ct3268934.xpi

Vgrabber v1

The file ct3268934.xpi has been detected as a potentially unwanted program by 5 anti-malware scanners. It loads in Mozilla Firefox as a compliled extension named 'Vgrabber v1' created by Conduit Ltd..
Remove ct3268934.xpi - Powered by Reason Core Security
MD5:
eaf0c8a650f2dfda572a292f16b4f4d4

SHA-1:
704ec8fc82273160267781d64c74d978afa789fc

SHA-256:
f8b0b8218877f7e0fa97c10309a177893dc85733197504054acfdc0c6d8816e4

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/10/2016 6:14:03 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Conduit.SearchProtect.N potentially unwanted application
7.0.302.0

Panda Antivirus
PUP/Conduit.A
14.06.10.11

Reason Heuristics
PUP.Conduit.MozillaPlugin.M
14.6.10.11

VIPRE Antivirus
Conduit Toolbar
30154

Remove ct3268934.xpi - Powered by Reason Core Security
File size:
1.4 MB (1,499,484 bytes)

File type:
Cross-Platform Installer Module (XPI), used by Mozilla bundles

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ct3268934.xpi

Mozilla Extension
Name:
ct3268934.xpi

Display:
Vgrabber v1

Id:
ct3268934

Creator:
Conduit Ltd.

Description:
“Delivers all our best apps to your browser.”

Home page:
http://www.conduit.com


<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>{7f7f82f1-7c95-47cd-814f-950b56d58fc3}</em:id>
    <em:name>Vgrabber v1 </em:name>
    <em:unpack>true</em:unpack>
    <em:version>10.16.2.9</em:version>
    <em:description>Delivers all our best apps to your browser.</em:description>
    <em:creator>Conduit Ltd.</em:creator>
    <em:homepageURL>http://www.conduit.com</em:homepageURL>
    <!--em:aboutURL>chrome://CT3268934/content/about</em:aboutURL-->
    <!--em:optionsURL>chrome://CT3268934/content/options</em:optionsURL-->
    <em:updateURL>https://ffupdate.conduit-services.com/SB.ashx?ctid=CT3268934&amp;ver=10.16.2.9&amp;itemId=%ITEM_ID%&amp;itemMaxAppVersion=%ITEM_MAXAPPVERSION%&amp;itemStatus=%ITEM_STATUS%&amp;appId=%APP_ID%&amp;targetAppVersion=%APP_VERSION%&amp;currentAppVersion=%CURRENT_APP_VERSION%&amp;updateType=%UPDATE_TYPE%</em:updateURL>
    <em:file>
      <Description about="urn:mozilla:extension:file:CT3268934.jar">
        <em:package>content/</em:package>
        <em:skin>skin/</em:skin>
      </Description>
    </em:file>
    <em:targetApplication>
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.5</em:minVersion>
        <em:maxVersion>20.*</em:maxVersion>
      </Description>
    </em:targetApplication>
    <em:bootstrap>false</em:bootstrap>
  </Description>
</RDF>
Remove ct3268934.xpi - Powered by Reason Core Security