...

Share this post


Link to post
Share on other sites

It put itself on Internet Explorer not Windows RT itself. I found the conduit engine search add on in the "manage add ons"

Share this post


Link to post
Share on other sites

It put itself on Internet Explorer not Windows RT itself.

But IE is part of RT.

Share this post


Link to post
Share on other sites

This is Windows RT though

So that would be the first ever WinRT malware I've ever heard of. If you're on 8.1 on both systems the reason your RT device is going to the bad home page, is because they are synced across devices. Just log all the way out/restart and reset your IE on your RT device.

1 person likes this

Share this post


Link to post
Share on other sites

Actually, you should be fine.  I reread what you wrote, and you had mentioned you had 2 windows 8.1 machines- The browser settings from your laptop (favorites, homepage, default search engine) more than likely synched over to your Asus WinRT tablet.  Even with those settings changed, you should still be impervious to infection since you're on the ARM version of windows.

1 person likes this

Share this post


Link to post
Share on other sites

This doesn't make any sense... 

Share this post


Link to post
Share on other sites

I reset IE already and its gone. The sync feature must be the reason conduit add on was also on my Windows RT tablet also

1 person likes this

Share this post


Link to post
Share on other sites

I'd like to know how it "put itself on IE".  Is this just some script?  It can't be some x86 executable as it wouldn't even have any way to run at all.

 

<edit>

Never mind.  Others are right, synced settings have probably caused this, as changing homepage and crap like that is one of its effects.  I'd say you probably never really had anything actually dangerous running on RT.

Share this post


Link to post
Share on other sites

I'd like to know how it "put itself on IE".  Is this just some script?  It can't be some x86 executable as it wouldn't even have any way to run at all.

 

The virus itself didn't change anything on his WinRT machine.  Skydive synch across devices merely mirrored the homepage, search, and addon settings from the Laptop, since his laptop is most likely the main machine on his Microsoft account.  The changes for the most part are only superficial since the actual virus never installed on the RT tablet (and wouldn't be able to anyways).

2 people like this

Share this post


Link to post
Share on other sites

It was the IE conduit add on that got onto my IE in Windows RT most likely because of the skydrive sync. Sorry for the confusion

1 person likes this

Share this post


Link to post
Share on other sites

damnit, you know to use a VM when looking at porn.

1 person likes this

Share this post


Link to post
Share on other sites

I was downloading a iso burning tool which put conduit engine onto my laptop, which then synced the conduit IE add on to my IE on my Window RT tablet. So I think everything is fine

damnit, you know to use a VM when looking at porn.

Share this post


Link to post
Share on other sites

I was downloading a iso burning tool which put conduit engine onto my laptop, which then synced the conduit IE add on to my IE on my Window RT tablet. So I think everything is fine

I was just messing with you :)

Share this post


Link to post
Share on other sites

Porn comes on .iso's too! :shifty::laugh:

 

Seriously but, I'm glad you got your issue sorted.

Share this post


Link to post
Share on other sites

I was downloading a iso burning tool which put conduit engine onto my laptop, which then synced the conduit IE add on to my IE on my Window RT tablet. So I think everything is fine

You know Windows has ISO burning built right in since Windows 7? 

 

post-420821-0-55847000-1384468916.png

Share this post


Link to post
Share on other sites

You keep mentioning the "add-on". Did you happen to see the .dll or .ocx filename? Was it truly an add-in that installed, or just that your default search or home page was changed?

-Forjo

Share this post


Link to post
Share on other sites

My laptop has Windows 8 and I must have forgotten

You know Windows has ISO burning built right in since Windows 7? 

Share this post


Link to post
Share on other sites

I think it was the default search that was changed in matter of fact, not an add on

You keep mentioning the "add-on". Did you happen to see the .dll or .ocx filename? Was it truly an add-in that installed, or just that your default search or home page was changed?

-Forjo

Share this post


Link to post
Share on other sites

I think it was the default search that was changed in matter of fact, not an add on

 

That's what I pointed out when I went back and edited my original post, after I realized it just synced those settings from your other infected box.  Again, your RT machine, in all likelihood, never had any malware's binaries running on it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.