Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

certified tool-bar


  • Please log in to reply
9 replies to this topic

#1 jimvt

jimvt

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:10:58 AM

Posted 14 November 2012 - 03:10 PM

How do I completely remove this annoyance.

I've deleted every registry reference I could find..but...it's BAAACK.

TIA

*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 14 November 2012 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 Nanobyte

Nanobyte

  • Members
  • 431 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 14 November 2012 - 04:11 PM

This should probably be in the Security forums. You need to explain what you have done already. The best removal guide I found is this.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 14 November 2012 - 04:46 PM

Hello
Did you look in manage Add Ons to see if you can remove it there?

click on Tools and go to Manage Add-ons


Have you tried doing a System restore to a date before you added this?
Windows XP System Restore Guide


Or run
Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.


ADW Cleaner



Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:10:58 AM

Posted 15 November 2012 - 10:14 AM

Hello, Boopme...hope things are picking up in Jersey!

Strange thing. I did all the fixes and now I can't get on the net with Firefox!
And using Windows Exp. I keep getting requests to put a cookie on my system!

"The address isn't valid
The URL is not valid and cannot be loaded.
Web addresses are usually written like
http://www.example.com/
Make sure that you're using forward slashes (i.e."

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 15 November 2012 - 11:03 AM

As I don't know what exactly was removed earlier and by the tools. I'd say reinstall Firefox and allow the IE cookie and see.

Edited by boopme, 15 November 2012 - 11:04 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:10:58 AM

Posted 16 November 2012 - 08:25 PM

yes..apparently i can post here

#7 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:10:58 AM

Posted 16 November 2012 - 08:30 PM

and here

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 16 November 2012 - 09:25 PM

OK,we are preet good here in NJ now,thanks.

Lets do post 2 above and add this.
Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jimvt

jimvt
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vermont
  • Local time:10:58 AM

Posted 17 November 2012 - 02:34 PM

OK...after a day and a half I think we got that stinker.

I followed the #2 post suggestions and downloaded both Kaspersky and Malaware.

The former needed 6 hours so I used the free Mal w/ the Pro option.

It found this:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-0FR56AFNTH [administrator]

Protection: Disabled

11/17/2012 12:04:50 PM
mbam-log-2012-11-17 (14-06-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287132
Time elapsed: 1 hour(s), 48 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com/) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://search.certified-toolbar.com?si=41460&home=true&tid=592) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=) Good: (http://www.google.com/) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I deleted the reg. data and I've got Firefox back as my preferred browser.

Thanks all for the help!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 17 November 2012 - 08:14 PM

You're welcome..
Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users