According to the Internet, when google.com/search redirects to google.com/webhp, it means Search Conduit has hijacked the browser. In my case, this is what happens:
https://www.google.com/search?ie=utf-8&oe=utf-8&rls=org.mozilla:en:official&client=firefox-a&channel=fflb#channel=fflb&q=scrubs&rls=org.mozilla:en:official
redirects to
https://www.google.com/webhp?ie=utf-8&oe=utf-8&rls=org.mozilla:en:official&client=firefox-a&channel=fflb#channel=fflb&q=scrubs&rls=org.mozilla:en:official
however
https://www.google.com/search?q=scrubs
and
https://www.google.com/#q=scrubs
do not.
This doesn't seem to be a big problem really. The first URL is a manually modified URL that got generated when I entered "scrubs" in the address bar. The automatically generated URL did not redirect to a google.com/webhp address. However I would prefer not to have any unsafe redirects being done by browser since I'm not usually careful enough to notice them. I only noticed this one because I was actually playing with the URL. I was playing with it because I noticed something strange: the URL was
https://www.google.com/search?q=google+.com&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en:official&client=firefox-a&channel=fflb#channel=fflb&q=scrubs&rls=org.mozilla:en:official
I deleted the strange q=google+.com&
part, which gave the first URL, and that got redirected. For some reason I can't replicate the generation of the q=google+.com&
part now. But I'm seeing it in my browsing history.
Conduit Search was installed on my computer. I did my best to remove it, including a Malwarebytes Anti-Malware scan. I ran a scan again after noticing this just now, and with the new updates applied it found another registry key categorised PUP.Optional.Softonic.A, which seems to be associated with Conduit according to what I've found on Google. However after telling Malwarebytes Anti-Malware to quarantine that and restarting the computer, nothing changed — the redirect is still on.
My questions:
-
How does the google.com/webhp thing work? My reasoning is that the reason for it being unsafe shouldn't be DNS resolution. If some malware modified how my DNS queries are resolved it wouldn't have to resort to changing the URL, right? So I think it points to something called "webhp" that's really Google-made, and probably less secure than the other Google-made thing called "search" so someone or something can get a chance to eavesdrop or whatever. Am I right? And in general, again, what's the webhp thing? Is it dangerous at all?
-
What was the
google+.com
doing in the automatically generated URL if all I did enter in my query was "scrubs"? Why does removing this part make a redirect possible? -
Finally, how can I put an end to this behavior?
My browser is Firefox 28.0 on Windows 7.
Best Answer
Google.com/webhp is a valid Google website. Just like Google.com/ncr or Google.com/jp it is something that Google uses to help with localization so you get to the correct Google server based on your locale.
You are over thinking the redirects as being harmful. The redirects in themselves are not harmful, the Conduit redirects are though.
Here is how to remove Conduit:
Click on Start button and then click on Control Panel and then click on “Uninstall a Program” or Add/Remove Programs option. You’ll get a list which have listed all the installed programs, now Right click on “Search Protected by Conduit” or “Conduit Engine” and then click on uninstall option.
Open Mozilla Firefox, Click on Tools menu (press “alt” key once to active menu bar) then go to Options, after that a configuration page will be opened, then click on General tab and then look on the very first section named as Startup. Under Startup you will see a HOME PAGE Edit Box, under this edit box you will see www.search.conduit.com, please replace it with www.google.com, then click on apply and close.
Restart Firefox Browser
Open Firefox and then go the Tools menu (Press “F10” key once to active Menu bar) click on Add-ons, you’ll get a page click on extensions from the left side pane. now look on the right side pane you’ll get all the installed add-ons listed on there. Disable or Remove search.conduit.com addon, also disable all the unknown / unwanted add-ons from there.
Open Firefox and then go the Help menu (Press “F10” key once to active Menu bar)
Go to Help menu then click on “Troubleshooting information” Note: you can also open this page in this ways, open Firefox then type this command in the address bar “about:support” (without quote) and then hit enter or OK.
You will get a page “Troubleshooting information” page, here you will get “Reset Firefox” option in the right side of the page.
Press “window key + R” (Flag sign key + R) you will get Run box then type “REGEDIT” into the run box then click on OK. You’ll get a registry editor window. Back up the registry first using File / Export!
In the registry editor, click on Edit menu and then click on find option, you’ll get edit box to search any string into registry editor
Type “search.conduit” into the find box and then click on Find Next.
The search result will highlight the key or value which have contains the Conduit string.
Now delete the Registry Key/Value/Value-Data if any one contains “search.conduit.com” string Note:- Do not delete the complete value data, just delete the search.conduit.com path only
Use F3 key to find Next. and do the last step to all results.
Press “window key + R” (Flag sign key + R) you will get Run box then type “MSCONFIG into the run box then click on OK. You’ll get a msconfig window.
In the msconfig window click on Startup tab, here you’ll get all the start-up entries, so look on the list and then do Un-check the entries which is contains conduit. Also Un-check all the others entries which you found unwanted. then click on OK to apply all the changes.
In the msconfig window click on Services tab, here you’ll get all the startup services list, click on “Hide Windows Services” all the windows related services will be hidden. now it is only display the 3rd party installed services, now look on the list and then do Un-check the service which have contains conduit string. Also Un-check all the unknown / unwanted services. then click on OK to apply all the changes.
>Delete folders from computer