tbedrs.dll

Conduit Toolbar Automatic Update

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar Automatic Update bundle. The module tbedrs.dll by Conduit has been detected as a potentially unwanted program by 4 anti-malware scanners. Additionally, the file is typically installed by a number of programs including ansarsunna Toolbar by Conduit Ltd. and BitTorrentBar Toolbar by BitTorrent Inc., both potentially unwanted software.
Publisher:
Conduit Ltd.  (signed and verified)

Product:
Conduit Toolbar Automatic Update

Version:
6.11.2.6

MD5:
bf4d73c797010c0027ab4b053e9f8493

SHA-1:
bef49f698bb05f075cad2314d1e6707cf5582727

SHA-256:
f63ff005791d8655e10432cac9508db8b2fdbd1ac7ddf2433d769537eaa780f9

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:
12/24/2024 11:16:39 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Conduit.G
188838

ESET NOD32
Win32/Toolbar.Conduit (variant)
9.9593

Reason Heuristics
SearchPlugin.ConduitSearchBar.ToolbarAutomaticUpdate.G
14.8.7.22

VIPRE Antivirus
Conduit
22802

File size:
2.3 MB (2,391,808 bytes)

Product version:
6.11.2.6

Copyright:
Conduit © 2013 All Rights Reserved

Original file name:
Conduit Toolbar Automatic Update

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tbedrs.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/16/2010 10:00:00 PM

Valid to:
3/29/2013 8:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3736DA15AF647632CCE61CD41B6577DD

File PE Metadata
Compilation timestamp:
3/5/2013 10:38:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:2mNrpVz7s1o0hk4hTZ1o7vtoV2nnXEA8RQk1TV32MDUbIE38gPel4VH1TeERu+:hz78hkk1mly0rkD2MDU924VH

Entry address:
0xA799

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 5C, 68, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 88, 6F, 02, 10, E8, 68, 5B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 18, A9, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 20, F1, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
112.5 KB (115,200 bytes)

The file tbedrs.dll has been discovered within the following programs.

ansarsunna Toolbar  by Conduit Ltd.
ansarsunna Toolbar is an ad-supported (users may see additional banner and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.
ansarsunna.ForumToolbar.com
77% remove it
BitTorrentBar Toolbar  by BitTorrent Inc.
Installs a Conduit powered OurToolbar in Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.
BitTorrentBar.OurToolbar.com
65% remove it
Expat_Shield Toolbar  by AnchorFree Inc
Expat Shield is a VPN program that allows users to access UK TV websites such as BBC iPlayer and ITV when outside of the UK. Expat Shield routes your IP address via a UK IP address as if you were still in the UK wherever you are in the world.
expatshield.ourtoolbar.com
72% remove it
Freecorder Toolbar  by Freecorder
Freecorder Toolbar installs various third part ad supported applications during installation including SweetPacks which changes the web browser's home page and search provider as well as the DealCabby Toolbar.
Freecorder.Media-Toolbar.com
69% remove it
Mario_Forever Toolbar  by Conduit Ltd.
Contrary to what most Internet surfers may think, Mario Forever actually isn't a video game or gaming application; it's a browsing toolbar that can be installed in an Internet browser for Web searching and access to several customized applications.
info.trovi.com
74% remove it
MyAshampoo Toolbar  by Ashampoo GmbH & Co. KG
Publisher's description - “Ashampoo is one of the leading Internet-based companies worldwide in the field of software development, sales and web portal sites.”
MyAshampoo.OurToolbar.com
72% remove it
myBabylon_English Toolbar  by Babylon Ltd
Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing and sends this information to Conduit so they can suggest services or provide ads via the toolbar.
71% remove it
oneXtwo_de Toolbar  by Conduit Ltd.
oneXtwo_de Toolbar is a 'Community Toolbar' from Conduit, that plugs into the various web browsers such as IE, Chrome and Firefox.
oneXtwode.OurToolbar.com
72% remove it
P2P_Torrent Toolbar  by Conduit Ltd.
P2P Torrent Toolbar is a Community Toolbar by Conduit that runs in Internet Explorer, Chrome and Firefox Web browsers.
77% remove it
TVersitybar Toolbar  by Conduit Ltd.
TVersitybar Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.
TVersitybar.OurToolbar.com
70% remove it
 
Latest 20 of 15 programs
Powered by Should I Remove It?

The file tbedrs.dll has been seen being distributed by the following 2 URLs.

Remove tbedrs.dll - Powered by Reason Core Security