How do I get rid of this?

bothered

After a load of messing with NTL and my PC I keep getting this blue toolbar. In view there is a tick with nothing next to it, If I uncheck it the toolbar goes away but on the next page it comes back. I have tried unlocking and locking the toolbars but I can't get rid of it, And I want to. Tell me guys.

bothered.

primesuspect

you have bad caca spyware. :shakehead

Get Spybot Search and Destroy and kill everything

Templar

Spyware's a bitch

bothered

Cheers Prime, Got spybot and killed everything, There were hundreds! errm, but the blue toolbar is still here.
Any suggestions?

bothered.

t1rhino

Did you install an NTL version of IE? I remember my cable ISP wanted me to install their version of IE. I said no.

primesuspect

Spybot search and destroy has got to be able to kill that thing. Run it again, run it twice, run it at boot time!

Go to IE Tools-->options-->programs-->reset web settings

Look in your add/remove programs list. Anything new or weird looking in there?

Go to Regedit.

Go to this hive:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

what's in there? Anything weird looking?

Also check this hive:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Nixxer

Wow, Prime has a passion to get rid of this thing. Its like he was abused by spyware at a young age

bothered

I did run spybot twice and at boot, It now says there's nothing in. I have reset IE and can't see anything suspicious in the reg, However in add\remove there is -pop down for internet explorer- I've no idea what that is or where it came from, Is it safe to remove it?
The unnamed tick in view had a name yesterday, I wrote it down, it was called -ifdwcrtrivs- Means nothing to me?
Thanks for the help.

bothered.

primesuspect

YES Remove that Pop Down for Internet Explorer.

Tell me what's in those registry hives. OH OH, and did you make sure to Search For Updates on spybot just to make sure you have the latest Spyware definitions? They call them Includes I believe...

Nix: Yes, I'm on a mission - I cannot STAND spyware/adware/malware. Those ****ing ****tards who write this ass****ing **** need to eat my ****!

Dexter

I'm with you on that, Prime. Only this morning I sent an e-mail off to my 70 yr old mother in law. She knows she has a geek for a son in law, so she has the good sense to ask me before she installs things on her computer. A friend of hers sent an e-mail with a banner on the bottom for....can you guess...? "Upgrade Outlook Express With Icons!!" AKA Hotbar for e-mail. I snet her a lovely, detailed e-mail back, complete with links to Ad-Aware. In closing, I told her that spyware writers are among the scum of the earth in my books.

I would have used much stronger language but my MIL is a very devoutly Christian woman with old fashioned values....

But here I can say it:

SPYWARE WRITES SUCK THE ALGAE-SCUM FROM THE FISH-CRAP AT THE BOTTOM OF THE WORLD'S CESSPOOLS!!!

:mad2: :mad2: :mad2:

Ok, I feel better now.....


Dexter...

pseudonym

If that stuff isn't working, try Lavasoft Ad-Aware, I've always had good success with that.

BlackHawk

Never clicking yes on the install prompts that you don't know also works

Dexter

Black Hawk said
Never clicking yes on the install prompts that you don't know also works

Actually, clicking NO on Hotbar is ignored, it tries to install anyways, as detailed here. You actually have to click NO, and then click CANCEL to abort the download. If you happen to have your "Always Ask..." checkbox on the File Downloads dialog un-checked, then clicking NO at first is not going to save you from Hotbar Hell.

Dexter...

Tex

bothered said
I did run spybot twice and at boot, It now says there's nothing in. I have reset IE and can't see anything suspicious in the reg, However in add\remove there is -pop down for internet explorer- I've no idea what that is or where it came from, Is it safe to remove it?
The unnamed tick in view had a name yesterday, I wrote it down, it was called -ifdwcrtrivs- Means nothing to me?
Thanks for the help.

bothered.

Is this gone now? If not email me and I can help ya. You will probably have to use rgistry crawler or reg cleaner or another prog to edit registry entries AND check some html files in the windows folder as each time you hit them they are running code that reinstalls it. Some of these things are a bitch to get rid of. Some are not to bad. make sure you have all the MS updates and patchs before even starting. Also search for files ending in .reg as they are used to edit your registry for ya.
tex

Templar

You could always start using Opera It's been about a month since I've had any spyware on my machine.

TheBaron

i use firebird, i also dont have any of those problems. anything but IE

bothered

Uninstalled the pop down, Checked for updates for spybot, Ran it, It found 5 which I got rid of, Restart. It's still there. It's 5:15am (so I don't have much time) but when I get back from work I'll post what is in the reg. I'm begining to see why people hate spyware, It doesn't want to go does it?
Thanks again guys.

bothered.

primesuspect

ARRRRGHHH! WTF could it be? This is driving me nuts almost as much as it's driving you nuts!

Red-Dawn

spyware beware, primesuspect is on the case

i had a similar toolbar about 3 weeks ago but spybot got rid of it in 1 clean merciless sweep. only thing i can think of is that its gettin installed on boot but even thats a long shot

primesuspect

I gotta see that registry hive, and I'd also like to see the contents of your add/remove programs screen, and your startup items folder, and... and.....

How much is plane ticket to the UK?

Red-Dawn

prime - $548.49 for a 5day trip flyin us airways outta detroit 25/9/03 and landin in gatwick.


u asked

primesuspect

Hahah I don't think it's worth $550 for Bothered to get rid of the spyware... Unless he's completely eccentric, filthy rich, and just plain potty.

Well, we can probably rule out the filthy rich part, eh?

Tex

There are new ones every day that spybot doesnt catch yet. It looks for specific known items. I spent two days cleaning crap out of my three home computers manualy before vacation. It gets to be an obsession. It kept changing the search pages and home pages. They can download a html onto your system and every time you click it then it makes changes to the registry and stuff. It can be stuff in the registry that have rundll's on them at bootup. This is addressed with some of the vbscript updates and stuff from microsoft and thats why I said to be sure you have ALL the security patchs to both windows xp and explorer in place. It does not fix stuff that already is in place but blocks future hacking.

They have gotten so much more crappy to get rid of. I used registry crawler to search for tasks that were running and searched the web using google to find what they were. Look also for "search" or toolbar with reg crawler. I had to use Reg cleaner looking at software installed I didn't recognize. Go search for files ending in .reg on your system. If you click one them they are associated by file type with regedit and it loads them into your registry automaticaly. Go EDIT not click on search.html in windows/system32 dire3ctory I think it is. They change it to jack with ya. These sobs are so much harder to get rid of anymore and some of the worst ones are coming in thru the porn links anymore. I actually edited soem of the default file associations in folder options to limit stuff further. Watch in task manager when you first boot and watch for regedit running. If you see it you know you got probs. Doe sit seem to boot slow or be sluggish? Watch task manager. Search the system for regedit also. I found a RegEdit.exe also that was three times the size of the regedit.exe files. I deleted its butt too.

May I suggest a software package called "grrrrrr" that pops up and tells ya everytime someone trys to modify the registry and makes you confirm the changes. So far I have had no more infections since loading it. But you have to get the registry clean at least for a moment before it starts or it doesn't help ya.

So in his case we have to at least momentarily get the taskbar gone is what I am saying. Even if tasks try and run on reboot etc... once its clean and grrrrrr is loaded the registry is protected.

The only real way to protect against attacks is to use software like this that actively guards changes to the registry.
Tex

Straight_Man

Um, corrupt menu entry. That started corrupt with junk text. Possibly from a corrupt Alexa or Google toolbar download. Take the corrupt name and Start|Run regedt32 and search fro that name and value search. If the whole key is junk you can kill the key, but I would kill any instance of the value that matches the junk name only, reboot, and see if it was a corrupt IE or if entry is gone. It is an optional menu entry that is sour and could have been stuck there by now unknown malware that is missing as the spyware stuff does not play with menu entries in IE typically.

If IE had it as part of a stock menu and it could not find what it referred to it probably would just give the "I must close now" BSOD equivalent for IE internal errors.

Kwitko

I'd see if Ad-Aware can remove it too. Also, to make sure those baddies don't come back, install SpywareBlaster, which works by adding a kill bit to any spyware/malware/adware entry before it even gets installed on your PC.

Run msconfig and see if the offending item shows up in the list of startup progs.

Dexter

POP-down for Internet Explorer is supposed to be a Pop Up Killer:

http://home.rochester.rr.com/artcfox/Pop-Down/,

So that may not be the problem file.

Dexter...

bothered

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run

bothered

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre
ntVersion\Run

primesuspect

Ah HA!

Remove the following from Local Machine hive:

UpdReg

There are some others in there that I would get rid of for performance' sake, but for now, that's the crappy one.

Tex

Does that prevent all registry updates prime? As you constantly have things you want to updates. Software installs all update the registry also.

Tex

kanezfan

can i suggest one thing, did you also check in add/remove programs? i mean after all it may not be spyware (even though it looks suspiciously so doesn't it?) and there may be an uninstall program for it. any program that doesn't install itself legitemately is crapware to me, but perhaps this one is so new that spyware and ad-aware aren't capaple of removing it yet are they? finally, after being in the UK for three days, will one of you brits explain o me what is this obsession you have with asking questions at the end of sentences?