Any way to stop CONDUIT Virus...got right past COMODO.

OK, symantics the proper term is “Shared Spaced” which I used by the book from Comodo, see below:

Virtual Kiosk at a glance:

The kiosk can run any program that you can run in regular Windows and is particularly useful for browsing the Internet in a secure manner.

Any changes made to files and settings in the kiosk will not affect the original versions on your host system.

Changes will only be visible in the Kiosk itself.

Similarly, any changes made by malicious programs or unstable beta software will not damage your real computer.

Any files you wish to keep and access from your host operating system can be saved to ‘Shared Space’.

The Virtual Kiosk can be password-protected for added privacy.

The virtual keyboard allows you to securely enter confidential passwords without fear of key-logging software.

The kiosk UI can be used in both ‘Classic’ (Windows style) and ‘Tablet’ modes by selecting the mode from the Settings.

You can reset the kiosk and clear shared space at any time.

Okay, I believe that a file run from the Shared Space folder can run on the real computer. Thus, by running the file in the Shared Space you effectively accidentally negated the protection offered by the virtualization and ran the file on your real computer.

For the future remember that anything run in the Shared Space folder has access to both the virtual computer and the real computer.

The real problem is the fact it went UN-detected, No Malware or Virus warnings, isn’t that what you are selling?

Furthermore:

The kiosk can run any program that you can run in regular Windows and is particularly useful for browsing the Internet in a secure manner.

Any changes made to files and settings in the kiosk will not affect the original versions on your host system.

Changes will only be visible in the Kiosk itself.

Similarly, any changes made by malicious programs or unstable beta software will not damage your real computer.

If you’ve found something that isn’t being detected, you can report it.

How to Report Malware to Comodo

Yep.

However, the Shared Space folder is not inside the sandbox. (Kiosk) It is a mediator between the physical and virtual environments.

The Shared Space folder is where you would download something from within the sandbox that you wish to run on your normal (physical) system. If you wish to run something inside the Kiosk, you have two options.

From inside the Kiosk, download the file to the desktop and run it. The Kiosk’s desktop is virtual, and the text that you have quoted applies.

From outside the Kiosk, place a file inside the Shared Space folder, then enter the Kiosk and move the file from the Shared Space folder to the desktop in the Kiosk and run the file. This way, the text you’ve quoted also applies.

Running the file from the Shared Space folder will not have the protections of the sandbox because it is outside the virtual environment. Therefore, the text you have quoted does not apply.

Edit: For clarification, the automatic sandbox still reacts to files run from the Shared Space folder, but the file is no longer inside the virtual environment.

I think what is most important is that Comodo simply did not detect the virus / malware and from there no further steps would be required, had I know I would have deleted immediately.

The file was run within Shared Space and looks to have found a way out via the Goggle Chrome SYNC mode.

This may be why even Norton cannot get rid of it, this from them not me.

I’m going to put this to bed, will just keep eyes peeled for a way to trash the Conduit virus since it is very wide spread use.

As already mentioned, Shared Space is outside of the sandbox. Anything run from this folder will not be virtualized. As such, it doesn’t need to “find its way out”, because it is already out.

And finally… NO WARNING… NO DETECTION…what good is COMODO Anti Virus?

Pretty ■■■■ good these days, actually.

However keep in mind that by definition an AV solution is always behind on the facts and added to that the enormous amounts of malware being produced over the past 6 or so years no AV solution can keep up and any given point in time…

I just downloaded vistart and scanned the installer with CIS and it found Viupdater to be suspicious. See attached image.

[attachment deleted by admin]

Conduit search is more of potentially unwanted software rather than dead on malware, which is probably why it wasn’t detected, also remember that no anti-virus can detect all viruses.

First, the Conduit Search Virus is not new and has been around for years while being very wide spread and damaging, just type it into Google (Conduit or Conduit Search) and see the large number of users looking for solution’s, it is not like this is a minor or new problem.

Second, Comodo AV’s job is to stop or warn of danger without tweaked settings in CIS before it becomes a problem and it’s job is to tell you that up front and not by going here and there and doing this and that.

Comodo needs to dump the excuses and offer a real workable answer to a large problem.

???

What excuses has Comodo made?

All the responses in this thread by “Comodo” representatives.

Ah, sorry for the misunderstanding… :embarassed:

We forum moderators are users just like yourself. We are not employees or representatives of Comodo. Anything we say is strictly our own opinion. We cannot and do not speak for Comodo. I apologize if you felt otherwise.

That said, I’m unaware that any of us moderators have made any excuses either. My contribution to the thread was merely pointing out that nothing escaped the sandbox virtualization because you had placed the file in a non-virtualized folder and ran it from there. I wasn’t trying to justify anything, merely pointing out the way the Shared Space folder in CIS functions.

As for the missed detection, CIS should have still reacted as it would for any other file. The alert Eric posted seems to suggest that this malware (or perhaps potentially unwanted application) should have given you an alert. So perhaps you encountered a variant. Did you submit it as I suggested in a previous post?

Maybe you could give some information on how you have comodo configured.
Perhaps your av settings.

You have not so far given any of this info and you may be running comodo mis-configured.

FYI the comodo av is very good these days.

Thanks.

Please check thread before asking questions already covered.

I would not wait until i get protected by a definition or something else, while installing things.

My guess about what happened is:

  1. Running browser with sync in kiosk.
  2. Kiosk may work or not… BUT,
    as the browser sync seems to be involved, the saved sync on an external server is obviously not sandboxed. So it might appear as if the kiosk does not protect, once you loaded the browser outside of the kiosk and it synced.

If i cant find a trusted source of a trusted file, i tend to find informations or drop the idea to install something.

There will never be 100% protection. So filter out as much as possible. That way you most likely dont have to worry about the undetected %.

Whoever had that problem, I had a similar issue. I was planning to install cfw but I don’t like the NEW cis_premium, but the solution was using SuperAntiSpyware Free and it cleaned it out. Darrell

Can you please explain how it got on your computer? For example, was it included in an installer for something else you had meant to install? If so did you accidentally allow it when you allowed the installer?

Also, was it run on the real computer or in the Fully Virtualized Sandbox?

Thank you.

Did it get installed together with a free application? They sometimes bring in those “goodies”.

Conduit.com is an online search engline which has a browser toolbar, which supposedly is “powered by the community”. The search engine is somewhat similar to search engines like Google or Bing, just it is smaller. Is Conduit malicious?

No, it’s not. But the fact is that the browser toolbar which they promote makes some unauthorised changes to your browser settings, which changes your start page without your approval. Additionally, users report that it installs into the computer without user consistence. No wonder why people think that it’s more like a browser hijacker or redirect virus, instead of a normal addon. If you’re constantly redirected to search.conduit.com, you’re infected with this browser hijacker.
I’m infected. How to remove conduit.com redirect virus?

You can get infected with Conduit by installing various free applications. For example search.conduit.com is installed with VUZE, popular file sharing program and infects even MAC browsers, primarilly firefox.
For advanced computer users we advise to type into Firefox url field: about:config. Browser will warn you that you should know what you are doing. After type: “conduit” in the search field and “reset” all values you found. That should remove hijacked search results.

Although conduit.com isn’t a malware, but it’s frustrating to remove it. The browser helper object removes normally, via Add/remove programs in control panel, but the toolbar has to be removed manually, or with automatic software. Manual removal might be tricky, so we would recommend using a reputable anti-malware software to make sure your PC stays clean and fresh. In this case, try running a full system scan with Defender Pro Ultimate Security Suite or SpyHunter.

For more information about the Redirect Virus, read this: What to do when Google/Yahoo/Bing results are redirecting?

Source.

It’s annoying and can be a pain to remove. Is it malware? :-\

Be careful when installing freeware programs and make sure to not install the “goodies”.

Merged with an existing topic.

The way I got duped was it came in as something else with options you could choose if you checked the box, unfortunately whether you checked the box or not made no difference, it installs the Bug regardless, the entire download is a sham.

Since my last refresh Conduit has been gone until days then I did something really dumb, I turned on IE 10 which was synced by default and guess what showed up…yep Conduit which was listed as the default search engine!..again SYNC was the vehicle.

Lesson learned, any and all browsers are setup with the modem OFF to make sure SYNC is off.

I have to give the people that designed Conduit credit, it has a lot of highly paid people scratching their heads and possibly backsides because it hides itself everywhere in everything and they all seem helpless to stop it.