» tb4sh1.dll
Overview
Analysis
File Details
Programs (10)
Downloads (1)

tb4sh1.dll

Conduit Toolbar Automatic Update

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar bundle. The module tb4sh1.dll by Conduit has been detected as a potentially unwanted program by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including 1 Choice 4 Your Store Toolbar by Conduit Ltd. and Freecorder Toolbar by Freecorder, both potentially unwanted software.

File name:

tb4sh1.dll

Publisher:

Conduit Ltd. (signed and verified)

Product:

Conduit Toolbar Automatic Update

Description:

Conduit Toolbar

Version:

6.3.2.17

MD5:

7cfe2e651641ad73c1fc579a16e64dbf

SHA-1:

20ee40eba7a75ea3279fe13fc0ff53b9f867c0de

SHA-256:

e0852e9e91d596b95eb2367555b7116ffacfc1937a12ce27b627b93c8ae12ebf

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:

11/23/2024 7:56:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

SearchPlugin.ConduitSearchBar.ToolbarAutomaticUpdate.G

14.8.7.22

VIPRE Antivirus

Conduit

22398

File size:

3.2 MB (3,305,768 bytes)

Product version:

6.3.2.17

Trademarks:

Original file name:

Conduit Toolbar

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\4shared.com\tb4sh1.dll

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/17/2010 3:30:00 AM

Valid to:

3/30/2013 4:29:59 AM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

File PE Metadata

Compilation timestamp:

2/16/2011 6:49:12 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:LlPBJ7BFJxYGSxcdShj6RhEqXG89wPlYdWEOmOBmAyM:LRBJ7DJxYXxcohvqXGawPlCWE6ByM

Entry address:

0x880F

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CA, 5E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 5D, E9, 4F, 03, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, EA, FF, FF, FF, 6A, 0C, 68, B8, 03, 02, 10, E8, 28, 53, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 7C, 65, 02, 10, 77, 22, 6A, 04, E8, 97, 61, 00, 00, 59, 83, 65, FC, 00, 56, E8, 9E, 69, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 34, 53, 00, 00, C3, 6A... 
[+]

Entropy:

7.9743 (probably packed)

Code size:

103 KB (105,472 bytes)

The file tb4sh1.dll has been discovered within the following programs.

1 Choice 4 Your Store Toolbar by Conduit Ltd.

1 Choice 4 Your Store Toolbar is a Conduit powered OurToolbar for Internet Explorer, Chrome and Firefox Web browsers.

1Choice4YourStore.OurToolbar.com

79% remove it

Free TV Bar c3 Toolbar by Conduit Ltd.

Free TV Bar c3 Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox.

FreeTVBarc3.Toolbar.fm

80% remove it

Freecorder Toolbar by Freecorder

Freecorder Toolbar installs various third part ad supported applications during installation including SweetPacks which changes the web browser's home page and search provider as well as the DealCabby Toolbar.

Freecorder.Media-Toolbar.com

69% remove it

FreeOnlineRadioPlayerRecorder Toolbar by Conduit Ltd.

Installs a OurToolbar toolbar in your Web browser that collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

FreeOnlineRadioPlayerRecorder.OurToolbar.com

67% remove it

Ingyenesek Toolbar by Conduit Ltd.

Ingyenesek Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

Ingyenesek.OurToolbar.com

63% remove it

MessengerPlusLive TB Toolbar by Conduit Ltd.

MessengerPlusLive TB Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox.

MessengerPlusLiveTB.OurToolbar.com

64% remove it

MyAshampoo Toolbar by Ashampoo GmbH & Co. KG

Installs a Conduit powered OurToolbar in Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

MyAshampoo.OurToolbar.com

72% remove it

myBabylon_English Toolbar by Babylon Ltd

Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

71% remove it

NCH Toolbar by Conduit Ltd.

NCH Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

NCH.OurToolbar.com

62% remove it

Soft32 Toolbar by Conduit Ltd.

Soft32 Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

Soft32.OurToolbar.com

66% remove it

Latest 20 of 17 programs

The file tb4sh1.dll has been seen being distributed by the following URL.

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tb4sh1.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.