Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Malawarebytes flags hkcu\software\conduit\ff which appears only after I have started Firefox; how do I get rid of?


Malawarebytes detects and flags the above and says it successfully removes. This appears to be true if I rerun a scan. However it continued to appear in later sessions. I finally think that I have tracked it down to firing up firefox. If I turn on my desktop and just run a scan, all is clean. I load firefox and run a scan and the pup is detected. I did in the past pick up the search facility Conduit but thought I had got rid; there is no outward sign other than the HKCU, and that was months ago.

Additional System Details

Installed Plug-ins

  • Conduit Plugin
  • np-mswmp
  • 5.1.20913.0
  • Shockwave Flash 11.7 r700
  • Next Generation Java Plug-in 10.25.2 for Mozilla browsers
  • VLC media player Web Plugin 2.0.6
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.7
  • Google Updater pluginhttp://pack.google.com/
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers


  • User Agent: Mozilla/5.0 (Windows NT 6.0; rv:24.0) Gecko/20100101 Firefox/24.0

More Information

Aniello 75 solutions 633 answers

You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us!

  • Top 25 Contributor
617 solutions 4263 answers

Helpful Reply

Hello ibru,

  1. In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
  2. Click I'll be careful, I promise!, to continue to the about:config page
  3. type in search field Conduit
  4. reset all preferences with Conduit with right click > reset

thank you

  • Top 10 Contributor
2368 solutions 20966 answers

Conduit creates many "Community Toolbar" extensions, in case you were skipping over one of those thinking it was innocent... check here:

orange Firefox button (or Tools menu) > Add-ons > in the left column, click Extensions

Question owner

Hello Ideato Did as suggested and discovered many entries refering to Conduit. Reset all that would allow me but there were three entries that were not highlighted and susceptible to change. They were defaultsearchurl, searchaddressurl and startpageurl. They had a status of default and type string but also had values beginning search.conduit.com. When I started firefox again, lastnewtabsettings additionally appeared which I could reset and malawarebytes flagged hkcu once again. So problem still exists. Any further suggestions? Would it be safe to simply delete those entries bearing in mind I have very limited understanding of what is going on? Regards

  • Top 10 Contributor
  • Moderator
3197 solutions 24406 answers

What programs do you have installed that you don't recognize as being something you purposely installed?

Control Panel > Add or Remove Programs or whatever its' called in Vista

  • Top 10 Contributor
2368 solutions 20966 answers

Helpful Reply

Hi ibru, if you still have a Conduit-created "Community Toolbar" extension, those preferences will keep coming back. Make sure you've removed the extension.

orange Firefox button (or Tools menu) > Add-ons > in the left column, click Extensions

aj34997 1 solutions 4 answers

In addition to changing the < browser.newtab.url > in < about:config > to the search engine you want to use or the default setting ( described in previous posts ), I removed the Conduit files using "Iobit Uninstaller". It's a free program. It also is one of the tools in "Advanced System Care" program. This will completely remove it. Also, in FF's browser in the right hand side search screen click the down arrow. All the way at the bottom click on "Manage Search Engines". Now, click on the Conduit search engine, then click on " Remove". This should take care of it.

  • Top 10 Contributor
  • Moderator
10762 solutions 96861 answers

You can check in "Windows Control Panel > Programs" for recently installed programs (sort by "Installed on") to see if anything from Conduit or any other suspicious software shows up.