HELP! "Conduit" Virus Preventing Game Update

Technical Support
Hello.
Yesterday (5/7/15) while logged in on my main account and in-game, I decided to add the PTR to my account. I added it, but when I went to update it on the client (keep in mind my main account was still open and in-game (idk if it matters or not)), it said "We're having a problem transferring data. Please check your internet connection just in case and try again. More help: BLZBNTAGT000008A", thus preventing me from playing/completing the PTR installation. After trying briefly to fix it yesterday and failing, I decided to just keep playing on my main account which was still logged in.

TODAY I went to log into my main account, and got the same issue now for all my accounts. I contacted blizzard 3 hrs ago via live chat and the rep concluded the virus was from a publisher named Conduit, the virus is supposedly called "SearchProtect" (I will provide the rep's reply at the end of this post). He provided steps to how to manually search/remove the virus, which I followed entirely and found/dealt with some hidden Conduit files. However it is still not working (thought he client IS working faster now, but still giving the same issue. I've ran a scan/repair from the client as well as tried the other solutions the link from the client. Despite my attempts thus far, I am still unable to play. As it is, when I boot up the client, I am instantly logged in to my battlenet as usual, but instead of "Play" it says "Update" but it fails to update.
Does anyone have any suggestions on how to fix this? Here is the reply from the blizzard support rep for reference:

"Greetings!

Thank you for contacting us here at Blizzard Entertainment. In reviewing your system diagnostic files, I found what's the likely cause of the patching issues. There is a program known as Conduit which has been sneaking onto computers more and more over the past few months, which embeds itself like malware and may do things like hijack your web browser's starting page. If you noticed any unusual changes to a browser's default search engine recently, this would be Conduit's doing.

Because of the tenacity of this program, it is far deeper an issue than we are able to address, as removing it requires making changes to the computer outside of the directories where our games install and run from.

If you are comfortable with some advanced troubleshooting, you can search the internet for "how to remove conduit" or "conduit removal steps" for example, and get it cleared up.

If you are not comfortable doing advanced troubleshooting, we would recommend bringing the computer to a licensed technician for removal assistance.

Once again I thank you for contacting us, if you ever are in need to assistance with any other issue please feel free to contact us at any time."
1. Use an antivirus
2. System Restore
3. Don't download just any program from the Internet.
it wasnt any program. it was the PTR directly from battle.net
and ive used a total of 3 anti viruses + 1 tool which all failed to locate the hidden Conduit files. 3 of the anti-virus programs were refered from the rep and found on battle.net
Lets see if i can help. The first thing you need to do is uninstall all the crap that conduit put on. (its a browser hijacker not malware). Go to control panel and add/remove programs. If you see anyprogram that you do not recognise, uninstall that !@#$. There may be up to 3 or 4 programs. Anti virus doesnt do anything to these things, you have to go in and uninstall them by hand. After you uninstall make sure you go t o your browser and change it to default cause conduit usually screws it up. After this you should be golden.
Wellp, first things first you should try removing this program all together.


1) Press the Windows + R to open the Run dialog box.
2) Type in the following text, and then press Enter.
appwiz.cpl
3) In the list of currently installed programs, click Search Protect, and then click Remove or Uninstall.
4) Follow the on-screen instructions.
5) When the uninstall completes, restart the computer.


For more information, Norton has a guide on how to completely remove this entire program (although, you can skip step 1, as step 1 is relatively pointless)
https://support.norton.com/sp/en/us/home/current/solutions/v96233795_EndUserProfile_en_us

Step 3 from Norton will teach you how to uninstall all of it's application data that might not get removed on the 'uninstall conduit'. So make sure you atleast look it up.

note: it can also be found in Control Panel -> Programs -> uninstall program
for me it's directory is Control Panel\Programs\Programs and Features.

Once this is removed, I advise going online and finding an anti-virus tool. There are some free ones such as AVG anti-virus. You could simply google an antivirus that you want.

Then run a complete/whole computer scan to ensure you have no adware/malware anywhere on your computer.

Then create a backup of your computer incase you ever get a bad bug again you can just restore from this point. You can google how to do that; if you're running Windows 8 you can literally just hit windows -> click the search icon in the top right -> and type "backup" and it will bring you to where you can back it up.
^
05/08/2015 01:39 PMPosted by Widowmaker
t wasnt any program. it was the PTR directly from battle.net
and ive used a total of 3 anti viruses + 1 tool which all failed to locate the hidden Conduit files. 3 of the anti-virus programs were refered from the rep and found on battle.net


Frist, I'd like to clear something up. If you believe that a virus came directly from battle.net then you are extremely mistaken. Secondly, you were told how to clean this virus up...I'll remind you below.

Because of the tenacity of this program, it is far deeper an issue than we are able to address, as removing it requires making changes to the computer outside of the directories where our games install and run from.

If you are comfortable with some advanced troubleshooting, you can search the internet for "how to remove conduit" or "conduit removal steps" for example, and get it cleared up.


The Blizzard rep also advised you that if you are not comfortable, that you should take your PC to a technician's shop and have this virus removed.

So the way I see it, you have two options:

1.) Remove the virus yourself

or

2.) Take your PC to a computer shop to have the virus removed.

The lesson from this is that you will need to be extremely careful of what you are downloading, what emails you are opening, and or what websites you are visiting. This virus did not come from battle.net.
I appreciate the advice but that was the first thing I tried. There was no trace of any unknown programs or any related to the virus. According to 2 reps I spoke to today, they say this particular Conduit virus is "notorious for being resilient and well hidden".

Aside from that step and those suggested from the help link, the rep suggested I google steps to find and manually remove the virus (since its a 3rd party blizzard couldnt be of assistance in the steps themselves of course). Here is the link which I found on google, which was suggested by the blizz rep and I followed precisely
https://support.norton.com/sp/en/us/home/current/solutions/v96233795_EndUserProfile_en_us
05/08/2015 01:53 PMPosted by Arlaesa
This virus did not come from battle.net.

I'm not saying it did IN FACT come from battle.net but I AM saying its quite a coincidence that I have not been going to any unusual websites/links and that WoW has been working perfectly fine for months up until I went to battle.net and added the PTR to my account. The rep himself said it was curious too.
If it helps, I'll tell you this right now.

Battle.Net does not have Conduit or any other toolbars associated in it's download. They primarily go through the Battle.Net client to apply virtually all of their updates.

There are other programs that do add additional programs onto your computer, most commonly in the "express install". If your downloading say, Java, and it has the option of a express download or a custom download, choose the custom download. The custom download is literally just the express download but you can check off whatever toolbar or other program it wants to install too.

Search Protect by conduit is pretty much found on free downloads. Like if I were to be like "hey, I want to download Death Note from this website. Express install? okay *installs search protect so I can't edit my browser*; blocks ports, etc. It's a Browser Hi-Jacker (basically used to get more hits on their website to get more ad revenue). Another common one is Ask Toolbar.
Conduit actually is not a virus its adware. It is packaged with many " free " software packages you can download. There are many different flavors of there software. below is lava softs instructions on how to remove it.

http://lavasoft.com/mylavasoft/company/blog/how-to-remove-search-protect-by-conduit-ltd
05/08/2015 02:06 PMPosted by Northernlite
Conduit actually is not a virus its adware. It is packaged with many " free " software packages you can download. There are many different flavors of there software. below is lava softs instructions on how to remove it.

http://lavasoft.com/mylavasoft/company/blog/how-to-remove-search-protect-by-conduit-ltd

This is more detailed information similar to the steps I followed from the google link:

https://support.norton.com/sp/en/us/home/current/solutions/v96233795_EndUserProfile_en_us

With your link however, I did locate more Conduit files and deleted all I could find, and checked 3x after that.
Unfortunately, it is still not working... I dont think theres any way I could have missed any now.

I'm considering doing a system restore now, will that fix it?
List the programs that you have installed. Control Panel > Uninstall for the listing.
Well, I have definitely removed every trace of Conduit and Search Protect. its still not working so I guess im just going to do a system restore :(

I still think its has something to do with the PTR but whatever. definitely the last time I ever try to add a PTR. ughhhh :(
05/08/2015 03:16 PMPosted by Widowmaker
Well, I have definitely removed every trace of Conduit and Search Protect. its still not working so I guess im just going to do a system restore :(

I still think its has something to do with the PTR but whatever. definitely the last time I ever try to add a PTR. ughhhh :(


Knowing what Conduit installed could help. My guess is your proxy settings were changed so you're having trouble connecting to WoW. The ptr or live WoW didn't and wouldn't do that.

Rule of thumb nowadays is don't download any free programs from the Internet unless you accept the risk of getting crapware loaded too.
this gives you the links to how to restore your host file. ignore that top half way down is the links for windows 7 and wind8/8.1

https://support.microsoft.com/en-us/kb/972034
05/08/2015 03:16 PMPosted by Widowmaker
Well, I have definitely removed every trace of Conduit and Search Protect. its still not working so I guess im just going to do a system restore :(

I still think its has something to do with the PTR but whatever. definitely the last time I ever try to add a PTR. ughhhh :(

Has zero to do with installing the PTR.

conduit will try to install its self over and over again once downloaded. the tool bar it adds to your browser will also try to reinstall. Its a nasty piece of adware It probably was already on your machine and reinstalled its self while PTR was installing. .
stop spam clicking next when you install things. take time to read each page and uncheck the extra toolbars and browser hijacking software that comes with it
05/08/2015 02:51 PMPosted by Widowmaker
05/08/2015 02:06 PMPosted by Northernlite
Conduit actually is not a virus its adware. It is packaged with many " free " software packages you can download. There are many different flavors of there software. below is lava softs instructions on how to remove it.

http://lavasoft.com/mylavasoft/company/blog/how-to-remove-search-protect-by-conduit-ltd

This is more detailed information similar to the steps I followed from the google link:

https://support.norton.com/sp/en/us/home/current/solutions/v96233795_EndUserProfile_en_us

With your link however, I did locate more Conduit files and deleted all I could find, and checked 3x after that.
Unfortunately, it is still not working... I dont think theres any way I could have missed any now.

I'm considering doing a system restore now, will that fix it?


Probably not. In fact, if you had a virus, then all your restore points are now corrupted and should be immediately removed, because it will hide itself in the restore files and use it to restore itself. Anytime you get any malware on your PC, the FIRST thing you do is turn off system restore and delete all restore points, and do not turn it back on until you are 100% sure that the virus is gone.

System restore will not fix it, nor will it remove the virus. If you think you've removed it and things are still not working properly, I hate to break it to you but it's time to reformat and reinstall Windows. If you haven't tried it yet, you should try Malwarebytes as a last resort, but if it doesn't fix it then your Windows install is probably corrupted to the point of not being fixable.
You can also try windows safety scanner.

http://www.microsoft.com/security/scanner/en-us/default.aspx

Join the Conversation

Return to Forum