Today we got a popup message from AVG which is installed on a computer. It indicates “Your Internet service provide (ISP) is hoarding your personal data.” This is a privacy issue.
(2016 Updated, the below case was happened on Windows 7, but should be happened on your Windows 8/10. )
If you open a webpage and you see an advertise panel comes out on the left of screen with a letter “T” title; or sometimes when you open a store website and you are unexpected to access to a survey web page, which asks you to fill some survey questions, and then you see another shopping page which list many cheap items on it, you are mostly encountered a virus-type program named Topic Torch.
Topic Torch is an annoying program when people visit webpages, though I do not think it is a real virus because it is easy to remove (you can uninstall it), but some experts defined it as a virus because it bothers computer users and comes inexpertly.
Our computer was used by kids, they installed any software when they were interested in them. So sometimes our computer running strange software, or got strange system running status.
This time is Google default searching engine. Actually we first found Windows running slowly, especially when we ran web browsers like Google Chrome. And, when we try to search something without input the keywords in Google directly, the Chrome accessed with a strange searching web page.
So we opened the Chrome settings, we saw the the default search engine was set to a strange search engine named Conduit (actually we found there is Conduit introduction information on Wikipedia later):
We tried to remove it so we clicked Manage search engines… button, we saw the search.conduit.com engine:
Now you can not remove it since it is Default search engine. so go back to main Chrome setting screen, change current search engine to other one such as Google:
(The following scree shot was took after we moved conduit search engine so you can not see it in the list):
and click Manage search engines button again to back to this screen, now you can remove Conduit search engine with clicking the X icon on the right:
By now we have tried several times, we felt Conduit is not a virus but just annoying.
Another important step:
In case of you have not uninstall the Conduit, and you want to uninstall it, just go to Windows Uninstall Program control panel and uninstall any program is about Conduit:
Since we have removed Conduit related software before so the following screen shot was from internet, not ours:
Recently we met a strange problem: when we tied to open a new webpage using Chrome browser, it always popup a strange advertise page first, no matter what the new web page which we opened is. for example, even we just tried to open a Google news page, the same adv page still came.
And, today, when we tried to open a webpage which we are using daily, it is a stable page without any adv popped up before. but we saw the following error message:
Danger: Malware Ahead!
Google Chrome has blocked access to this page on botcrawl.com.
Content from topictorch.netseer.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion. Learn more
So we know now there must be a malware in our PC system now. then we searched on Google, found the main topic were about a software Yontoo which was from Yontoo LLC company.
See here, Yahoo answer, a friend named Brandon:
I just fixed this. You must have installed something. Maybe a toolbar, or downloaded something. I uninstalled Yontoo and it fixed it no problem
Check your installed programs.
Start Button>Control Panel>Uninstall Programs (For Win7)
Once you uninstall whatever it is it should fix this.
So we went to Control Panel and saw we really have a Yontoo software installed:
Then we uninstalled it right away, but when you uninstall it, please know you have to check on the right option to remove this not nice software, see below: you have to choose the bottom option, otherwise you will find the Yontoo still there. Also, you have to close your web browser also !
Again, please close your web browser when you uninstall Yontoo.
After you uninstall Yontoo, you will see your problem gone.
IF you found your computer gets the the following problems, please beware of your computer most like is infected by a super virus !!
A windows XP SP2 PC, one day when it was booted up and was found the following problems:
1: User could not access to internet, Local network icon with a tooltip message : local network limited or no connectivity;
2: The firewall could not turned on – click button to turn on, no worked;
3: ICS service can not start: Even you go to Control Panel and try to start the service Windows Firewall/Internet Connection Sharing (ICS) Service by manually, it still did not work;
We checked lots of related resolving method such as Release socket, and also installed several virus clean tools, but nothing was helpful.
Finally we found right place to get the resolving solution: It is because a super virus ! Rootkit tdl3 !!
About Rootkit virus information, we will find more information later to post, here we just give the information how to clean this virus.
There are many of various Rootkit viruses, so maybe your computer inflected by another kind of Rootkit, but our information is for reference.
Actually, all we need is just downloading a great tool: Combofix.exe (if you installed Combofix.exe before, you should uninstall first and then use it again.) , Please put this tool directly to your desktop , DO NOT put in any other folder.
OK, actually the detail information should from here (Derek Microsoft MVP/Windows – Security ), Please read carefully before your use Combofix tool !!
For your convenient, I copied part of Derek’s post to here below:
Delete any existing version of ComboFix you have sitting on your desktop
**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Close any open browsers and any other programs you might have running
****Note: Do not mouseclick combofix’s window while it’s running. That may cause it to stall or freeze ****
Actually, our computer has lost the internet connection, so when Combofix.exe asked us “Recovery console is not installed, do you want to install?”, we selected Yes but of course it could not download anything, but doesn’t matter, you can still continue.
After 2 times reboot during Combofix.exe working, finally the Rootkit tdl3 virus gone away from our computer, The firewall was on again, and internet connections recovered again. Thanks Combofix.exe and Derek !
Hope this article is helpful for you ! Good luck !
(There is also another tool : GMER)