"Uninstalling Conduit SearchProtect deletes NTLDR making Windows XP Unbootable"

[Doggy Daddy]

"Uninstalling Conduit SearchProtect deletes NTLDR making Windows XP Unbootable" according to a post on Bleeping Computer at http://www.bleepingcomputer.com/forums/t/522327/uninstalling-conduit-searchprotect-deletes-ntldr-making-windows-xp-unbootable/.

I ran into this whilst looking for info on that particular malware after finding it on my Win7 machine.  If you have it, do not uninstall it from add/remove programs.  Use a third party cleaner such as AdwCleaner.  Do NOT reboot until it is properly removed from an XP machine, or your computer will become unbootable.  Check the link above for details.

[Jocassee]

That is nasty.

[Regolith]

I had to extract that *expletive deleted* thing off my father's Vista machine a couple weeks ago. It digs in hard.

You have to use three or four different programs to nuke it, and you have to run them in the correct order. I'll see if I can find the instructions...

Ok. here's the basic instructions:

http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/

I also had to use the Junkware Removal Tool, as stated in this one (it's done after running AdwCleaner but before MalwareBytes): http://www.fixyourbrowser.com/removal-instructions/remove-pup-optional-conduit/

I didn't run into the problem with it destroying the NTLDR when I removed it via the Add/Remove Programs, but as I said it was a Vista machine, not XP. That may make a difference.

So basically:

1) Run AdwCleaner
2) Run Junkware Removal Tool
3) Run MalwareBytes.

I never did run Hitman, as it says in the first link, because the first three seemed to have done the job. If you don't run it in that order, anything Malwarebytes does will be undone pretty much instantly, as it's the first two that nukes the part of the program that replicates it and keeps it on your machine no matter how many times you try to delete it.

[Doggy Daddy]

I'm in the midst of a tight work schedule this week, so I was just able to throw up that post while I was dealing with the infection and trying to take care of real life.  I ran Malware Bytes, and this morning it appears to be gone and the laptop rebootable.  I'll probably be dealing with it more after work.

[Regolith]

I'm in the midst of a tight work schedule this week, so I was just able to throw up that post while I was dealing with the infection and trying to take care of real life.  I ran Malware Bytes, and this morning it appears to be gone and the laptop rebootable.  I'll probably be dealing with it more after work.

Do another scan to be sure. I'd run malware bytes, "kill it", run another scan and it'd be back.

[Doggy Daddy]

^^^^  I will, but it'll have to wait til after work.  It's about 4 a.m. now, and I gotta get moving soon.

[BryanP]

Do another scan to be sure. I'd run malware bytes, "kill it", run another scan and it'd be back.

I haven't seen this one yet, but I've run into a couple where I finally threw up my hands, backed up all the user data and did a full wipe & reinstall.  This is why now whenever a family member asks me to help them set up a new laptop I get everything set up Just So, then make an image backup to an external hard drive that stays in my house.  Then when I get the inevitable call it's much easier to "fix"  .  If after an hour or so of monkeying with it I can't get everything working again I boot a rescue CD, back up all their files and restore the image.

[Regolith]

I haven't seen this one yet, but I've run into a couple where I finally threw up my hands, backed up all the user data and did a full wipe & reinstall.

I came very, very close to doing that. But running the three different programs did the trick.

Good thing too, because I'm not sure if there's even a recovery disk for that machine, let alone a real Vista install disk.

[Perd Hapley]

I had to extract that *expletive deleted* thing off my father's Vista machine a couple weeks ago. It digs in hard.

You have to use three or four different programs to nuke it, and you have to run them in the correct order. I'll see if I can find the instructions...

Ok. here's the basic instructions:

http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/

I also had to use the Junkware Removal Tool, as stated in this one (it's done after running AdwCleaner but before MalwareBytes): http://www.fixyourbrowser.com/removal-instructions/remove-pup-optional-conduit/

I didn't run into the problem with it destroying the NTLDR when I removed it via the Add/Remove Programs, but as I said it was a Vista machine, not XP. That may make a difference.

So basically:

1) Run AdwCleaner
2) Run Junkware Removal Tool
3) Run MalwareBytes.

I never did run Hitman, as it says in the first link, because the first three seemed to have done the job. If you don't run it in that order, anything Malwarebytes does will be undone pretty much instantly, as it's the first two that nukes the part of the program that replicates it and keeps it on your machine no matter how many times you try to delete it.

Wait, what virus were you trying to remove? The SearchProtect thing, or Vista?