Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

babylon search virus


  • Please log in to reply
10 replies to this topic

#1 Mommy2four

Mommy2four

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 June 2012 - 03:12 AM

I'm posting this for my sister. She contacted me a few days ago asking how to get firefox back. I wasn't sure what she had done, so I told her to download it again. She did, and it disappeared after she closed it. After noticing a few things that didn't seem "right" to her, she told me something was wrong with her laptop. I told her to download Malwarebytes and sent her the link in an email. She then told me that it wouldn't download. So I told her to run her AVG and she got a virus pop up called Babylon search virus. I need to help her get rid of this, but a google search turned up several different things, so I decided to just come here and ask since you have helped me in the past with other problems. Any suggestions on what to do first?
I hope this is enough information to get started with. I really don't know much more than what I've posted here. I believe the operating system on her laptop is Windows 7.

Thanks in advance
Mommy2four

Edited by Mommy2four, 15 June 2012 - 05:16 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 15 June 2012 - 06:33 AM

Many toolbars, Add-ons, screensavers, and weather monitoring programs come bundled with other software and can be the source of various issues and problems to include Adware. They usually can be removed via Add/Remove Programs or Programs and Features in Vista/Windows 7, so always check there first. Select and remove anything with the name Babylon.

If nothing is listed in Add/Remove or Programs and Features, check Internet Explorer's Manage Add-ons where they can be disabled:
If using Firefox or Google Chrome, please refer to:
Repeat the above steps for any other toolbars/extensions you do not want or don't recognize.


To reset the browser home page if it was changed, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Mommy2four

Mommy2four
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 June 2012 - 01:02 PM

Thank you. I will send this to her and see if she can fix it. I will let you know if this works or not.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 15 June 2012 - 02:32 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Mommy2four

Mommy2four
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 16 June 2012 - 11:20 PM

I went over to my sister's house and got her laptop and brought it home. When I bring up any browser this is what is in the address bar.

http://search.babylon.com/?affID=109935&tt=060612_8_&babsrc=HP_ss&mntrId=06bf2dff00000000000000266cc461d9

Will any of the previous information posted get rid of this? My sister looked at some of them, but came up with nothing. Neither of us are real computer knowledgeable about this stuff, but I guess I know more than she does, which is why I get to fix her mess. :)

I also just opened a tab in firefox and was able to download and setup Malwarebytes. I'm scanning her computer now.

Thanks

update........

I ran Malwarebytes and this is the log from it.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pamela :: ORPHA [administrator]

6/16/2012 9:24:43 PM
mbam-log-2012-06-16 (21-24-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358049
Time elapsed: 55 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Pamela\AppData\Local\Temp\is754907076\IWantThis_IC_V3_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

I had it fix everything, but when I opened firefox, it's still saying the babylon search in the address line as I put above. What should I do next?

Edited by Mommy2four, 17 June 2012 - 12:29 AM.


#6 Mommy2four

Mommy2four
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 17 June 2012 - 01:43 AM

I think I have gotten rid of it. I ran Malwarebytes again and it showed nothing infected. I went back and found a page that I came across with instructions on getting rid of the virus, and followed the directions, and for now anyway, it appears to be gone. When I open firefox it goes to the page I set for the homepage, so I'll see if this stays.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 17 June 2012 - 06:12 AM

Now you should Create a New Restore Point to enable your computer to "roll-back" to a clean working state if you encounter future issues. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Then use Disk Cleanup to remove all but the most recently created Restore Point.

Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Mommy2four

Mommy2four
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 18 June 2012 - 01:52 AM

How far back do I need to go to create a restore point? I'm not sure how long she had this problem, and I know she doesn't know when she got it. I'm guessing it's been a couple of weeks at most.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 18 June 2012 - 07:00 AM

You only go back when restoring to a system restore point. To create a new one, you do so with the current date such as today and give it a name. The "How to" links I provided include screenshots of the step by step instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Mommy2four

Mommy2four
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 20 June 2012 - 03:05 AM

Ah, I see. Thank you. I will read the links.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:40 PM

Posted 20 June 2012 - 07:00 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users