Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Malawarebytes flags hkcu\software\conduit\ff which appears only after I have started Firefox; how do I get rid of?

  • 8 replies
  • 50 have this problem
  • 2 views
  • Last reply by cor-el

more options

Malawarebytes detects and flags the above and says it successfully removes. This appears to be true if I rerun a scan. However it continued to appear in later sessions. I finally think that I have tracked it down to firing up firefox. If I turn on my desktop and just run a scan, all is clean. I load firefox and run a scan and the pup is detected. I did in the past pick up the search facility Conduit but thought I had got rid; there is no outward sign other than the HKCU, and that was months ago.

Malawarebytes detects and flags the above and says it successfully removes. This appears to be true if I rerun a scan. However it continued to appear in later sessions. I finally think that I have tracked it down to firing up firefox. If I turn on my desktop and just run a scan, all is clean. I load firefox and run a scan and the pup is detected. I did in the past pick up the search facility Conduit but thought I had got rid; there is no outward sign other than the HKCU, and that was months ago.

All Replies (8)

more options

You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.


Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us!

more options

Hello ibru,

  1. In the Location bar, type about:config and press Enter. The about:config "This might void your warranty!" warning page may appear.
  2. Click I'll be careful, I promise!, to continue to the about:config page
  3. type in search field Conduit
  4. reset all preferences with Conduit with right click > reset

thank you

more options

Conduit creates many "Community Toolbar" extensions, in case you were skipping over one of those thinking it was innocent... check here:

orange Firefox button (or Tools menu) > Add-ons > in the left column, click Extensions

more options

Hello Ideato Did as suggested and discovered many entries refering to Conduit. Reset all that would allow me but there were three entries that were not highlighted and susceptible to change. They were defaultsearchurl, searchaddressurl and startpageurl. They had a status of default and type string but also had values beginning search.conduit.com. When I started firefox again, lastnewtabsettings additionally appeared which I could reset and malawarebytes flagged hkcu once again. So problem still exists. Any further suggestions? Would it be safe to simply delete those entries bearing in mind I have very limited understanding of what is going on? Regards

more options

What programs do you have installed that you don't recognize as being something you purposely installed?

Control Panel > Add or Remove Programs or whatever its' called in Vista

more options

Hi ibru, if you still have a Conduit-created "Community Toolbar" extension, those preferences will keep coming back. Make sure you've removed the extension.

orange Firefox button (or Tools menu) > Add-ons > in the left column, click Extensions

more options

In addition to changing the < browser.newtab.url > in < about:config > to the search engine you want to use or the default setting ( described in previous posts ), I removed the Conduit files using "Iobit Uninstaller". It's a free program. It also is one of the tools in "Advanced System Care" program. This will completely remove it. Also, in FF's browser in the right hand side search screen click the down arrow. All the way at the bottom click on "Manage Search Engines". Now, click on the Conduit search engine, then click on " Remove". This should take care of it.

more options

You can check in "Windows Control Panel > Programs" for recently installed programs (sort by "Installed on") to see if anything from Conduit or any other suspicious software shows up.