home

firefoxmodule.dll

Search Protect

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The module firefoxmodule.dll, “Search Protect by Conduit” by Conduit has been detected as a potentially unwanted program by 12 anti-malware scanners. This file is typically installed with the program Search Protect by conduit by Conduit Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address usage.toolbar.conduit-services.com on port 80 using the HTTP protocol.
Publisher:
Conduit  (signed by Conduit Ltd.)

Product:
Search Protect

Description:
Search Protect by Conduit

Version:
1.5.0.71

MD5:
47d4e142baff5016f0c5a089b16d629f

SHA-1:
6dc7867b24fa6111d0c6f71d4356b2ebc5c2c876

SHA-256:
851547da6def9d1ca5662a1f93d8075b6964b1cf512ce67bc0b86af658acfe25

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/25/2024 7:45:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SearchProtect-C [Adw]
2014.9-140211

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.131125

Bkav FE
W32.Cloda0b.Trojan
1.3.0.4613

Boost by Reason
Adware.SearchProtect.Conduit.N
2013.7.25.17

Dr.Web
Adware.BGuard.15
9.0.1.0206

ESET NOD32
Win32/Conduit.SearchProtect (variant)
7.9125

G Data
Win32.Application.SearchProtect
13.12.22

Malwarebytes
PUP.Optional.Conduit.A
v2013.11.25.12

Panda Antivirus
Adware/Conduit
14.02.11.10

Reason Heuristics
PUP.SearchProtect.Conduit.N
14.8.7.22

Trend Micro House Call
TROJ_GEN.F47V1015
7.2.42

VIPRE Antivirus
Conduit
24848

File size:
1.2 MB (1,226,528 bytes)

Product version:
1.5.0.71

Copyright:
2012 (c) Conduit. All rights reserved.

Original file name:
SearchProtect (R) P

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\searchprotect\bin\firefoxmodule.dll

Digital Signature
Signed by:
Conduit Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
5/7/2013 11:17:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Klac1Y8bWUODPi7c3pqRRuUIzM7CX7upOolHqdHgSgYabLfEdwB9Ukr9Qq8ERn:UMu6p0ZOa+FgYm9Ukr9Qq8ERn

Entry address:
0xAF5C0

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4A, 03, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 14, 68, 18, 0C, 0E, 10, E8, 61, 07, 00, 00, FF, 35, 8C, 6D, 10, 10, 8B, 35, 44, F0, 0C, 10, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, D4, F2, 0C, 10, 59, EB, 64, 6A, 08, E8, C2, 07, 00, 00, 59, 83, 65, FC, 00, FF, 35, 8C, 6D, 10, 10, FF, D6, 89, 45, E4, FF, 35, 88, 6D, 10, 10, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35...
 
[+]

Entropy:
6.3977

Code size:
823 KB (842,752 bytes)

The file firefoxmodule.dll has been discovered within the following programs.

Search Protect by conduit  by Conduit Ltd.
The Conduit Search Protect software is designed to prevent other competing web browser plugins from changing the homepage and search settings that are created by the Conduit OurToolbar from being changed automatically. It is typically installed with various Community toolbars.
www.conduit.com/privacy/search-protect-privacy-policy.aspx
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to usage.toolbar.conduit-services.com  (66.77.197.165:80)

Remove firefoxmodule.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.