» tbmes1.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (10)
Downloads (1)

tbmes1.dll

Conduit Toolbar

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar bundle. The module tbmes1.dll by Conduit has been detected as a potentially unwanted program by 3 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘softonic-de3 Toolbar’. Additionally, the file is typically installed by a number of programs including mundotool Toolbar by Conduit Ltd. and FreeSoundRecorder Toolbar by Conduit Ltd., both potentially unwanted software.

File name:

tbmes1.dll

Publisher:

Conduit Ltd. (signed and verified)

Product:

Conduit Toolbar

Version:

6, 2, 2, 4

MD5:

feded7992e34001fb1bad51d5d27a756

SHA-1:

a400196eac446a184d184509fa41d1ba87924b55

SHA-256:

d4f235e08de6a0c40d32f07d4a8aeee252edad2895e313df2033cedd4e5d9ca1

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:

11/23/2024 8:01:58 AM UTC (today)

Scan engine

Detection

Engine version

Panda Antivirus

PUP/Conduit.A

14.02.16.12

Reason Heuristics

SearchPlugin.ConduitSearchBar.BHO.G

14.8.7.22

VIPRE Antivirus

Conduit

26250

File size:

3.3 MB (3,448,928 bytes)

Product version:

6, 2, 2, 4

Trademarks:

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\messenger_plus_live_uae\tbmes1.dll

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/17/2010 4:00:00 AM

Valid to:

3/30/2013 3:59:59 AM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

Registration

CLSIDs:

{1363A002-6AE8-4C7A-BBAB-A8545AAA1D74}, {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}, {EB5F607E-3E36-470F-9C98-C206882974BD}

ProgID:

Toolbar.CT2431245

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/7/2010 2:14:57 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:l8WCHyBr5QcbaVFiLFLlB4XsFC1AUUWY5cbDD:lNCY8SfB4sFC1AUdhb

Entry address:

0x7BC0

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 34, 5F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 5D, E9, 4F, 03, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, EA, FF, FF, FF, 6A, 0C, 68, C0, D7, 01, 10, E8, 27, 53, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 5C, 35, 02, 10, 77, 22, 6A, 04, E8, 06, 62, 00, 00, 59, 83, 65, FC, 00, 56, E8, 0D, 6A, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 33, 53, 00, 00, C3, 6A... 
[+]

Entropy:

7.9788 (probably packed)

Code size:

100 KB (102,400 bytes)

Internet Explorer BHO

CLSID:

{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

CLSID name:

softonic-de3 Toolbar

The file tbmes1.dll has been discovered within the following programs.

DVDVideoSoftTB Toolbar by DVDVideoSoft Ltd.

The DVDVideoSoftTB Toolbar for Intenet Explorer and Firefox is a Conduit OurToolbar Community smartbar.

DVDVideoSoftTB.OurToolbar.com

71% remove it

Free TV Bar c3 Toolbar by Conduit Ltd.

Free TV Bar c3 Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox.

FreeTVBarc3.Toolbar.fm

80% remove it

Freecorder Toolbar by Freecorder

Freecorder Toolbar installs various third part ad supported applications during installation including SweetPacks which changes the web browser's home page and search provider as well as the DealCabby Toolbar.

Freecorder.Media-Toolbar.com

69% remove it

FreeOnlineRadioPlayerRecorder Toolbar by Conduit Ltd.

Installs a OurToolbar toolbar in your Web browser that collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

FreeOnlineRadioPlayerRecorder.OurToolbar.com

67% remove it

FreeSoundRecorder Toolbar by Conduit Ltd.

FreeSoundRecorder Toolbar is MyRadio Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

FreeSoundRecorder.MyRadioToolbar.com

68% remove it

MediaStar2 Toolbar by Conduit Ltd.

MediaStar2 Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.

MediaStar2.OurToolbar.com

68% remove it

mundotool Toolbar by Conduit Ltd.

mundotool Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.

mundotool.OurToolbar.com

83% remove it

myBabylon English Toolbar by Conduit Ltd.

myBabylon English Toolbar is a 'Community Toolbar' from Conduit, which integrates with major web browsers including Google Chrome, Firefox and Internet Explorer.

myBabylonEnglish.OurToolbar.com

78% remove it

NCH Toolbar by Conduit Ltd.

NCH Toolbar is a Community Toolbar by Conduit that runs in IE, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

NCH.OurToolbar.com

62% remove it

Soft-Search Toolbar by Conduit Ltd.

Installs a Conduit powered OurToolbar in Internet Explorer, Chrome and Firefox web browsers. The software collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

softsearchtoolbar.ourtoolbar.com

65% remove it

Latest 20 of 14 programs

The file tbmes1.dll has been seen being distributed by the following URL.

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tbmes1.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.