Jump to content



Photo

Conduit Search Engine Virus Windows RT

Answered Go to the full post winrt

  • Please log in to reply
31 replies to this topic

#1 Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 14 November 2013 - 21:21

I inadvertently downloaded the Conduit search engine virus downloading a program. The conduit search engine got onto both my Windows 8.1 laptop and my Windows RT Asus tablet. I ran Malwarebytes on my laptop and got rid of it. However on my Asus Windows RT tablet, it put itself onto Internet Explorer. I reset my Internet Explorer on my Asus VivoRT tablet. Am I safe with Windows RT or should I remove everything and reinstall windows? I ran Windows defender multiple times and it found nothing.



Best Answer webdev511 , 14 November 2013 - 22:22

This is Windows RT though


So that would be the first ever WinRT malware I've ever heard of. If you're on 8.1 on both systems the reason your RT device is going to the bad home page, is because they are synced across devices. Just log all the way out/restart and reset your IE on your RT device. Go to the full post



#2 OP Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 14 November 2013 - 22:04

Could someone please help? I reset Internet Explorer. Am I safe browsing on Windows RT after the conduit engine added itself, or should I completely reinstall remove everything and reinstall Windows?



#3 +LimeMaster

LimeMaster

    LippyZillaD Council ( ͡° ͜ʖ ͡°)

  • Tech Issues Solved: 4
  • Joined: 28-August 10
  • Location: On a laptop
  • OS: Windows 8.1 Pro RTM with Media Center x64
  • Phone: Nokia Lumia 920

Posted 14 November 2013 - 22:10

Scan your tablet using Recuse Disk 10:

http://support.kaspersky.co.uk/4162

 

Assuming your tablet let's you boot from a USB device, then it should work.



#4 OP Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 14 November 2013 - 22:12

This is Windows RT though



#5 AR556

AR556

    Neowinian Senior

  • Joined: 07-August 03

Posted 14 November 2013 - 22:18

I don't think RT is vulnerable yet, but I might be wrong.



#6 Wapoz

Wapoz

    Neowinian

  • Joined: 07-October 13

Posted 14 November 2013 - 22:18

Wut?  How did this infect Windows RT?  I thought you couldn't install any x86 software, or anything for that matter that doesn't come from the windows store...



#7 OP Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 14 November 2013 - 22:20

It put itself on Internet Explorer not Windows RT itself. I found the conduit engine search add on in the "manage add ons"



#8 AR556

AR556

    Neowinian Senior

  • Joined: 07-August 03

Posted 14 November 2013 - 22:21

It put itself on Internet Explorer not Windows RT itself.

But IE is part of RT.



#9 webdev511

webdev511

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 27-December 06

Posted 14 November 2013 - 22:22   Best Answer

This is Windows RT though


So that would be the first ever WinRT malware I've ever heard of. If you're on 8.1 on both systems the reason your RT device is going to the bad home page, is because they are synced across devices. Just log all the way out/restart and reset your IE on your RT device.

#10 +LimeMaster

LimeMaster

    LippyZillaD Council ( ͡° ͜ʖ ͡°)

  • Tech Issues Solved: 4
  • Joined: 28-August 10
  • Location: On a laptop
  • OS: Windows 8.1 Pro RTM with Media Center x64
  • Phone: Nokia Lumia 920

Posted 14 November 2013 - 22:22

I forgot Windows RT was strict with third party solutions. You might want to try these steps to remove it manually:

http://blog.vilmatec...rus-thoroughly/



#11 Wapoz

Wapoz

    Neowinian

  • Joined: 07-October 13

Posted 14 November 2013 - 22:22

Actually, you should be fine.  I reread what you wrote, and you had mentioned you had 2 windows 8.1 machines- The browser settings from your laptop (favorites, homepage, default search engine) more than likely synched over to your Asus WinRT tablet.  Even with those settings changed, you should still be impervious to infection since you're on the ARM version of windows.



#12 Dot Matrix

Dot Matrix

    Neowinian Senior

  • Tech Issues Solved: 5
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 14 November 2013 - 22:23

This doesn't make any sense... 



#13 OP Atomic Wanderer Chicken

Atomic Wanderer Chicken

    Assistant Special Agent Chicken in charge

  • Tech Issues Solved: 5
  • Joined: 20-August 12
  • Location: Black Mesa Research Facility, USA
  • OS: Windows 95 with Microsoft Plus
  • Phone: Motorola MicroTAC Elite

Posted 14 November 2013 - 22:23

I reset IE already and its gone. The sync feature must be the reason conduit add on was also on my Windows RT tablet also



#14 _dandy_

_dandy_

    Neowinian Senior

  • Joined: 07-May 04

Posted 14 November 2013 - 22:24

I'd like to know how it "put itself on IE".  Is this just some script?  It can't be some x86 executable as it wouldn't even have any way to run at all.

 

<edit>

Never mind.  Others are right, synced settings have probably caused this, as changing homepage and crap like that is one of its effects.  I'd say you probably never really had anything actually dangerous running on RT.



#15 Wapoz

Wapoz

    Neowinian

  • Joined: 07-October 13

Posted 14 November 2013 - 22:27

I'd like to know how it "put itself on IE".  Is this just some script?  It can't be some x86 executable as it wouldn't even have any way to run at all.

 

The virus itself didn't change anything on his WinRT machine.  Skydive synch across devices merely mirrored the homepage, search, and addon settings from the Laptop, since his laptop is most likely the main machine on his Microsoft account.  The changes for the most part are only superficial since the actual virus never installed on the RT tablet (and wouldn't be able to anyways).