home

tbedrs.dll

Conduit Toolbar Automatic Update

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar Automatic Update bundle. The module tbedrs.dll by Conduit has been detected as a potentially unwanted program by 10 anti-malware scanners. Additionally, the file is typically installed by a number of programs including P2P_Torrent Toolbar by Conduit Ltd. and FreeOnlineRadioPlayerRecorder Toolbar by Conduit Ltd., both potentially unwanted software.
Publisher:
Conduit Ltd.  (signed and verified)

Product:
Conduit Toolbar Automatic Update

Version:
6.15.0.27

MD5:
0eb9e0b29c137b9d2a4fa4ede1bf2862

SHA-1:
ccaab1bbede73f8187653e6db58e39280c519984

SHA-256:
591ca0b909326c3f74e62cab18f735624153e45afa0e1fb42a7928f8bab8be6e

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:
11/23/2024 7:34:47 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Laneul
1.3.0.4246

Boost by Reason
Optional.Conduit.G
188838

Clam AntiVirus
Win.Trojan.Agent-723879
0.98/21411

Dr.Web
Adware.Conduit.6
9.0.1.0329

ESET NOD32
Win32/Toolbar.Conduit.Y potentially unwanted application
8.7.0.302.0

NANO AntiVirus
Trojan.Win32.Conduit.crfrgr
0.28.0.57029

Panda Antivirus
PUP/Conduit.A
14.08.07.10

Reason Heuristics
SearchPlugin.ConduitSearchBar.ToolbarAutomaticUpdate.G
14.8.7.22

Trend Micro House Call
TROJ_GEN.F47V0909
7.2.329

VIPRE Antivirus
Conduit
23442

File size:
2.3 MB (2,390,304 bytes)

Product version:
6.15.0.27

Copyright:
Conduit © 2013 All Rights Reserved

Original file name:
Conduit Toolbar Automatic Update

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tbedrs.dll

Digital Signature
Signed by:
Conduit Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
7/17/2013 1:13:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:Kljvu+WvGepxo8H90LQiqW0gozT1tDsXRzp4ksJyNZMX40aovUYaicyaX+aPn5:QYlpxo8dV/HgoLDip4kA0T0acdaX75

Entry address:
0x9800

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 65, 64, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 38, 4D, 02, 10, E8, 71, 57, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, F8, 88, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E8, D0, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
7.9268  (probably packed)

Code size:
107 KB (109,568 bytes)

The file tbedrs.dll has been discovered within the following programs.

AF-HSS Toolbar  by Conduit Ltd.
AF-HSS Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox. The toolbar collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide advertising via the toolbar.
AFHSS.OurToolbar.com
80% remove it
BS Player Toolbar  by AB Team, d.o.o.
Installs a Conduit powered OurToolbar in Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.
BSPlayer.OurToolbar.com
63% remove it
Freecorder Toolbar  by Freecorder
Freecorder Toolbar installs various third part ad supported applications during installation including SweetPacks which changes the web browser's home page and search provider as well as the DealCabby Toolbar.
Freecorder.Media-Toolbar.com
69% remove it
FreeOnlineRadioPlayerRecorder Toolbar  by Conduit Ltd.
Installs a OurToolbar toolbar in your Web browser that collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.
FreeOnlineRadioPlayerRecorder.OurToolbar.com
67% remove it
fullscreensavers Toolbar  by Conduit Ltd.
fullscreensavers Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.
fullscreensavers.OurToolbar.com
61% remove it
IObitCom Toolbar  by IObit
IObitCom Toolbar is an ad-supported (users may see additional banner and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monetization platforms during installation.
66% remove it
IsoBuster Toolbar  by Conduit Ltd.
IsoBuster Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.
www.ourtoolbar.com
79% remove it
MyAshampoo Toolbar  by Ashampoo GmbH & Co. KG
Publisher's description - “Ashampoo is one of the leading Internet-based companies worldwide in the field of software development, sales and web portal sites.”
MyAshampoo.OurToolbar.com
72% remove it
myBabylon_English Toolbar  by Babylon Ltd
Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing and sends this information to Conduit so they can suggest services or provide ads via the toolbar.
71% remove it
MyPlayCity Toolbar  by MyPlayCity, Inc.
MyPlayCity Toolbar is a generic web browser toolbar that installs a search feature and various buttons for social integration and links to web sites such as MyPlayCity.com and various search providers.
www.myplaycity.com
63% remove it
 
Latest 20 of 18 programs
Powered by Should I Remove It?

The file tbedrs.dll has been seen being distributed by the following 2 URLs.

http://ieupdate.conduit.com/.../tbedrs.dll

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tbedrs.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.