Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whitesmoke nasty rootkit continues to redirect all google searches


  • Please log in to reply
3 replies to this topic

#1 hedgehoglover

hedgehoglover

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 09 October 2011 - 08:51 PM

Hi,

I'm a new member and I have what I think is a rootkit called whitesmoke. It installed itself on my desktop, in my toolbar, and was originally in my program files although I uninstalled it. It's still in my toolbar, however, and continues to redirect every single google search. I have looked through the forums and the general removal guides, even the ones specific to whitesmoke. I have run rkill, TDSSkiller, Malwarebytes and ESET all to no avail. I run a windows 7 platform and I use my computer for work, so I would appreciate any help in removing it!

Thank you so much for your time!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:10 AM

Posted 09 October 2011 - 08:58 PM

Hello, if all those failed then we need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 WhiteSmoke support

WhiteSmoke support

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 12 October 2011 - 07:05 AM

Hello,
As the WhiteSmoke support team, we would first of all like to make it clear that WhiteSmoke is not a Trojan, or Malware, but a legitimate English writing tool and correction software.
The removal of the tool bar should not be as difficult as described but rather a smooth and simple process. We apologize for the hardship and would like to offer our assistance in resolving this.

Here are a few possible steps by order of escalation.
Please try to follow these instructions, and if you are having further difficulties, please feel free to contact us at support@whitesmoke.com for assistance.



Uninstalling toolbar that persists


- First basic try:

Internet Explorer:
1. Go to Start Menu > Settings > Control Panel
2. Click on 'Add/Remove Programs' (or 'Programs and Features' for Windows Vista users), choose 'WhiteSmoke_IE Toolbar', and then click ?Remove?
3. This procedure will only remove the WhiteSmoke toolbar from your computer and you will be able to keep using WhiteSmoke as usual
4. Restart your computer.

Chrome:
1. Click the wrench icon on the browser toolbar.
2. Click Tools.
3. Select Extensions.
Click Uninstall for the extension you'd like to completely remove.


- if the first option doesn’t work:
enter the following link: http://superwin.com/ffreewar.htm
Download the program: 'Add / Remove Pro'
Open 'Add / Remove Pro' and look for 'WhiteSmoke' or 'WhiteSmoke Translator'
Delete WhiteSmoke
Delete all recent history and cookies
Restart your computer.


- if the second option didn't work either you can try the following:
First uninstall the program from the computer by going to control panel, add/remove programs.
Then run file search in the start menu and delete everything that says WhiteSmoke translator.
Then ran malware and delete anything it had found.
Delete all recent history and cookies and the toolbar should be gone.



best regards,
WhiteSmoke Support Team.

Edited by WhiteSmoke support, 12 October 2011 - 08:39 AM.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:10 AM

Posted 12 October 2011 - 12:06 PM

I have to ask why, if after the first two options fail, would one need to run a malware removal tool? At least I assume that's what you mean by "Then ran malware and delete anything it had found". IMHO, using anything but add/remove programs does not exactly epitomize "legitimate [..] software".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users