Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Toolbar 7.1


  • Please log in to reply
2 replies to this topic

#1 antisecuritygirl

antisecuritygirl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 15 November 2007 - 09:12 PM

I had the Security Toolbar 7.1 virus. I battled it for a week, searching the web for ANY answers. Found one that worked, tried to find it again to thank them, so I felt that this information needed to be shared. I feel so strongly about it that I am going to put my email address here for anyone to email me if they would like to make sure I am a real person and not another trick. I KNOW how frustrating this can be. I WILL NOT RESPOND TO EMAILS ASKING FOR MORE TIPS/TRICKS ON HOW TO RID YOUR COMPUTER OF THIS. I followed these steps and my computer is working and I want to share this information with as many people as possible. I would, however, understand if you wanted to make sure I am real - antisecuritytoolbargirl@gmail.com

Anyone looking to remove Security Toolbar 7.1 should know that I used a metric %&@#-ton of other programs first, I can't guarantee that this will work for you, but it DID work for me. Until I ran SUPERantispyware all other programs would find anywhere from 150-800 suspicious files EVERY time I ran their scans, never getting a clean scan. Now I get nothing.

This is THE WORST virus/malware/spyware infestation I have ever seen, and it happened QUICKLY. I scoured the web and found a lot of suggestions that just didn't work, and a LOT of (what I believe to be) fake people lying and saying "I used xxxx(random spyware program) and it was free and it fixed my computer!" then I would DOWNLOAD it and it would either be another piece of malware OR it would be free to SCAN but not CLEAN your computer.

WARNING!!!!! If you don't know what you are doing(and most people don't) THEN YOU SHOULDN'T DELETE HIJACKTHIS! ENTRIES. Do a search for a forum to post your reports in and there are a lot of awesome people willing to help you sort through it. Same goes for your registry.

Step 1) Going into Start->Control Panel->Internet Options->Programs->Manage Ad-ons and disabling The Security Toolbar 7.1 and any other sketchy items that may be there.

(My own Optional)Step 2) TURN OF WINDOWS RESTORE so that it deletes your restore point, BECAUSE IT WOULD SUCK TO RESTORE YOUR COMPUTER TO AN INFECTED STATE.

Step 3)SUPERantispyware (http://superantispyware.com/) - I LOVE them and cannot thank them enough for this amazing program that too me WAY to long to discover and will never leave my personal arsenal of AV programs.

Step 3)Hijackthis report and cleanup. (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis) Then uploaded the report to a forum for consultation from knowledgable Geeks willing to help us lesser mortals.

(My own Optional) step 5)Re-ran some of my other fave AV/AS programs like Ad-aware and Avast and Search And Destroy - I did this because I felt like other virus/spy/malware/s may have gotten in while my computer was not in peak performance. They each found one or two things hanging around. Then I would re-scan my main drive a second time with each program to make sure the bastards weren't duplicating like Mogwai in a swimming pool.

(My own optional) step 6)Ran about 4 free registry cleaning programs found on www.download.com. BE CAREFUL CLEANING YOUR REGISTRY YOU CAN FORCE YOURSELF INTO AN O/S REINSTALL IF YOU AREN'T CAREFUL WHAT YOU DELETE!

(My own optional) step 7)Since everything was working better than it has in a LONG time I created a new restore point by turning it back on.

I sincerely hope this works for you.
I wish I could find the person I got steps 1-3 from because I love them and send many zen-hugs their way.
I am going to go and post this all over the internet tonight(11/15/2007), anyone who is helped by this information, I URGE you to pass it on to any others in need. If you do PLEASE copy and paste this entire message (so we don't play a bad game of telephone) Please make sure to leave the keywords at the bottom so that people can find this if they need it!

Good Luck People!

Love -antisecuritytoolbargirl

(these files are all found to be associated with The Security Toolbar 7.1) (incomplete list, this is all that I KNOW of)
Keywords: unable to use safe-made, task manager closes, security toolbar 7.1, homepage changed, IE pop-ups while using firefox, www.pcontech.com, Trojan.Zlob., ZLOB, Video ActiveX Access, Security Troubleshooting.lnk, Online Security Guide.lnk, Online Security Test.url, isamonitor.exe, pmmon.exe, pmsngr.exe, iesplugin.dll, iesuninst.exe, isaddon.dll, isamini.exe, isamonitor.exe, pmmon.exe, pmsngr.exe, pmuninst.exe, dxovx.dll, vgibz.dll, psndz.dll, cqsfk.dll, wzhtjqo.dll, lrnjnzf.dll, zpuwriz.dll,tkrsw.dll, afzdbl.dll, bgwttyl.dll, dyrwls.dll, ugofuq.dll, gtawclv.dll, vjxwnn.dll, khtbpdl.dll, cfqbw.dll, fdpzgi.dll, gusur.dll, Cyberlog-X infections, Trojan-Spy.win32@mx,

Security Toolbar Registry Entries: (incomplete list, this is all that I KNOW of)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5574E139-F59C-4bee-9A61-150B0D3A16C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}

Edit: Moved topic to the more appropriate forum, so that others may learn from the suggestions. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:14 PM

Posted 15 November 2007 - 09:47 PM

Hello antisecuritygirl, first welcome to Bleeping Computer !
We do appreciate your excellent Post and great information. I see you put a lot of work in.
Second thanks for thinking of everyone else. In the future should you or someone you know need to remove that they can use the instructions provided in this link for these two tools. It makes life easier.
You are 1000% correct on HijackThis and reg cleaning. HJ should only be done with an experts guidance. Such as our HiJackthis Team. One other thing to remember is whenever you use a Registry cleaner ALWAYS mae a backup of the Registry first. Here I would use ERUNT - registry backup tool

http://www.bleepingcomputer.com/forums/ind...ecurity+Toolbar

How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid
SUPERAntiSpyware Free
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:14 PM

Posted 16 November 2007 - 10:56 PM

(My own Optional)Step 2) TURN OF WINDOWS RESTORE so that it deletes your restore point, BECAUSE IT WOULD SUCK TO RESTORE YOUR COMPUTER TO AN INFECTED STATE.

Disabling System Restore as the first (or second) step when attempting to clean or scan for malware is not advisable as you will loose all previously stored restore points. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. Without a restore point to fall back on, you are then stuck with a limited means of restoring your system such as a Repair Install or Reformat. Although System Restore is not 100% guaranteed to work all the time, it at least gives you another option. When the system is clean, then you can create a new Restore Point and purge the old ones to prevent accidental re-infection.

(My own optional) step 6)Ran about 4 free registry cleaning programs

Registry cleaners are extremely powerful applications. There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove an entries required for a program to work. Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on a system.

Edited by quietman7, 16 November 2007 - 10:58 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users