Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Few Left Overs!


  • Please log in to reply
11 replies to this topic

#1 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 17 January 2007 - 02:10 PM

Ok, im slightly stuck here, im a little sad to say.

Ive recently gone through cleaning my system, the usual 6month period, and ive found a few things. I had a word with one of the HJT team and they said the system is clean, but id still like to remove the following regardless.

I have the usual batch of AV and AS products we all use here, and none of them pick these up, but Panda on-line Scan does. Any help appreciated!


Incident Status Location

Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:07 AM

Posted 17 January 2007 - 09:09 PM

The thing about adware is that every company has a different set of criteria to use to search your hard drive. Myway is a case in point, since some companies will consider some of the files adware and others will not.
If you have scanned your hard drive with several key anti-spyware applications (Ad-AwareSE, Sypbot, AVG Anti-spyware, for example), then I would not over worry about what one on-line scan has found.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 18 January 2007 - 05:26 AM

I know that i am clean, so to speak, just would have liked the system to come up clean on all the scanners, like it did before my nephew got his hands on it.

Thanks for the reply though John, at least it is clean, thats the important thing!

Kind regards

Graveangel
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 19 January 2007 - 07:37 PM

Incident Status Location


Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}


Well for these, you could navigate to the specific keys in the registry editor to delete them manually. Be sure to back up the registry first!

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 23 January 2007 - 05:17 AM

Thanks for the suggestion Orange Blossom, i have tried that but the little sods just keep on coming back.

Strange :thumbsup:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 23 January 2007 - 10:32 PM

Hello GraveAngel:

I've just looked through your HJT thread to see what scanners you used and I've got an idea or two.

First try this:

Download SuperAntiSpyware Free from here Note that this is a link to the direct download.

After installation, update the program. Now in the configuration screen click on the scanning control tab. Remove any check marks by the first four items and make sure the rest do have check marks. Close down all the programs and run a complete scan. This program is quite thorough and may be able to root out your problem. I use this program on a regular basis as an on-demand scanner.

Let us know if that takes care of the problem.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 25 January 2007 - 06:39 AM

Thanks Orange Blossom,

I downloaded SAS, (Its not a bad kit actually is it, not sure about the real-time protection and pop up you get upon booting up the system though) and scanned, all came up clean.

The post that Panda is supplying is clearly nothing to be concerned about, but its surprising me that i cant remove it. If anyone has any oher ideas, feel free to drop them in here.

I honestly have to put my hands up and say i dont know!!!!

Thanks again!

:thumbsup:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 26 January 2007 - 01:19 AM

You can keep SUPERAntiSpyware from loading up at boot-up. Real-time protection is available only for the paid version, so you need to disable it. I can give you the specifics later. I'm not at home so I don't have the program available right now.

By chance, have you done a file search for MyWay? Have you checked in your Add/Remove programs for anything related to MyWay?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 26 January 2007 - 01:50 PM

Thanks Orange Blossom.

I thought it could be disabled,just have not had time to look at it yet.

Ive managed to rid myself of those last two entries for Myway and Mywebsearch, went into the registry again,and it looks to have done the trick this time.

(Anyone reading this and new to the registry, if it is a must that you alter the computers registry, always make sure you back it up first)


So its just those first two Panda found:

Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry


I cant find these anywhere in the registry

Anyway, thanks again!
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 26 January 2007 - 03:49 PM

Hello graveangel:

How did you finally get rid of those two entries in the registry?

I've just done some searching for the remaining entries and found some information on the Symantec site. I've pasted in the links to the sites. Each page has three tabs: summary, technical information, and removal. At the bottom of the removal instructions are a list of registry keys that should be deleted to remove the infection. In your case, it looks like a couple left over keys. I would print out the list and see if I had any matches in the registry, backup the registry, and then delete any matching entries. Hope this helps.

http://www.symantec.com/security_response/...-99&tabid=1

http://www.symantec.com/security_response/...-99&tabid=1

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:06:07 AM

Posted 27 January 2007 - 11:09 AM

Thanks for those links Orange Blossom

I managed to find and locate those registry entries in safe mode, only after un-plugging the network cable though.....yeah that confused me slightly, but it worked.

I have since then been able to delete all of those entries, plus one or two others that didnt need to be there, so the scans all turn up completely clean now.

Thanks for your contributions

kindest regards,

Graveangel
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:07 AM

Posted 27 January 2007 - 04:51 PM

I'm glad it all worked out. Now the challenge is keeping your nephew from messing up your system again :flowers: .

Re: SUPERAntiSpyware set-up

On the General and Start-up tab, under Start-up Options on the left, remove the check by Start SUPERAntiSpyware when Windows starts.

On the Real-Time protection tab, remove the check from Enable Real-time protection

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users