Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VB or Visual Bee Malicious Tool Bar - How to Remove Safely


  • This topic is locked This topic is locked
29 replies to this topic

#16 kate15

kate15

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 03 March 2013 - 09:19 AM

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 06:13:02
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Aksa - AKSA-PC
# Boot Mode : Normal
# Running from : C:\Users\Aksa\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Aksa\AppData\Roaming\Mozilla\Firefox\Profiles\dl4zshy1.default-1361013685036\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://visualbee.claro-search.com/?affID=120124&babsrc=NT_ss&mntrId[...]
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=out[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://visualbee.claro-search.com/?affID=120124&[...]
Deleted : user_pref("extensions.wajam.affiliate_id", "3553");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21085\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21085");
Deleted : user_pref("extensions.wajam.trace_log", "1362309813424 - onFlagInfoReceived - Server mapping version[...]
Deleted : user_pref("extensions.wajam.unique_id", "38724837EE1684E61E09C52101EB6094");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.26");
Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&s_qt=ab&s[...]

*************************

AdwCleaner[S1].txt - [9168 octets] - [03/03/2013 03:44:44]
AdwCleaner[S2].txt - [2043 octets] - [03/03/2013 06:13:02]

########## EOF - C:\AdwCleaner[S2].txt - [2103 octets] ##########
@Boopme



BC AdBot (Login to Remove)

 


#17 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,060 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 03 March 2013 - 09:14 PM

Hi Kate,looks like a removal of it. Please run the Junkware Removal tool and ESET scan I posted in earlier posts in this topic to see if there was anything else.


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#18 kate15

kate15

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 04 March 2013 - 07:18 PM

@Boopme

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Windows 7 Professional x64
Ran by Aksa on Mon 03/04/2013 at 15:35:50.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\buzzsocialpointschecker"



~~~ FireFox

Successfully deleted the following from C:\Users\Aksa\AppData\Roaming\mozilla\firefox\profiles\dl4zshy1.default-1361013685036\prefs.js

user_pref("extensions.crossrider.bic", "13d2ffe28bea0628eeb85fbf95d15a59");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/04/2013 at 16:09:25.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



est=

C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\gtEIPlug.dll    Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\gtEZSETP.dll    a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISb.dll    Win32/Toolbar.MyWebSearch application
C:\Users\Aksa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RV9MM20O\stubinst_pkg_en-us[1].cab    Win32/OpenCandy application
C:\Users\Aksa\AppData\Local\Temp\VisualBeeTB.exe    a variant of Win32/Toolbar.Babylon.A application
C:\Users\Aksa\AppData\LocalLow\GamingWonderlandEI\Installr\Cache\0002DBEC.exe    a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Aksa\Downloads\RazorGamer(1).exe    a variant of Win32/Adware.LIImpact.A application
C:\Users\Aksa\Downloads\RazorGamer.exe    a variant of Win32/Adware.LIImpact.A application



#19 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,060 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 04 March 2013 - 09:10 PM

Excellent.. run a quick MBAM scan and tell if there are any issues.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#20 whymewhy

whymewhy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 March 2013 - 09:20 AM

Don't know how VB got on my computer. Not very computer techy. I think it was from trying to download a book. Ran AdwCleaner. Seemed to get rid of it but when I opened Chrome, Google started telling me do you want to enable this extension, that extension, til it popped up with a VB extension. I said no. Running Eset now - hope it works. 

 

From Adwcleaner-

 

 

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 08:49:25
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : uniqueweasel - UNIQUEWEASEL-PC
# Boot Mode : Normal
# Running from : C:\Users\uniqueweasel\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BrowserProtect
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : \END
File Deleted : C:\Users\uniqueweasel\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\uniqueweasel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Savings Vault
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\uniqueweasel\AppData\Local\DownTango
Folder Deleted : C:\Users\uniqueweasel\AppData\Local\Savings Vault
Folder Deleted : C:\Users\uniqueweasel\AppData\Roaming\Babylon
Folder Deleted : C:\Users\uniqueweasel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Vault
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\f0dd8be13fef45
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0023986.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0023986.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0023986.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0023986.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244394486}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211391186}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211391186}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222392286}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550255395586}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660266396686}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\f0dd8be13fef45
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211391186}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211391186}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211391186}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Savings Vault
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255395586}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266396686}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.152
 
File : C:\Users\uniqueweasel\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.44] : icon_url = "hxxp://www.claro-search.com/favicon.ico",
Deleted [l.47] : keyword = "claro-search.com",
Deleted [l.50] : search_url = "hxxp://visualbee.claro-search.com/?q={searchTerms}&affID=120124&babsrc=SP_ss&mn[...]
Deleted [l.2093] : homepage = "hxxp://visualbee.claro-search.com/?affID=120124&babsrc=HP_ss&mntrId=d63be33400000000[...]
Deleted [l.2330] : urls_to_restore_on_startup = [ "hxxp://visualbee.claro-search.com/?affID=120124&babsrc=HP_ss&[...]
 
*************************
 
AdwCleaner[S1].txt - [4385 octets] - [05/03/2013 08:49:25]
 
########## EOF - C:\AdwCleaner[S1].txt - [4445 octets] ##########


#21 whymewhy

whymewhy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 March 2013 - 12:12 PM

just finished eset. this is the report.

 

 

C:\Users\All Users\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx    Win32/bProtector.E application    
C:\Users\All Users\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe    a variant of Win32/bProtector.A application    
C:\Users\All Users\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe    a variant of Win32/bProtector.A application    
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx    Win32/bProtector.E application    deleted - quarantined
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe    a variant of Win32/bProtector.A application    cleaned by deleting - quarantined
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe    a variant of Win32/bProtector.A application    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MXWR1P1\pack[1].7z    multiple threats    deleted - quarantined
C:\Users\uniqueweasel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJZRMAND\VisualBeeTB[1].exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKHSY65X\SavingsVault-us-ppi[1].exe    multiple threats    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Temp\cheF48B.tmp    Win32/bProtector.E application    deleted - quarantined
C:\Users\uniqueweasel\AppData\Local\Temp\SavingsVault-us-ppi.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Temp\VisualBeeTB.exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Temp\281E7D80-BAB0-7891-A943-A46D5269814E\Latest\MyBabylonTB.exe    Win32/Toolbar.Funmoods application    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Temp\2D3BA3CC-BAB0-7891-813D-80CFAAD11BF1\Latest\MyBabylonTB.exe    Win32/Toolbar.Funmoods application    cleaned by deleting - quarantined
C:\Users\uniqueweasel\AppData\Local\Updater23986\Updater23986.exe    a variant of Win32/Toolbar.CrossRider.C application    cleaned by deleting - quarantined
 
I also chose the option from eset to delete quarantined files. hope this was the correct decision. again really know nothing about computers. 


#22 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,060 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 05 March 2013 - 01:18 PM

That was correct.

 

Lets get any junk in the TEMP folder.

Please download TFC[/b] (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • [b]Important!
  • If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

 

 

Run Malwarebytes from the psot above and see how it is..


How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#23 whymewhy

whymewhy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 March 2013 - 03:13 PM

ran tfc and malwarebytes. far as i can tell looks clean. yay!

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.05.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
uniqueweasel :: UNIQUEWEASEL-PC [administrator]
 
Protection: Enabled
 
3/5/2013 2:39:15 PM
mbam-log-2013-03-05 (14-39-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203249
Time elapsed: 3 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
any tips for protection? I have avast antivirus and now malwarebytes. Is this enough to protect my computer? Sorry if this is in the wrong post. Thanks for the help!


#24 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,060 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:58 AM

Posted 05 March 2013 - 09:33 PM

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to StartBtn.gif > Programs > Accessories > System Tools and click "System Restore".

  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

  • Then use Disk Cleanup to remove all but the most recently created Restore Point.

  • Go to StartBtn.gif > Run... and type: Cleanmgr

  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.

  • Click the "More Options" tab, then click the "Clean up" button under System Restore.

  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"

  • Click Yes, then click Ok.

  • Click Yes again when prompted with "Are you sure you want to perform these actions?"

  • Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links:

 

 

Those are good tools.. I would run ADWCleaner and ESET every month or two also.

Take a look thru these pinned topics

http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

 

Answers to common security questions - Best Practices

How Malware Spreads - How did I get infected

How did I get infected?

 

If you need to ask more,please do.


Edited by boopme, 05 March 2013 - 09:36 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#25 PyraVox

PyraVox

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 18 March 2013 - 04:35 PM

Thanks you so much! just saved my life lol. i had downloaded this nasty virus and had no idea how to remove it. tried so many things, not even McAfee could find it. this AdwCleaner.exe worked fast and effective. ill have to remember that if something like this ever happens again. your a life saver man! thanks again! 



#26 davyjones

davyjones

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 18 March 2013 - 05:06 PM

My computer was infected with VisualBee a couple days ago.  I spent lots of time learning what it was and how to remove it... but every website i looked at had different instructions for manual removal, and different anti-malware download suggestions.  Eventually i just reset my Firefox and Explorer settings, and uninstalled VisualBee and Conduit from my Control Panel (then restarted).  I wasn't expecting this to solve the problem because lots of other people said they tried that but VisualBee kept coming back to their browsers, or the Contol Panel would crash when attempting to uninstall.  For me it seemed to work and my browsers are behaving normally (but maybe a little slower than usual?).  I'm wondering if VisualBee could still be hiding in my system somewhere and if further action is needed to COMPLETELY remove it.

 

i'm running Windows 7 Home Premium 64bit

 

Any help is much appreciated!!



#27 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:58 AM

Posted 18 March 2013 - 05:33 PM

davyjones

 

Create a new topic

 

Thanks


Edited by narenxp, 18 March 2013 - 05:34 PM.


#28 davyjones

davyjones

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 18 March 2013 - 11:57 PM

Can do, narenxp, but I'm just curious as to why.  This seems like an active thread on the subject I'm inquiring about.  I'm new to this site so if you could explain the reason hopefully I'll avoid a mistake in the future.

 

thanks!



#29 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:58 AM

Posted 19 March 2013 - 09:24 AM

Sorry but we deal with each user in a specific topic.Just think of all the users posting their logs in a single topic ? Just to avoid confusion we are asking them to create a new topic.Each user may have different type of infections(other than the toolbar) which requires different fixes.Running unwanted fixes is going to screw up your PC.



#30 hamluis

hamluis

    Moderator


  • Moderator
  • 43,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:58 AM

Posted 19 March 2013 - 09:34 AM

Closed per request.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users