» tbsea1.dll
Overview
Analysis
File Details
Behaviors (6)
Programs (10)
Downloads (1)

tbsea1.dll

Conduit Toolbar

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar bundle. The module tbsea1.dll by Conduit has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Discover USA Toolbar’. Additionally, the file is typically installed by a number of programs including Free TV Bar c3 Toolbar by Conduit Ltd. and myBabylon_English Toolbar by Babylon Ltd, both potentially unwanted software.

File name:

tbsea1.dll

Publisher:

Conduit Ltd. (signed and verified)

Product:

Conduit Toolbar

Version:

5, 7, 3, 1

MD5:

0210a8ccafcb04413748b6cc8744b452

SHA-1:

b667276229356713c982e464c737c26bd62b328a

SHA-256:

73202cab7c80ef8f7cbc5d6337a5b7f90ae078387cc0f289daca59ec418480c5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:

11/23/2024 8:03:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

SearchPlugin.ConduitSearchBar.BHO.G

14.8.7.22

File size:

2.6 MB (2,735,200 bytes)

Product version:

5, 7, 3, 1

Trademarks:

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\search_usa\tbsea1.dll

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/16/2010 11:00:00 PM

Valid to:

3/29/2013 10:59:59 PM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

Registration

CLSIDs:

{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}, {5B797B07-D768-493A-BE3B-D983002DF67C}

ProgID:

Toolbar.CT2405280

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/31/2010 8:01:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:+lcu+ac2ReKv12DuuCZHSWlP6gezv4c6u0hXd+CyGQMAE95evzVQGGHk09j:m3+a519ggHjCgeD4c6u0h4CyGQMAV

Entry address:

0x14F6F4

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 27, B5, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, AC, A1, 18, 10, 8B, 45, F8, 8B, 4D, FC, 6A, 00, 05, 00, 80, C1, 2A, 68, 80, 96, 98, 00, 81, D1, 21, 4E, 62, FE, 51, 50, E8, 69, F6, FF, FF, 83, FA, 07, 7C, 0E, 7F, 07, 3D, FF, 6F, 40, 93, 76, 05, 83, C8, FF, 8B, D0, 8B, 4D, 08, 85, C9, 74, 05, 89, 01, 89, 51, 04, C9, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 55, 0C... 
[+]

Code size:

1.5 MB (1,606,656 bytes)

3 Internet Explorer BHOs

CLSID:

{48405d3d-2674-4cd8-b1ef-9a719443bd3f}

CLSID name:

Discover USA Toolbar

CLSID:

{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

CLSID name:

Softonic-Eng7 Toolbar

CLSID:

{c1036f99-e666-4aad-a079-5a20ad04e477}

CLSID name:

Language translator Toolbar

Internet Explorer Toolbar

Display name:

Language translator Toolbar

CLSID:

{c1036f99-e666-4aad-a079-5a20ad04e477}

Internet Explorer URL Search Hook

CLSID:

{c1036f99-e666-4aad-a079-5a20ad04e477}

CLSID name:

Language translator Toolbar

Internet Explorer Web Browser

Name:

{C1036F99-E666-4AAD-A079-5A20AD04E477}

The file tbsea1.dll has been discovered within the following programs.

4shared.com Toolbar by 4shared.com

Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

4sharedcom.OurToolbar.com

74% remove it

Babylon-English Toolbar by Babylon Ltd

Babylon-English Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox.

BabylonEnglish.OurToolbar.com

70% remove it

DVDVideoSoftTB Toolbar by DVDVideoSoft Ltd.

The DVDVideoSoftTB Toolbar for Intenet Explorer and Firefox is a Conduit OurToolbar Community smartbar.

DVDVideoSoftTB.OurToolbar.com

71% remove it

edumanwebs Toolbar by Conduit Ltd.

edumanwebs Toolbar is a Conduit powered OurToolbar for Internet Explorer, Chrome and Firefox Web browsers. The toolbar collects and stores information about your web browsing and sends this information to OurToolbar so they can suggest services or provide ads via the toolbar.

edumanwebs.OurToolbar.com

70% remove it

Free TV Bar c3 Toolbar by Conduit Ltd.

Free TV Bar c3 Toolbar is a Conduit toolbar (Community OurToolbar) for Intenet Explorer and Firefox.

FreeTVBarc3.Toolbar.fm

80% remove it

Freecorder Toolbar by Freecorder

Freecorder Toolbar installs various third part ad supported applications during installation including SweetPacks which changes the web browser's home page and search provider as well as the DealCabby Toolbar.

Freecorder.Media-Toolbar.com

69% remove it

MessengerPlusLive France TB Toolbar by Conduit Ltd.

MessengerPlusLive France TB Toolbar is a Conduit powered OurToolbar for Internet Explorer, Chrome and Firefox Web browsers.

MessengerPlusLiveFranceTB.OurToolbar.com

74% remove it

MessengerPlusLive Latin America TB Toolbar by Conduit Ltd.

MessengerPlusLive Latin America TB Toolbar is a 'Community Toolbar' from Conduit, that plugs into the various web browsers such as IE, Chrome and Firefox.

MessengerPlusLiveLatinAmericaTB.OurToolbar.com

81% remove it

myBabylon_English Toolbar by Babylon Ltd

Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

71% remove it

Softonic-Eng7 Toolbar by Softonic International S.L.

Softonic Toolbar is a Conduit powered OurToolbar in within Internet Explorer, Chrome or the Firefox Web browsers.

SoftonicEng7.OurToolbar.com

67% remove it

Latest 20 of 14 programs

The file tbsea1.dll has been seen being distributed by the following URL.

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tbsea1.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.