How to remove TBMessagingHost.exe.vir

TBMessagingHost.exe.vir

The module TBMessagingHost.exe.vir has been detected as Adware.Conduit

TBMessagingHost.exe.vir
Remove TBMessagingHost.exe.

File Details

Product Name:

TBMessagingHost
Company Name:

Conduit Ltd.
MD5: 0fb86683779e34a7a9739e11e5cb62a1
Size: 1018 KB
First Published: 2018-03-01 12:05:23 (7 years ago)
Latest Published: 2022-03-20 23:28:09 (3 years ago)
Status: Adware.Conduit (on last analysis)
Analysis Date: 2022-03-20 23:28:09 (3 years ago)

Overview

Signed By: Conduit Ltd.
Status: Invalid (digital signature could be stolen or file could be patched)

Common Places:

%sysdrive%\almisk-pc\backup set 2014-06-15 130421\backup files 2014-07-12 124402\backup files 16.zip\c\users\al misk\appdata\local\nativemessaging\ct3289075
%sysdrive%\homeexthdd_backup\documents and settings\상목\local settings\application data\google\chrome\user data\default\extensions\jncdadckidbebodfjabackoihbjenmok\10.26.7.519_0
%localappdata%\google\chrome\user data\profile 1\extensions\cflheckfmhopnialghigdlggahiomebp\10.26.7.519_0
%temp%\testifexeexist\ct3198777
%sysdrive%\cafrica\j\bobo\backup set 2014-02-09 190005\backup files 2014-02-23 190013\backup files 2.zip\c\users\äöä\appdata\local\google\chrome\user data\default\extensions\kgbcbdejncdpahgapnmkjimfmlipdgdl\10.26.7.519_0
%sysdrive%\cafrica\j\bobo\backup set 2014-02-09 190005\backup files 2014-02-23 190013\backup files 2.zip\c\users\äöä\appdata\local\google\chrome\user data\default\extensions\jfjhiccppafcjicfalobggnophliocpp\10.26.7.519_0
%sysdrive%\cafrica\j\bobo\backup set 2014-02-09 190005\backup files 2014-02-23 190013\backup files 2.zip\c\users\äöä\appdata\local\google\chrome\user data\default\extensions\pielejjfbdmjdfiimgiljjpmlpalgoeg\10.26.7.519_0
%sysdrive%\adwcleaner\quarantine\c\users\luciano\appdata\local\google\chrome\user data\default\extensions\blmbcjbinolkjkcbmalfhildaohcciih\10.26.7.519_0
%sysdrive%\anoop-pc\backup set 2019-05-26 195505\backup files 2019-05-26 195505\backup files 20.zip\c\users\anoop\appdata\local\nativemessaging\ct3205709
%localappdata%\google\chrome\user data\profile 1\extensions\cflheckfmhopnialghigdlggahiomebp\10.26.7.19_0

File Names:

TBMessagingHost.exe
TBMessagingHost.exe.vir

Geography:

37.5%
18.8%
12.5%
12.5%
6.3%
6.3%
6.3%

OS Version:

Windows 10 68.8%
Windows 7 25.0%
Windows 8 6.3%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000468f8

PE Sections:

Name Size of data MD5
.text 724992 3dff3ab841e7eddfebb5863226231be4
.rdata 158208 2eecca1e063deeb3a77058a6dd9b5dca
.data 48640 ac1d8d49c7f7b2851f365859b593f4a3
.rsrc 1536 399ce652b35df5d96b68d9065f4e90e3
.reloc 102400 7ed78be7d74076bfbddde74349b3963c

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for TBMessagingHost.exe.vir
copyright for information about TBMessagingHost.exe.vir