Spyware unremovable?!

[Androme]

For a long time I've been trying to combat some supposed spyware on my pc. When I load up MSIE, a blue bar pop ups under the address bar, with links to sites and it's in flash or something. You know when you right click the MSIE at the top somewhere a lil menu with "Links, Adress Bar, Standard Buttons & Lock toolbars" appears - well this has some 7/8 letter random and an option selected. I untick it, and Ad-ware Ad-Watch states registry modifcations under Internet Explorer in HKEY Local machine & current user. So I delete all these modifcations and any reference to "Quickbar-search" & "quickbar". I also searched for the random letter combo above and deleted them form my registry.

I've also ran Norton Antivirus and nothing was found. I've ran Spybot Search & Destroy but it comes up with nothing. I know the spyware is still there as I get ad-aware stating "Tracking company" as the data of spyware and its a miner.

You probably wont understand but i need help - thanks!

*** EDIT: Click here to see the spyware thingy in action***

*** EDIT #2: Here's a list of my processes - most I know - some I don't

[W]

No.

[Androme]

how will installing that help me?

[Luckeh!!!!]

Opera is shite sorry,

I use MSIE right now, but If i couldn't, I'd rather use Mozilla Firebird.

Anyway, have you updated all your spyware search programs?

You could manually edit the registry to get rid if it if you can.

[Androme]

***EDIT - I've updated the first post with a screenie of my processes and the blue bar I was talking about

I dunno - I've tried and searched with the values Ad-awatch blocks that the spyware is adding to my Internet Explorer registry settings

I could go through the lengthy process of reinstalling MSIE, but I'm afraid the spyware will continue to do so (and I use a browser that uses MSIE as a backend or something - www.crazybrowser.com) and yet no virus programs pick it up? Spyboy & Ad-aware (Plus version) both are only able to pick up the cookies it creates, and Ad-awatch blocks some registry modifcations but not all and I am constantly having to remove them from the registry but not all are removed

Under Explorer bars are few keys but it doesn't look dodgy and is is binary or whatever form - I'm guessing a solution would be to delete one of these but I am not sure which and my searches on google proved void.

[Luckeh!!!!]

i can't really see anything wrong with the process list, apart from evntsvc.exe, since it is so small, not a system process and "looks" like it is trying to pass as a normal process.

I don't think your spyware would be run as a seperate process though.

[Caesar2]

http://www.answersthatwork.com/Taskl...s/tasklist.htm

Evntsvc.exe is a part of RealOne Player and you don't need it for RealOne Player. I don't know if it solves your problem, but you can give it a try

[Androme]

although it hasn't helped with the problem, that site has seen about 60% of unnecessary starting up stuff from msconfig and loading up - thanks

[Structural Integrity]

There was a place in IE somewhere where you could configure your IE plugins. Dunno where that was, but I'm sure you can find the bugger there.

[SyPh0n]

Quote:

Originally Posted by Structural Integrity

There was a place in IE somewhere where you could configure your IE plugins. Dunno where that was, but I'm sure you can find the bugger there.

Turn off 3rd party browser extensions. The damn thing will still be there, but if you can't see it...

[Structural Integrity]

Found it

Some dude in my class also had it on his project PC. It's called mysearch from www.lop.com

Now, you go to www.lop.com and on the bottom you find a section "HELP". There you find a FAQ and you look for the link that says "How do I uninstall one of your software products?". Download the uninstaller and run it.

This fixed it at the project computer at school. We just did this today and did one reboot afterwards, so we don't know if there are any side-effects to this uninstaller (which wouldn't really surprise me, since lop is a big spammer).

[Androme]

thanks Struct - I'll have a look and see if it helps

[Intrepid00]

I had this once:/ I removed the bar over and over and it kep coming back. Apprently they use trickery through the host file.

[Androme]

my hosts file, which I've looked at, only contains one entry (127.0.0.1)

remember how you got it removed? :|

[TheShadow]

Looks familiar to something I removed from my parents computer. If my memory isn't fooling me completly, it was installed as a browser helper object.

Using a browser helper object editor like http://www.pcmag.com/article2/0,4149,270,00.asp you should be able to identify it and find the dll file it is loaded from and remove it. Remember to close all instances of internet explorer before you try to remove it. And then delete the browser helper object file containing that toolbar.

[meglamaniac]

Another way to view helper objects (and this is where I've found a lot of spyware/adware in the past) is via Internet Options.

For windows xp:
Open Internet Options, either via control panel or through IE.
On the General tab, in the Temporary Internet Files section, click Settings.
In the dialog that comes up, click View Objects.

You now have a folder showing all the browser plugins installed.
Some of them will have useful names, some of them will just have a class ID number.
To find out what they are, right click on one and select Properties, and then see what is under the CodeBase heading.

For example, I have one called {00000161-0000-0010-8000-00AA00389B71}, and under CodeBase it says http://codecs.microsoft.com/codecs/i386/msaudio.cab - so it's an audio codec from microsoft, which shouldn't be a problem.

To remove anything that sounds dodgy, just right click on it and select Remove.


I wouldn't normally say this, but in this case it is perfectly ok to remove anything you're suspicious about. If you go to a website which requires the component you removed, you'll simply be prompted to download it again so you won't do any permanent damage if you remove something valid by accident.

[Androme]

thanks megla - but nothing fishy came up :/

TheShadow - I have to pay for that which is a bum - I'll search for freeware alternatives though - thanks

[TheShadow]

Right, they have changed it since the time I downloaded it :/ Shouldn't be much trouble to find a free one anyway

[Androme]

luckily I did - this page helped me out - thanks Shadow - it looks like the solution I've been needing

http://www.pcflank.com/art36.htm

*EDIT: turns out the only object I have there is one for Adobe Acrobat Reader

thanks for the help though :|

[Leshy]

Quote:

Originally Posted by Luckeh!!!!

Opera is shite sorry

Opera is ace.

I prefer it to the imo a tad disappointing Firebird, which apparently doesn't even have a 'open requested pop-ups only' feature

[King]

Something I live by when taking spyware and adware off my sisters comptuer is Spybot Search and Destroy. You can get it at www.download.com Its like an antivirus for spyware and adware it searches for known adware and spyware on your PC and then gives you the option of wether or not to remove it. It comes in quite handy. Note it does take a while for it to scan. And another plus is you can update it to include new adware and spyware just like norton live update.

[Androme]

I've already got it if you read my first post thoroughly

[nickhall]

Please if you find out how you do get rid of that fking annoying thing please tell me i tried to get it off three pcs with no sucsess

[MeakerSE]

Have you tried spybot search and destroy and ad-aware? Also if it comes to windows not allowing you to delete a file, try deleting it in safe mode. Task manager is important btw, you seemed to have it selected.

[Androme]

again another person not to read what I've put