» tbroa1.dll
Overview
Analysis
File Details
Programs (6)
Downloads (1)

tbroa1.dll

Conduit Toolbar Automatic Update

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar bundle. The module tbroa1.dll by Conduit has been detected as a potentially unwanted program by 5 anti-malware scanners. Additionally, the file is typically installed by a number of programs including uTorrentBar Toolbar by Conduit Ltd. and TVersitybar Toolbar by Conduit Ltd., both potentially unwanted software.

File name:

tbroa1.dll

Publisher:

Conduit Ltd. (signed and verified)

Product:

Conduit Toolbar Automatic Update

Description:

Conduit Toolbar

Version:

6.7.0.6

MD5:

ef5892982933e1bc5f7ae77e1e60129a

SHA-1:

b41aef27b00f419a50ea62716e3838996326d14e

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:

5/2/2024 3:15:21 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Conduit

4.0.3.1514

ESET NOD32

Win32/Toolbar.Conduit.Y potentially unwanted application

9.7.0.302.0

McAfee

Artemis!02FA2D857DF3

5600.6895

Reason Heuristics

SearchPlugin.ConduitSearchBar.ToolbarAutomaticUpdate.G

14.8.7.22

Trend Micro House Call

Suspicious_GEN.F47V0629

7.2.4

File size:

1.9 MB (1,973,032 bytes)

Product version:

6.7.0.6

Trademarks:

Original file name:

Conduit Toolbar

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\road_runner\tbroa1.dll

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/16/2010 7:00:00 PM

Valid to:

3/29/2013 7:59:59 PM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

File PE Metadata

Compilation timestamp:

9/18/2011 9:51:08 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:1Enu2GEBHiNH4+GsW0aE0ECywxoKgN6L2jXhC1eo3Vb:1EnvGtG/0aE03oKgEi0X

Entry address:

0x88BF

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 39, 5F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 5D, E9, DF, 06, 00, 00, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, DC, B2, 01, 10, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 57, 8B, F9, C7, 07, DC, B2, 01, 10, 8B, 03, 85, C0, 74, 26, 50, E8, B3, 42, 00, 00, 8B, F0, 46, 56, E8, B1, 03, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 12, FF, 33, 56, 50, E8, B5, 25, 00, 00, 83, C4, 0C, EB, 04, 83, 67... 
[+]

Entropy:

7.9437 (probably packed)

Code size:

103.5 KB (105,984 bytes)

The file tbroa1.dll has been discovered within the following programs.

BitTorrentBar Toolbar by BitTorrent Inc.

Installs a Conduit powered OurToolbar in Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

BitTorrentBar.OurToolbar.com

65% remove it

Coupons.com Toolbar by Coupons.com Incorporated

Coupons.com Toolbar is a Conduit powered OurToolbar for Internet Explorer, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

Couponscom.OurToolbar.com

70% remove it

MyAshampoo Toolbar by Ashampoo GmbH & Co. KG

Publisher's description - “Ashampoo is one of the leading Internet-based companies worldwide in the field of software development, sales and web portal sites.”

MyAshampoo.OurToolbar.com

72% remove it

PHPNukeEN Toolbar by Conduit Ltd.

PHPNukeEN Toolbar is a 'Community Toolbar' from Conduit, that plugs into the various web browsers such as IE, Chrome and Firefox.

PHPNukeEN.OurToolbar.com

68% remove it

TVersitybar Toolbar by Conduit Ltd.

TVersitybar Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

TVersitybar.OurToolbar.com

70% remove it

uTorrentBar Toolbar by Conduit Ltd.

This toolbar is typiclaly bundled with the installation of the uTorrent during the initial install. uTorrentBar Toolbar is a Conduit toolbar (OurToolbar Community) for Intenet Explorer and Firefox.

uTorrentBar.OurToolbar.com

88% remove it

The file tbroa1.dll has been seen being distributed by the following URL.

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tbroa1.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.