This red X pops up on my desktop everytime I get on my computer
RunDLL
C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
This specified module could not be found
Thank you for any help :)
Hello JennieMMiller and Welcome to the Forum
This appears to be something having to do with conduit which is a PUP I believe. Your best bet would be to stop over at one of the free malware removal sites. Norton products don't do very much for PUP malware unless it's a very bad case. Someone at one of the removal sites will work with you in a controlled environment which we don't have here. Please sign up at one of these sites and let us know how you are doing.
Please go to one of these free Forums for help in removing your bad malware or rootkits.
(Thanks to Delph for providing the list of sites)
Please see this link for an up to date description of these sites plus the addition of a newly listed site formed by one of our successful malware remover users. The new site is listed first in this link.
http://community.norton.com/t5/Tech-Outpost/Malware-Removal-Forum-Recommendations/m-p/1060209#M8608
Please come back and let us know how you made out. If you end up having to reinstall N360, we can help you with that once you are finsihed with the malware removal site and they have cleaned up your computer.
In this case, it sounds like something may have partially blocked conduit's installation (hence its missing DLL)--so you might actually not be experiencing the "wonders" of conduit seen in this other thread:
Still, that error popping up all the time could be just as annoying! A secondary scanner that is more concerned with toolbars and adware that won't actually harm your computer might take care of it for you, without the need to resort to one of the removalist sites.
We recommend the free versions only of either of these programs--which aren't as good at keeping actual malware off your computer, but are more aggressive against PUPs/PUAs:
- Malwarebytes FREE: http://downloads.malwarebytes.org/mbam-download.php
- SuperAntiSpyware FREE: http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Be sure not to buy or accept the free trial of the full versions, as those contain real-time scanning functionality that will conflict with your Norton and, paradoxically, make you less secure. But the free versions leave that out, and make good "wingmen" for Norton 360.
If you do this, please let us know how it goes.
V/R,
--DistEd2
Hello
I would still recommend the removal sites because there might be more than just that problem. Something may be hiding with the same name as an essential file. We don't want to have a piece of malware being removed, but it's actually a legit file. I would feel safer going to one of the removal sites that can check out the whole computer to see if there is anything else that might be malware.
"In this case, it sounds like something may have partially blocked conduit's installation "
FALSE,
I know why the message and what is causing it, and have dealt with it in the past, That comment is just a stab in the dark which is dangerous
Quads
OK, Quads' verdict on this sort of thing is authoritative--which means go with Floplot's recommendation. Pick one of the recommended removalist forums,, open a thread there, and talk with no one but your assigned removalist about this problem until they tell you that you're done.
Note that Quads himself has a forum on this list--and since he already recognizes what you're dealing with, it would be a good choice. Do exactly as he tells you, and nothing else, while he's working. What he lacks in bedside manner, he makes up in results.
V/R,
--DistEd2
No I won't be doing it as the thread creator has alredy been told to download and run programs, So the system has already changed from the original condition.
Quads
Go into the task scheduler and delete the scheduled task for BackgroundContainer.
Then go to one of the other sites mentioned in the link above for assistance in removing the malware.
Note to all- I'm not giving malware removal instructions, the error posted by the OP is a WINDOWS error and I am simply helping to stop the windows error so she can use her computer and get help for the underlining problem.
Dave
"Note to all- I'm not giving malware removal instructions,"
hahahahaha
If the object belongs to "malware" and you are telling a user instructions on how to remove an object for that "malware" then you are giving malware removal instruction even if only partly.
Quads
Quads wrote:No I won't be doing it as the thread creator has alredy been told to download and run programs, So the system has already changed from the original condition.
Quads
Quads,
I had hoped--since the OP hasn't responded since I gave that advice--that we had caught them in time so they hadn't changed anything.
We are all here to help the users. Lacking your malware removal expertise, all I have to go on when doing so is my thirty years of experience in the guts of Microsoft operating systems (starting with DOS 1), my quarter-century of experience with Norton products, and the couple of years I've been active on these forums.
In that time, I have learned to respect your expertise and your results, and I have never said otherwise, in public or in private. And if you show up in a thread I'm working and contradict my advice in a specific case, I know you're going to be right and I'm going to be wrong. But I have also learned that, when someone comes here for help with their Norton product, and they have a run-of-the-mill PUP/PUA, malwarebytes or superantispyware will probably take care of it for them--and again, that's what we're here for. Maybe I'm just lucky, but I have never had a single case where I have recommended those programs and they have left the user worse off than they came here. This is one reason why I will continue to recommend them.
The other reason is that you and delphinium have taught me that PUPs and PUAs are sometimes not the end of the story: they may be associated with genuine malware. But unlike you, I can't look at a thread and tell whether the user is in one of those situations or not, without running other tools that are in my toolbox. I've never made any secret that I'm not a removalist. I don't know how to use combofix. I do know how to use MBAM or SAS, and to use the results to advise the user as to whether they need to consult an expert like you. As a military leader, I also know that I go to war with the resources I'm given, not the resources I'd like to have. So if you're around to help, and willing, I know I'll get better results for the user--and that's the mission, so I'll gladly and without hesitation defer to you. But if you're not, I am going to do my best to accomplish the mission with what I've got.
So lead, follow...or get the heck out of the way.
V/R,
--DistEd2
Quads wrote:"Note to all- I'm not giving malware removal instructions,"
hahahahaha
If the object belongs to "malware" and you are telling a user instructions on how to remove an object for that "malware" then you are giving malware removal instruction even if only partly.
Quads
I'm sorry but I disagree. I did not give instructions on "how to remove an object for that malware"
I suggested a way to stop the RundLL error by removing a scheduled task.
A scheduled task is not an object of the malware, the malware and all associated files are still present on the system.
The scheduled task is a simple command that is causing the WINDOWS error.
And thats exactly what I tried to do, I help people with Windows problems.
You had already refused to help this person.
I don't care if the scheduled task was added by the malware, I don't consider it part of the malware, I consider it as a simple windows command causing an error.
I did not even ask if the .dll was even present on the system.
This person will be able to recieve help at one of the other sites, they will not refuse to help her because I suggested she remove a scheduled task or someone else suggested she use Malwarebytes prior to posting for help at that site.
If you truly wanted to help this Norton customer you could have looked in her profile to see she has not visited this forum since the original post was made.
You could have easily said "I would be glad to help you if you have not run any tools yet"
But thats just my opinion and I understand if it differs from yours or anyone else.
Dave
You disagree because you do not know "malware" If a oject belongs to "malware" and you tell a user to remove somet5hing belonging to it, you are doing malware removal if only in part.
I have delt with the error message what it belongs to and so know what you are removing. It is that easy.
If you remove registry keys or other objects that belongs to Norton then you are still doing Norton Removal even if only a part of, remove the services for Norton, as they don't belong to Norton belong to Windows.
Task:{[Numbers]}-System32\Tasks\BackgroundContainer StartupTask=>Rundll32.exe "[PATH TO FILE]\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Belongs to a Condiut variant ans is created by the PUP when it is installed, meaning that it belongs to the PUP, It is not there On my Windows, so does not belong to Windows. when the module is missing the PUP task still wants the module and due to the fact the PUP task uses a Windows file to run the module the error message appears. BUT the Task actually belongs to the PUP and does not belong to Windows.
Meaning you are doing malware removal as you are very basically telling the user to remove the PUP task.
Quads
If I remove an entry from the run line of the registry that starts a certain program. I am not removing the program.
Can you see the difference in that, your example is removing program entries, my example is removing an entry to have a program run.
Same thing when MSCONFIG is used to disable a program from starting, it's not touching the program or any part of it.
Exact same thing as removing a scheduled task. it's not part of the program.
If I delete my scheduled task to run disk defragmenter I am not removing any part of the program o making any changes to the program.
I have now asked another MR and updated my post above.
MSCONFIG works differently to tasks.
Oh I will have to remember that when I am removing objects like Browser objects, services Run Objects or an oject in the BCD that I am not doing malware removal after all I am just removing whatever but it is not Malware Removal.
Removing even a task that belongs to a program (bad or good) you are still removing part of that program. Simple
If you removed a task that was actually required by that program and now the program does not want to work correctly then ummm that is because what was deleted belongs to the program. Same if you delete any registry key that is required and the program does not run correctly after that is because they belong to that program
The fact the hives belong to Windows does not mean all the regisry keys belong to Windows,
Hmmm now I have to think about what I will say to a user where I was going to remove registry keys for PUP's but I will have to tell them I am not doing malware or PUP removal.
Quads
Quads wrote:I have now asked another MR and updated my post above.
MSCONFIG works differently to tasks.
Yes, absolutly different, but the same concept. It's disabling a command that starts a program through the registry.
A scheduled task is a command that starts a program in another way.
I assume it's being exploited because it can bypass UAC and run programs with elevated credentials.
Oh I will have to remember that when I am removing objects like Browser objects, services Run Objects or an oject in the BCD that I am not doing malware removal after all I am just removing whatever but it is not Malware Removal.
It depends on what your removing Quads. I remove items from the BCD and make edits to it quite often. But I'm not a removalist or trying to remove malware. I'm a guy that dual boots a lot of systems and does a lot of testing with imaging programs.
Removing even a task that belongs to a program (bad or good) you are still removing part of that program. Simple
Sorry we disagree
If you removed a task that was actually required by that program and now the program does not want to work correctly then ummm that is because what was deleted belongs to the program. Same if you delete any registry key that is required and the program does not run correctly after that is because they belong to that program
I absoluty agreed with you here. Your example of if I was removing registry entries required by a program like Norton I would be removing part of Norton and therefore trying to be a "removalist".
However, my example is also correct, If I remove an entry in the Run section of the registry I am not removing the program or pretending to be a "removalist". I am simply not allowing it to start with windows. Such an entry is not "required by the program to run correctly" I would be making no changes to the program or removing any part of it.
Same as above Quads, it depends on what your removing, it's incorrect to say any changes to the registry is being a removalist and it is incorrect to say any edit to the BCD is being a removalist. It depends on what changes you are making or what your removing.
The fact the hives belong to Windows does not mean all the regisry keys belong to Windows,
Actually they do belong to Windows because it's the Windows registry, but thats just a technicality.
Hmmm now I have to think about what I will say to a user where I was going to remove registry keys for PUP's but I will have to tell them I am not doing malware or PUP removal.
NO, you just have to consider what your doing and what your removing.
If someone asks you for help in stopping the automatic update of flash player or Java and you suggest they remove the registry Run key. Then you are not removing malware or the program involved or damaging the program in any way.
If you give instructions to remove malware entries then your being a removalist.
If you give instructions to fix or replace registry entries that were deleated or damaged by malware then your repairing the damage as part of fixing the system after removing the malware.
Like I said, it's all a matter of what your removing.
Quads
Dave
It's way past midnight and I need to get home and eat dinner still.
So don't think my lack of responce indicates anything.
I feel very strongly in my statements that I am not a removalist and I am not trying to be a removalist.
In all my years here you should know what I do and what I don't do.
I wish we could agree that making some changes to the registry, BCD, scheduled tasks, MSCONFIG, or items in the startup folder do not constitute removing necessary parts of a program.
You could have helped this Norton customer with less time or work then you spent here in disagreement with me.
Goodnight,
Dave
Easy way around this is for users to not use this forum any sort of malware re3moval or PUP as here is not good enough due to problems like not knowing whe the removal of an object belongs to malware or windows.
I will have to tell creators of our tools not to detect the task as it belongs to Windows according to DaveH and not what MR's and the tool creators think after all, That it belongs to a PUP.
FRST detects it as does Adwcleaner for starters they better update the program to not highlight or remove the item as it belongs to windows.
DaveH disagrees with me and another MR I checked for the extra data.
Example of FRST highlighing objects belonging to PUP's and not Windows
Task:{58A8B1A0-4CC2-4099-9A58-10FB65F1B480}-System32\Tasks\BackgroundContainer StartupTask=>Rundll32.exe "C:\Users\M. T. Webb\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun<==== ATTENTIONTask:{C30F639D-5CA2-461C-BF67-75841A229DD5}-System32\Tasks\Desk 365RunAsStdUser=> C:\Program Files(x86)\Desk 365\desk365.exe <==== ATTENTIONTask:{E002C432-0927-4B44-9102-DBB8913C158D}-System32\Tasks\AmiUpdXp => C:\Users\M. T.<==== ATTENTIONTask: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\M. T.Webb\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
HKCU\...\Run:[BackgroundContainer]-"C:\Windows\SysWOW64\Rundll32.exe""C:\Users\M. T. Webb\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun<===== ATTENTION
Removing part of Malware is not being a removalist, whether a registry key, task, the BCD, etc is not being a malware removalist. when it is part of malware
I have shown above that te task belongs to a PUP (an would include malware also) so in removing the task means that you are removing malware or PUP's.
If for instance Malwarebytes detects 16 registry keys
And the tasks above, and you have Malwarebytes remove them OH Bugger I should have as malwarebytes is removing what belongs to windows oh heck.
Oh hang on it depends on what it is removing,
Task:{58A8B1A0-4CC2-4099-9A58-10FB65F1B480}-System32\Tasks\BackgroundContainer StartupTask=>Rundll32.exe "C:\Users\M. T. Webb\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun<==== ATTENTION
Belongs to a PUP not Windows so the detection is correct. as "PUP.Optional.Conduit"
Adwcleaner also detects the task as File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task as it belongs to a PUP.
Roguekiller also has it added to it's database for detection.
Quads
Quads
I had the same problem. Conduit was installed after I downloaded DIVX. I followed the advise in this stream and removed DIVX and I removed the scheduled action entry for Conduit. But I still had that same RunDLL error message. I resolved it by searching my PC and removing all folders with the word Conduit, and then I edited the Registry and searched for and deleted all items with the word Conduit. That worked. Warning! editing the Registry can be dangerous if you are not experienced, be sure to create a Restore point before changing the Registry.