tbverifier.dll
Conduit Toolbar Verifier by Conduit Ltd. (Signed)
Warning 4 antivirus scanners has detected malware in various versions of tbverifier.dll.
Overview
tbverifier.dll has 8 known versions, the most recent one is 3.0.0.2. tbverifier.dll is run as a standard windows process with the logged in user's account privileges. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 281.53 KB. It is an authenticode code-signed executable issued to Conduit Ltd. by the certification authority VeriSign. During the process's lifecycle, the typical CPU resource utilization is less than 0.01%, the average private memory consumption is about 28.91 MB and typical read I/O operations are around 14.53 KB per minute.
Details |
File name: | tbverifier.dll |
Publisher: | Conduit Ltd. |
Product name: | Conduit Toolbar Verifier |
Typical file path: | C:\Program Files\conduit\ct3298566\plugins\tbverifier.dll |
Original name: | ConduitF.dll |
Certificate |
Issued to: | Conduit Ltd. |
Authority (CA): | VeriSign |
Effective date: | Wednesday, January 2, 2013 |
Expiration date: | Sunday, April 3, 2016 |
Behaviors
(Note, the behaviors below are for all versions of tbverifier.dll, select a unique version for details.)
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil
- 'ConduitFloatingPlugin_lmcedemcahkmaidbipmniofjcocajlgk' → "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3309759\plugins\TBVerifier.dll",RunConduitFloatingPlugin lmcedemcahkmaidbipmniofjcocajlgk
- 'ConduitFloatingPlugin_jpkgnchjblgnciiopegmabnakdoapgkj' → "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3287811\plugins\TBVerifier.dll",RunConduitFloatingPlugin jpkgnchjblgnciiopegmabnakdoapgkj
- 'ConduitFloatingPlugin_mahgaopgbalgbfohkikbdjfmaapiehaf' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3282495\plugins\TBVerifier.dll",RunConduitFloatingPlugin mahgaopgbalgbfohkikbdjfmaapiehaf
- 'ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3306058\plugins\TBVerifier.dll",RunConduitFloatingPlugin ffekppndigniegkobcngkdmaadbhhonj
- 'ConduitFloatingPlugin_oblkmgkfjnmlkemjgheoidmmfncckcej' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3313053\plugins\TBVerifier.dll",RunConduitFloatingPlugin oblkmgkfjnmlkemjgheoidmmfncckcej
- 'ConduitFloatingPlugin_cflheckfmhopnialghigdlggahiomebp' → "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3289075\plugins\TBVerifier.dll",RunConduitFloatingPlugin cflheckfmhopnialghigdlggahiomebp
- 'ConduitFloatingPlugin_bpghhlfbjmmjohhnonhjgpbjdlbnmapf' → "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3316750\plugins\TBVerifier.dll",RunConduitFloatingPlugin bpghhlfbjmmjohhnonhjgpbjdlbnmapf
- 'ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim
- 'ConduitFloatingPlugin_kokoiojcgpmpngieemgjkgkaogemflng' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3314199\plugins\TBVerifier.dll",RunConduitFloatingPlugin kokoiojcgpmpngieemgjkgkaogemflng
- 'ConduitFloatingPlugin_iolllphbfidpiigenecjjflaefapfnef' → "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3279412\plugins\TBVerifier.dll",RunConduitFloatingPlugin iolllphbfidpiigenecjjflaefapfnef
- 'ConduitFloatingPlugin_cbjibcbpmbcabnfnohhgjjmkgkimajko' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3294791\plugins\TBVerifier.dll",RunConduitFloatingPlugin cbjibcbpmbcabnfnohhgjjmkgkimajko
- 'ConduitFloatingPlugin_pcajpdcjfekhfnapaiphaecoajeollnc' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3299568\plugins\TBVerifier.dll",RunConduitFloatingPlugin pcajpdcjfekhfnapaiphaecoajeollnc
- 'ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff' → "C:\WINDOWS\system32\Rundll32.exe" "C:\Program Files\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff
- 'ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe
- 'ConduitFloatingPlugin_eiebcgmnpbbifoagcaobgelgnijgpaog' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3308759\plugins\TBVerifier.dll",RunConduitFloatingPlugin eiebcgmnpbbifoagcaobgelgnijgpaog
- 'ConduitFloatingPlugin_fdkednngfjmpnljkolbapdednncafhen' → "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files\Conduit\CT3298566\plugins\TBVerifier.dll",RunConduitFloatingPlugin fdkednngfjmpnljkolbapdednncafhen
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engine | Engine version | Detection | File version |
VIPRE Antivirus |
22182 |
Conduit (fs) |
1.0.4.0 |
VIPRE Antivirus |
21744 |
Conduit (fs) |
1.0.4.0 |
VIPRE Antivirus |
23066 |
Conduit (fs) |
1.0.4.0 |
VIPRE Antivirus |
23000 |
Conduit (fs) |
1.0.4.0 |
All file variations of tbverifier.dll
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
64.00% |
|
Microsoft Windows XP |
16.00% |
|
Windows 7 Ultimate |
8.00% |
|
Windows 8.1 |
4.00% |
|
Windows 7 Professional |
4.00% |
|
Windows Vista Home Premium |
4.00% |
|
Distribution by country
United States installs about 75.00% of Conduit Toolbar Verifier.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Dell |
41.18% |
|
Hewlett-Packard |
20.59% |
|
GIGABYTE |
8.82% |
|
Compaq |
5.88% |
|
ASUS |
5.88% |
|
Intel |
5.88% |
|
Lenovo |
5.88% |
|
American Megatrends |
2.94% |
|
Alienware |
2.94% |
|