Skip to content

How you can get stung in a Flash by Conduit Toolbars

November 15, 2013

There are computer viruses, malware, spyware, and the variously named Conduit Toolbars.

Today I got to once again eXPerience Microsoft’s most venerable, and vulnerable, operating system as I cleaned up the doo-doo after a friend’s update of Adobe’s desktop Flash.

Adobe thinks nothing of letting out-and-out spyware piggyback on it’s Flash installers and updaters; it’s called a “bundled download.” Adobe give you the chance to disallow the third-party ware to install along with Flash,but you have to be paying attention. Lots of people trust Adobe, like my friend did. These days, trusting in Adobe updaters gets you not just Flash, but new Web browser features in the form of the Conduit Search spyware.

An Adobe Flash installer with bundled download. The “decline” button isn’t hidden but…

Conduit is a so-called browser hijacker; it changes browser settings, such as your default search engine, and home page. There are supposedly reports of it blocking access to certain Web pages, and even disabling Internet access, but it’s not considered dangerous, just darned annoying. It’s a bit of a handful because Conduit can install itself in Google Chrome, Firefox, and Internet Explorer, using the appropriate plug-in architecture for each browser; and it comes with so many different names: Conduit, VisualBee, KeyBar, and GreenL!e, to name a few.

My friend only had Firefox and Internet Explorer installed. He had uninstalled Firefox in the hope that he could reinstall it fresh and free of the unwanted spyware. That doesn’t work because the affected bits are configurations and settings external to the application. The new install of Firefox just hooks up to the hijacked externals. Internet Explorer can be uninstalled from Windows XP by a 12-foot drop.

Deleting Conduit’s toolbars and settings means looking in the right places

In all three browsers Conduit changes the default home page displayed on launch. That can be easily changed back to whatever page you want.

Both Firefox and Internet Explorer

Go to Tools > (Internet) Options > General. Replace “search.conduit.com” with the URL of your choice or leave it blank. Click Apply.

Google Chrome

Click the Settings icon — a square of three horizontal lines on the extreme right side of the menu bar — under Appearance click Show Home button, and, well, it didn’t work when I tested Google’s instructions. Feel free to try for yourself.

Conduit also installs plugins for each browser.

Firefox (and Chrome)

In Firefox, in the Tools menu pull-down, choose Add-ons, and then click the Extensions tab. In the list of extensions, single-click/Highlight the MIXI.DJ extension, and click the Remove button.

Internet Explorer

Conduit’s toolbar plugin for IE is installed (and removed) like any other Windows program.  It can go by many names, including “GreenL!e,” and “KeyBar.” In today’s case, it was “VisualBee.”

Windows XP: Go to Start > Control Panel > Add Remove programs. Find items that relate to conduit and KeyBar toolbar, such as search protect by conduit. Click on Remove.

Windows 7/Vista: Go to Start > Control panel > Uninstall a program/Programs and Features. Again look for items that relate to conduit and KeyBar toolbar, as above. Click on Uninstall.

In Firefox, the default search engine can be toggled from the pull down list attached to the search bar on the top right corner of the window. I have to admit I didn’t deal with that in Internet Explorer. You’ll have to search that. I only have so much patience for Windows.

From → Internet, Windows

8 Comments
  1. ~xtian permalink

    Good post. I really don’t miss having to deal with this kind of stuff – although technically any OS you can run Firefox or Chrome on is prone to it.

    Like

    • Ha. Good point. And I was beginning to feel smug on behalf of Linux users. You balloon popper you.

      Like

      • ~xtian permalink

        The Flash exploits that get cooked up for Windows aren’t so much of a worry when you’re on a *nix of course. Thankyou Adobe…

        I don’t remember when I last updated my flashplayer actually. I should check.

        Like

      • So… That really is a picture of a long spoon on your blog; suitable for when you “sup with a devil” such as Adobe?

        Like

      • ~xtian permalink

        HA. Yes something like that. Flash needs hurry up and die instead of lurching ’round the web like a zombie.

        I don’t remember last time I used Acrobat Reader. I stopped using it when it started getting fat and ugly. Now the Windows alternatives are getting fat and ugly too.

        And fortunately I’ve never been a paying customer of Adobe’s so I’ve never had to trust them with any credentials. They got even more egg on their faces than usual losing all those passwords last week.

        Like

      • Adobe and Apple had a close relationship in the early 1990s. It was Adobe’s PostScript page description language, and PostScript Type 1 fonts that made electronic publishing viable. Apple’s adoption of PS underlied the Mac’s dominance in what we first called Desktop Publishing (ugh!). Photoshop, which Adobe bought early on was everything a good program should be. I first bought Photoshop 3 in 1992, but I later experimentally installed Photo Shop 1 on a Mac Classic — just to see. Adobe is now “fat Elvis,” but in it’s day it rocked!

        Like

  2. Hi,
    I followed your steps to remove conduit from Mozilla Firefox but again I am facing the same problem what should I do ?

    Like

    • Hi Lisa. It looks like the Conduit spyware has moved on a bit since I wrote this post in 2013–in fact, Conduit is also now known as Trovi apparently.

      According to many sources, since 2014, a Conduit/Trovi install may include a atandalone Windows application called Search Protect, which appears to restore conduit-specific browser settings. It’s easy to tell if you have this program. Open your Start menu–in the Start menu search box, typing “programs” or “remove” should bring up a direct link to the “Add or remove programs” function in Control Panels.

      In the “Uninstall or change a program window” you will see a scrollable list of all the Windows applications installed on you computer. Clicking on the “Name” title will sort the list alphabetically and clicking on “Installed on” will sort the list by date.

      If you find “Search Protect” in the list of installed applications then, theoretically, you can just highlight it and click “remove”, like the folks at Norton Antivirus suggest, among other things–BUT wait!

      HowToGeek says that if you have the Search Protect spyware, it’s important to first turn off the bad settings from within the Search Protect application itself before uninstalling it. Personally, I would go with HowToGeek, vis-a-vis disabling settings within the spyware first.

      However the Norton instructions include a downloadable “Power Eraser” program, which may make things easier. And Norton’s instructions also cover manually removing the spyware’s program files. It is a dirty secret that the Windows “Remove” function often doesn’t delete a program’s settings and configuration files.

      HowToGeek instructions and Norton Antivirus instructions for dealing with Search Protect by Conduit.

      If you do not have the Search Protect app on your computer then I am at a bit of a loss as to what action to recommend. Please feel free to update me on your progress.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: