Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2.8.11.9 1.32%
1.7.0.72 11.84%
1.5.0.71 44.74%
1.4.3.7 1.32%
1.4.2.2 1.32%
1.4.1.12 21.05%
1.4.0.65 10.53%
1.3.0.184 1.32%
1.2.10.10 1.32%
1.2.5.2 1.32%
1.2.3.6 3.95%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
GetUserNameA, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, DeregisterEventSource, ReportEventA, RegisterEventSourceA, OpenProcessToken, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegNotifyChangeKeyValue, RegCreateKeyExW, CreateProcessAsUserW, GetLengthSid, SetTokenInformation, ConvertStringSidToSidW, DuplicateTokenEx, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, RegEnumKeyExW, CheckTokenMembership, FreeSid, AllocateAndInitializeSid, OpenThreadToken, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetUserNameW
crypt32.dll
CryptQueryObject, CertFindCertificateInStore, CertGetNameStringW, CertFreeCertificateContext, CertCloseStore, CryptMsgClose, CryptMsgGetParam
dbghelp.dll
SymInitialize, SymFunctionTableAccess64, SymGetModuleBase64, StackWalk64, MiniDumpWriteDump, SymGetSymFromAddr64, SymGetLineFromAddr64
gdi32.dll
GetStockObject, DeleteObject, CreateSolidBrush, SetWindowOrgEx, GetWindowOrgEx
kernel32.dll
IsProcessorFeaturePresent, HeapSize, HeapReAlloc, HeapDestroy, InitializeCriticalSectionAndSpinCount, RaiseException, TlsSetValue, OpenEventA, TlsGetValue, TlsFree, TlsAlloc, CreateEventA, HeapAlloc, GetProcessHeap, GetStringTypeExW, SetFileTime, LocalFileTimeToFileTime, GetCurrentDirectoryW, SystemTimeToFileTime, ReadFile, SetFilePointer, FindResourceExW, LockResource, SizeofResource, LoadResource, FindResourceW, GetLocaleInfoW, GetUserDefaultLCID, GetVersionExW, CreateProcessW, OpenProcess, LocalAlloc, FlushConsoleInputBuffer, LoadLibraryA, GetStdHandle, GetFileType, GetVersion, LCMapStringW, UnmapViewOfFile, HeapFree, SetProcessShutdownParameters, GetCurrentProcessId, GetComputerNameW, GetLastError, AreFileApisANSI, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, HeapSetInformation, InterlockedCompareExchange, Sleep, InterlockedExchange, DecodePointer, EncodePointer, lstrlenW, FormatMessageA, WaitForSingleObjectEx, CreateDirectoryW, GetSystemTime, ResetEvent, SetEvent, WaitForMultipleObjects, QueueUserWorkItem, CreateMutexW, OpenMutexW, GetTempPathW, InterlockedIncrement, GetModuleHandleExW, FreeLibrary, GetModuleHandleW, LoadLibraryW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, LocalFree, FormatMessageW, WideCharToMultiByte, MultiByteToWideChar, InterlockedDecrement, SetUnhandledExceptionFilter, GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, GetLocalTime, GlobalMemoryStatus, GetSystemTimeAsFileTime, OutputDebugStringA, GetModuleHandleA, GetProcAddress, GetVersionExA, VirtualQuery, GetSystemInfo, GetFileTime, CreateFileA, GetModuleFileNameA, FileTimeToDosDateTime, FileTimeToLocalFileTime, WriteFile, lstrlenA, lstrcpyA, lstrcpynA, GetFileInformationByHandle, WaitForSingleObject, PostQueuedCompletionStatus, GetQueuedCompletionStatus, ReadDirectoryChangesW, CreateIoCompletionPort, CreateEventW, GetDiskFreeSpaceExW, CloseHandle, GetFileSize, CreateFileW, CopyFileW, GetFileAttributesW, FindClose, SetFileAttributesW, RemoveDirectoryW, FindNextFileW, FindFirstFileW, DeleteFileW, GetModuleFileNameW, ResumeThread, ReleaseSemaphore, SetLastError, ProcessIdToSessionId, DllMain
msvcp100.dll
DllMain
msvcr100.dll
DllMain
ole32.dll
CoInitializeEx, CoSetProxyBlanket, CoUninitialize, CoCreateInstance, OleInitialize, CLSIDFromString, CoInitialize, CoInitializeSecurity, CoWaitForMultipleHandles, StringFromGUID2, CoCreateGuid
psapi.dll
EnumProcessModules, GetModuleBaseNameW, GetModuleFileNameExW, GetProcessImageFileNameW, EnumProcesses
rpcrt4.dll
NdrClientCall2, NdrServerCall2, RpcBindingFree, RpcEpResolveBinding, RpcStringBindingComposeW, RpcServerRegisterIfEx, RpcServerUnregisterIfEx, RpcObjectSetType, RpcBindingInqObject, RpcImpersonateClient, RpcObjectInqType, RpcRevertToSelfEx, I_RpcBindingInqTransportType, I_RpcBindingInqLocalClientPID, RpcServerUseProtseqEpW, RpcBindingSetObject, RpcStringFreeW, RpcBindingFromStringBindingW
shell32.dll
ShellExecuteW, SHCreateDirectoryExW, SHGetFolderPathW
shlwapi.dll
PathFileExistsW, UrlUnescapeW
user32.dll
RegisterWindowMessageW, GetWindowThreadProcessId, FindWindowW, CharUpperW, PostThreadMessageW, SetWindowLongW, GetWindowLongW, GetClassInfoW, RegisterClassW, SetTimer, GetMessageW, LoadStringW, DispatchMessageW, TranslateMessage, DestroyWindow, MessageBoxA, GetDesktopWindow, GetSystemMetrics, wsprintfW, GetProcessWindowStation, GetUserObjectInformationW, PostQuitMessage, DefWindowProcW, LoadIconW, LoadCursorW, RegisterClassExW, CreateWindowExW, ShowWindow, UpdateWindow, KillTimer, GetWindowRect, IsWindow, PostMessageW, GetCursorPos, FindWindowExW, FillRect, SendMessageW, ScreenToClient, ClientToScreen, GetClientRect, SetFocus, IsChild, GetFocus, PeekMessageW, MsgWaitForMultipleObjects
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
wininet.dll
InternetCrackUrlW, InternetGetConnectedState, InternetConnectA, InternetCloseHandle, InternetOpenA, InternetCheckConnectionW, InternetAttemptConnect, HttpOpenRequestA, HttpAddRequestHeadersA, InternetSetCookieA, HttpQueryInfoA, HttpEndRequestW, InternetWriteFile, HttpSendRequestExW, HttpSendRequestA, HttpSendRequestW, InternetReadFile

cltmng.exe

Search Protect by Conduit Ltd. (Signed)

Remove cltmng.exe
Version:   1.5.0.71
MD5:   e7bfaec48b638814f9da09ff1f4b723a
SHA1:   fd93ccaeba15517ce2171a1637bc837d393ade8e
SHA256:   42178c44cbb9c0a4f00261ec1802ba79ceaf9277d366b7bd272dea4ad6732757
Warning 9 antivirus scanners has detected malware.

Overview

cltmng.exe is malware that executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It is installed with a couple of know programs including Search Protect by conduit published by Conduit Ltd., Search Protect by conduit from Conduit Ltd. and Search Protect by conduit by Conduit Ltd.. The file is digitally signed by Conduit Ltd. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:cltmng.exe
Publisher:Conduit
Product name:Search Protect
Description:Search Protect by Conduit
Typical file path:C:\Program Files\searchprotect\bin\cltmng.exe
Original name:SearchProtect (R)
File version:1.5.0.71
Size:2.72 MB (2,852,640 bytes)
Build date:5/7/2013 11:16 PM
Certificate
Issued to:Conduit Ltd.
Authority (CA):VeriSign
Effective date:Wednesday, February 17, 2010
Expiration date:Saturday, March 30, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 10.0
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Search Protect by conduit
 Conduit Ltd.
  82% remove
The Conduit Search Protect software is designed to prevent other competing web browser plugins from changing the homepage and search settings that are created by the Conduit OurToolbar from being changed automatically. It is typically installed with various Community toolbars. During install of a Conduit Toolbar, you by default except the EULA to install the included SearchProtect software (which is required). Upon installation the p...

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'SearchProtectAll' → C:\Program Files\SearchProtect\bin\cltmng.exe
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'SearchProtect' → C:\users\user\appdata\Roaming\SearchProtect\bin\cltmng.exe
Network connections
  • [TCP] ec2-107-22-239-148.compute-1.amazonaws.com (107.22.239.148:80)
  • [TCP] VIP15.LB30.DALL.COTENDO.net (184.169.72.135:443)

    • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
    Antivirus engineEngine versionDetection
    Antiy Labs AVL 2.0.3.7 Trojan/Win32.Patched
    avast! 8.0.1489.320 Win32:SearchProtect-A [PUP]
    Baidu Antivirus 3.5.1.41473 Malware.Win32.Adware.50
    Comodo Internet Security 17020 Application.Win32.Conduit.~A
    Dr.Web 8.13.9.29 Adware.BGuard.15
    ESET NOD32 7.8855 a variant of Win32/Conduit.SearchProtect.B
    Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
    Malwarebytes 1.75.0.1 PUP.Optional.Conduit.A
    VIPRE Antivirus 21934 Conduit (fs)

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00481512%
    0.028634%
    Kernel CPU:0.00124617%
    0.013761%
    User CPU:0.00356895%
    0.014873%
    Kernel CPU time:8,814 ms/min
    100,923,805ms/min
    CPU cycles:1,341,172/sec
    17,470,203/sec
    Context switches:8/sec
    284/sec
    Memory
    Private memory:18.04 MB
    21.59 MB
    Private (maximum):25.35 MB
    Private (minimum):21.34 MB
    Non-paged memory:18.04 MB
    21.59 MB
    Virtual memory:161.93 MB
    140.96 MB
    Virtual memory (peak):183.83 MB
    169.69 MB
    Working set:23.77 MB
    18.61 MB
    Working set (peak):29.14 MB
    37.95 MB
    Page faults:95,762/min
    2,039/min
    I/O
    I/O read transfer:1 KB/sec
    1.02 MB/min
    I/O read operations:1/sec
    343/min
    I/O write transfer:727 Bytes/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:851 Bytes/sec
    448.09 KB/min
    I/O other operations:391/sec
    1,671/min
    Resource allocations
    Threads:42
    12
    Handles:703
    600
    GUI GDI count:9
    103
    GUI GDI peak:10
    142
    GUI USER count:55
    49
    GUI USER peak:59
    71

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:64-bit
    Command line:"C:\users\user\appdata\roaming\searchprotect\bin\cltmng.exe"
    Owner:User
    Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    ntdll.dll
    Total CPU:0.01223223%
    0.272967%
    Kernel CPU:0.00158849%
    0.107585%
    User CPU:0.01064374%
    0.165382%
    CPU cycles:297,800/sec
    5,741,424/sec
    Memory:1.66 MB
    1.16 MB
    cltmng.exe (main module)
    Total CPU:0.00177914%
    Kernel CPU:0.00088570%
    User CPU:0.00089344%
    CPU cycles:40,305/sec
    Memory:2.77 MB
    msvcr100.dll (Microsoft Visual Studio 2010 by Microsoft)
    Total CPU:0.00038786%
    Kernel CPU:0.00022331%
    User CPU:0.00016454%
    CPU cycles:11,913/sec
    Memory:760 KB
    wow64.dll
    Total CPU:0.00000559%
    Kernel CPU:0.00000399%
    User CPU:0.00000160%
    CPU cycles:3,315/sec
    Memory:252 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 43.42%
    Windows 7 Ultimate 15.79%
    Windows 8 Pro 9.21%
    Microsoft Windows XP 7.89%
    Windows 7 Professional 6.58%
    Windows 8 5.26%
    Windows Vista Home Premium 5.26%
    Windows Vista Ultimate 3.95%
    Windows 7 Starter 2.63%

    Distribution by countryDistribution by country

    United States installs about 68.42% of Search Protect.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 31.11%
    Dell 17.78%
    Acer 15.56%
    Toshiba 15.56%
    ASUS 6.67%
    Compaq 4.44%
    Lenovo 4.44%
    Sahara 2.22%
    Samsung 2.22%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE