Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove Surfsidekick Help!


  • Please log in to reply
4 replies to this topic

#1 Pennycook

Pennycook

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 November 2005 - 11:20 PM

I know other people have had this same problem - how to delete an insidious piece of spyware called surfsidekick. I have followed the directions in the Self-Help Article. My problem is I can't delete the folder SurfSidekick_3, nor the file ssk.exe in that folder because I am told it is running! and please end the application using that file first. SSK.exe does not show that it is running in Task Manager, and I tried ending everything I could. I also tried to delete this file out of safe mode. I have spent hours on this. Can anyone help??

Edited by Pennycook, 22 November 2005 - 11:35 PM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:24 AM

Posted 22 November 2005 - 11:40 PM

Delete it while in Safe Mode.
How to start Windows in Safe Mode
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Nicky

Nicky

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 23 November 2005 - 04:34 AM

Delete it while in Safe Mode.
How to start Windows in Safe Mode


If that doesn't work delete is manually from the registry. (I advise you to back up the registry first)
Then

1. Click Start -> Run.

2. Type regedit

Then click OK.

3. Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Current Version\Run

4. In the right pane, delete the values:

"SurfSideKick" = "%Program Files%\SurfSideKick\Ssk.exe"
"SurfSideKick 3" = "%Program Files%\SurfSideKick 3\Ssk.exe"

5. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

6. In the right pane, delete the values:

"SurfSideKick" = "%Program Files%\SurfSideKick\Ssk.exe"
"SurfSideKick 3" = "%Program Files%\SurfSideKick 3\Ssk.exe"

7. Delete the values:

{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

from the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks

8. Delete the values:

{000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}

from the registry key

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

9. Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks

10. In the right pane, right click and select New String Value. Set the name of this value to:

{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

and leave the Value Data field blank.

11. Navigate to and delete the following keys:

HKEY_CLASSES_ROOT\CLSID\{000AB0005-FF12-42C2-8DF5-39E12E5F9C91}
HKEY_CLASSES_ROOT\CLSID\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}
HKEY_CLASSES_ROOT\CLSID\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Sidekick
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Sidekick_is1
HKEY_CURRENT_USER\Software\SurfSideKick2
HKEY_CURRENT_USER\Software\SurfSideKick3
HKEY_LOCAL_MACHINE\SOFTWARE\SurfSideKick3

12. Exit the Registry Editor.

Hope this works

#4 Pennycook

Pennycook
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 24 November 2005 - 12:58 AM

tg1911 - I did try delete in Safe Mode - Surfsidekick is too clever - won't let you.
Nicky - thanks a million for these REGEDIT instructions. After I posted this I found what was ALMOST the answer in a great article here:
http://www.urgrgcc.edu/Departments/CampTec...=article&sid=19
Rio Grande.
I used the method of Searching for "Surfsidekick" in the Registry, and deleting every instance of it. Then I ran Spyware Scan and Virus Scan. This seemed to work, except dang - it showed up again via the Trend Micro wanring that a Virus was trying to infect a file. I definitely cut down on how often the spyware was operating. Then I decided maybe it was the infected files causing it. So now I will take your instructions, which give me specific locations in Registry to look for, and make sure I have deleted them all.

This PC belongs to a friend, and I won't be able to do the next set of RegEdits until next week.

Thank you so much for your help. This is the sneakiest spyware I have ever run into - apparently it gets in when you accept the license agreement for a software called: BestOffers. The reason it is so hard to get rid of is:
The SurfsideKick files can not be deleted manually in regular windows or in safe mode windows as they are protected by a running process which can not be shut down through the TASK MANAGER.. on 2000-XP windows systems.

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:08:24 AM

Posted 24 November 2005 - 09:14 AM

If you can't get rid of it, I suggest you post a HijackThis log for examination.
Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users