We received the file TBMESSAGINGHOST.EXE and detected that TBMESSAGINGHOST.EXE is not good.
TBMESSAGINGHOST.EXE is Adware. You should remove the file TBMESSAGINGHOST.EXE.
Kill the process TBMESSAGINGHOST.EXE and remove TBMESSAGINGHOST.EXE from Windows.
Malware Analysis of TBMESSAGINGHOST.EXE
Full path on a computer: %Temp%\NativeMessaging\CT3196716\nativeMessaging\TBMessagingHost.exe
Detected by UnHackMe:
TBMESSAGINGHOST.EXE
Default location: %Temp%\NativeMessaging\CT3196716\nativeMessaging\TBMessagingHost.exe
Removal Results: Success
Number of reboot: 1
TBMESSAGINGHOST.EXE is known as:
Adware.Conduit (fs)
TBMESSAGINGHOST.EXE hash:
- MD5: 8dbcc2812a15a5cf3b86faf02ea0f10e
The file tries to download information from some web sites.
How to quickly detect TBMESSAGINGHOST.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome”
Folders:- %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\{da7a20cf-bef4-4342-ad78-0240fdf87055}
- %Appdata%\PriceGong
- %Local Appdata%\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
- %Local Appdata%\Conduit
- %Local Appdata%\CRE
- %Local Appdata%\NativeMessaging
- %Local Appdata%\WiseConvert
- %Common Appdata%\Conduit
- %Program Files%\Conduit
- %Program Files%\WiseConvert
Files:- %Temp%\CT3297951\xpi\defaults\preferences\defaults.js
- %Temp%\CT3297951\xpi\install.rdf
- %Temp%\NativeMessaging\CT3196716\nativeMessaging\nmHostConfig.json
- %Temp%\NativeMessaging\CT3196716\nativeMessaging\nmHostManifest.json
- %Temp%\NativeMessaging\CT3196716\nativeMessaging\TBMessagingHost.exe
- %Temp%\NativeMessaging\CT3196716.crx
- %Program Files%\Conduit\Community Alerts\Alert.dll
- %Program Files%\Conduit\CT3196716\plugins\TBVerifier.dll
- %Program Files%\WiseConvert\GottenAppsContextMenu.xml
- %Program Files%\WiseConvert\hk64tbWise.dll
- %Program Files%\WiseConvert\hktbWise.dll
- %Program Files%\WiseConvert\ldrtbWise.dll
- %Program Files%\WiseConvert\OtherAppsContextMenu.xml
- %Program Files%\WiseConvert\prxtbWise.dll
- %Program Files%\WiseConvert\SharedAppsContextMenu.xml
- %Program Files%\WiseConvert\tbWise.dll
- %Program Files%\WiseConvert\toolbar.cfg
- %Program Files%\WiseConvert\ToolbarContextMenu.xml
- %Program Files%\WiseConvert\WiseConvertToolbarHelper.exe