Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Babylon Search Infection?


  • Please log in to reply
12 replies to this topic

#1 JustJohn200

JustJohn200

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 February 2012 - 04:16 PM

I am having a problem with Babylon Search in IE9 on my Windows 7 computer.

I don't remember the exact software I was downloading but I believe I was trying to get drivers for a DVD drive.

After I had downloaded the software and installed it I noticed that my IE9 homepage had changed. I also noticed in the search bar that Babylon Search was present and is not selectable to remove. It's not redirecting me as I have read it does to others.

In my frinzy I believe I uninstalled Babylon from my Programs but can't exactly remember as it's been several days.

I still see signs of Babylon so was hoping someone could look into it with me and see what else may be present.

Thank you in advance for any help!
John

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 01 February 2012 - 04:39 PM

Hello, Download and install Babylon Uninstaller utility to remove Babylon search .
http://support.babylon.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=79
Edit bad link


Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware

Edited by boopme, 01 February 2012 - 06:09 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 February 2012 - 05:50 PM

The link to the Babylon Uninstaller didn't work. Are you able to post a new one please?

I didn't see the uninstaller on the Help page for Babylon.

Thank you!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 01 February 2012 - 06:11 PM

Seem there is no longer a link.. Run the other tools as I look for something else.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 February 2012 - 06:11 PM

I ran TFC and MBAM anyway and here are the results:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dad's :: DADS-PC [administrator]

2/2/2012 6:07:19 PM
mbam-log-2012-02-02 (18-07-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174908
Time elapsed: 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thank you!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 01 February 2012 - 06:27 PM

You're welcome.. here's a good link with removal steps. L@@K Doing these should remove all traces.

If you need to do the second section
Remove Babylon Toolbar and "Search the web (Babylon)" in Internet Explorer: then

DO THIS FIRST********
Backup Your Registry

Backup Your Registry with ERUNT
  • Please download Erunt
  • Run the setup program to install ERUNT on your computer
Click Erunt.exe to backup your registry to the folder of your choice.


How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Edited by boopme, 01 February 2012 - 07:32 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 February 2012 - 06:52 PM

Spyware Doctor said I had no infections and that also it had a conflict with Emsisoft and Kaspersky that I've purchased and installed.

Can I uninstall Spyware Doctor now?

I have also backed up my Registry but what does this mean in your previous reply?

Note: to restore your registry, go to the folder and start ERDNT.exe
Please copy the entire contents of the codebox below into Notepad:

#8 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 February 2012 - 06:55 PM

I seem to have everything uninstalled except for Step 5 for removing from IE9 in the link you provided. The remove button is Greyed out and not selectable. I have disabled it however.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 01 February 2012 - 07:34 PM

Yes uninstall.

I corrected my prior post

I am looking at the other item.

Edited by boopme, 01 February 2012 - 07:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 04 February 2012 - 06:17 PM

Should I just leave babylon search as is since it's disabled?

Also, should I uninstall ERUNT or do you think I have other infections?

Thanks again,

John

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 04 February 2012 - 08:45 PM

Hello, you can leave it.
Babylon Search is a toolbar for Internet Explorer that changes the start page and, like any other toolbar, it tracks your web experience in order to send the theme of the websites you have visited on open servers for targeted advertising.

Again it is up to you. ERUNT is not any spyware. You may remove it.
http://www.larshederer.homepage.t-online.de/erunt/

Your system looks OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 JustJohn200

JustJohn200
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 05 February 2012 - 01:29 PM

I sure would like to get rid of Babylon if possible.

If you have any other suggestions please let me know.

Thank you!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 AM

Posted 05 February 2012 - 06:04 PM

We can get it off but we need to move and start a new Babylon Search topic,

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users