cltmng.exe
Search Protect by Conduit Ltd. (Signed)
Warning 28 antivirus scanners has detected malware in various versions of cltmng.exe.
Overview
cltmng.exe has 11 known versions, the most recent one is 2.8.11.9. cltmng.exe is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 2.65 MB. It is an authenticode code-signed executable issued to Conduit Ltd. by the certification authority VeriSign. During the process's lifecycle, the typical CPU resource utilization is about 0.0039% including both foreground and background operations, the average private memory consumption is about 18.16 MB with the maximum memory reaching around 22.02 MB. Addionally, typically read and write I/O disk operations is about 2.81 KB per minute for reads and 428 Bytes per minute for writes.
 Details
|
| File name: | cltmng.exe |
| Publisher: | Conduit |
| Product name: | Search Protect |
| Description: | Search Protect by Conduit |
| Typical file path: | C:\Program Files\searchprotect\bin\cltmng.exe |
| Original name: | SearchProtect (R) |
| Certificate |
| Issued to: | Conduit Ltd. |
| Authority (CA): | VeriSign |
| Effective date: | Wednesday, February 17, 2010 |
| Expiration date: | Saturday, March 30, 2013 |
Programs installed in
(Note, the programs listed below are for all versions of Search Protect.)
The Conduit Search Protect software is designed to prevent other competing web browser plugins from changing the homepage and search settings that are created by the Conduit OurToolbar from being chan...
From the Terms of Service:
"Search Protect is a separate piece of software installed on your hard-drive in connection with your installation of a Toolbar. It is designed to protect your Search sett...
Yahoo Install Manager manages Yahoo program downloads and installations. The install manager keeps track of such programs and assists in the installations to put things in their proper places.
Behaviors
(Note, the behaviors below are for all versions of cltmng.exe, select a unique version for details.)
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'SearchProtectAll' → C:\Program Files\SearchProtect\bin\cltmng.exe
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'SearchProtect' → C:\users\user\appdata\Roaming\SearchProtect\bin\cltmng.exe
Malware detections
Based on 40+ industry antivirus scanners, 28 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Patched |
1.4.3.7 |
| Antiy Labs AVL |
2.0.3.7 |
Trojan/Win32.Patched |
1.5.0.71 |
| avast! |
8.0.1489.320 |
Win32:SearchProtect-B [PUP] |
1.4.1.12 |
| avast! |
8.0.1489.320 |
Win32:PUP-gen [PUP] |
1.4.3.7 |
| avast! |
8.0.1489.320 |
Win32:SearchProtect-A [PUP] |
1.5.0.71 |
| Baidu Antivirus |
3.5.1.41473 |
Malware.Win32.Adware.50 |
1.5.0.71 |
| Bkav Security |
1.3.0.4923 |
W32.Clod916.Trojan.4ec8 |
1.4.1.12 |
| Bkav Security |
1.3.0.4923 |
W32.Clod2c8.Trojan.e702 |
1.4.3.7 |
| Comodo Internet Security |
17020 |
Application.Win32.Conduit.~A |
1.5.0.71 |
| Dr.Web |
8.13.7.12 |
Adware.BGuard.15 |
1.4.0.65 |
| Dr.Web |
8.13.9.29 |
Adware.BGuard.15 |
1.5.0.71 |
| Dr.Web |
8.14.2.14 |
Adware.Conduit.17 |
1.4.3.7 |
| ESET NOD32 |
7.8521 |
a variant of Win32/Conduit.SearchProtect.B |
1.4.0.65 |
| ESET NOD32 |
7.8201 |
a variant of Win32/Conduit.SearchProtect.B |
1.2.10.10 |
| ESET NOD32 |
7.9341 |
Win32/Conduit.SearchProtect.A |
1.4.1.12 |
| ESET NOD32 |
7.9341 |
a variant of Win32/Conduit.SearchProtect.B |
1.4.3.7 |
| ESET NOD32 |
7.8855 |
a variant of Win32/Conduit.SearchProtect.B |
1.5.0.71 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.4.3.7 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.5.0.71 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
1.4.1.12 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.Conduit.A |
1.5.0.71 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.Conduit.A |
1.4.1.12 |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.Conduit.A |
1.4.3.7 |
| Panda Antivirus |
10.0.3.5 |
Adware/Conduit |
1.4.1.12 |
| Panda Antivirus |
10.0.3.5 |
Adware/Conduit |
1.4.3.7 |
| VIPRE Antivirus |
25854 |
Conduit (fs) |
1.4.1.12 |
| VIPRE Antivirus |
25854 |
Conduit (fs) |
1.4.3.7 |
| VIPRE Antivirus |
21934 |
Conduit (fs) |
1.5.0.71 |
All file variations of cltmng.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
43.42% |
|
| Windows 7 Ultimate |
15.79% |
|
| Windows 8 Pro |
9.21% |
|
| Microsoft Windows XP |
7.89% |
|
| Windows 7 Professional |
6.58% |
|
| Windows 8 |
5.26% |
|
| Windows Vista Home Premium |
5.26% |
|
| Windows Vista Ultimate |
3.95% |
|
| Windows 7 Starter |
2.63% |
|
Distribution by country
United States installs about 68.42% of Search Protect.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
31.11% |
|
| Dell |
17.78% |
|
| Acer |
15.56% |
|
| Toshiba |
15.56% |
|
| ASUS |
6.67% |
|
| Compaq |
4.44% |
|
| Lenovo |
4.44% |
|
| Sahara |
2.22% |
|
| Samsung |
2.22% |
|
