3 Adware I cannot remove? Help Please...

Hello,

I seem to have 3 problems on my system that were found with Norton 2004. It finds the following:

1) NULL
2) btiein.dll
3) crt32 v2.dll

When I select delete from Norton it comes back as delete failed? I have Spybot 1.3, Adaware 6.0 and they do not find anything. How do I get rid of these once and for all?

Also it could be related to these, but sometimes my Norton will not load and it seems as if my system is frozen, almost like something is running in the background. I try to open folders or windows and they start to open and then freeze. I am forced to either "end task" or wait a long time before they finally open. Norton will not open and I have to uninstall and the reinstall Norton and then everything seems fine.

Any suggestion or help would be greatly appreciated. Please keep in mind that I am somewhat computer challenged.

Thanks,

Homerj

 

btiein.dll <~ did that come attached to huntbar at one time?

 

Thanks for getting back.

I am not sure if it came from huntbar it is very possible but I do not know for sure. I have delete hundreds of items from my system once I heard about this wedsite.

Do you know if there is a way for me to find out if it came from huntbar?

btw I was able to get rid of crt32 v2.dll

one down and 2 to go.

 

Chaslang I tried what you mentioned below but I still have only been able to remove 1 of the 3. The other two left are btiein.dll and NULL.

Here is all the information I get from Norton:

Detected 2
0 infected files
2 at-risk files

filename: btiein.dll
threat name: adware.websearch
action: adware found
status: at risk

filename: NULL
threat name: adware.websearch
action: adware found
status: at risk

It then recommends that Norton removes it for you automatically. I then click "delete" and it then reponds under "status" column "delete failed".

I tried removing a file called "Search Assistant - My Search" I figured this must be the problem but it does not allow me to remove or delete? It says that I should be looking for "Search Toolbar" but I cannot find it anywhere.

It then says to remove the value "TB_setup"="<path to executable file> /dcheck" from the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
but it is no where to be found?

I hope this info helps. Any help regarding this matter is greatly appreciated.

homerj

 

I did try http://www.kephyr.com/spywarescanne...ein/index.phtml and that did not work.

I have run Norton in safe mode on several occassions and tried removing and locating the problem as well and still no luck.

Should I run hijack this and post the results?

 

The only one left is filename: btiein.dll, all others have been removed.

I have tried your link to enable full scan of adaware but when I click on it, it says that the site is under construction. I would certainly like to know how to do the full scan. Other than that I have tried everything you mentioned in your previous post.

I have read in other threads about VX2 plug in and I am going to try that as well.

I just wanted to say how much I have appreciated your help, suggestions and solutions. This website and message board is excellent and I have strongly recommended this to many people.

Homerj

 

If he's running XP, could it not be reinstalling everytime he reboots threw the "System Restore" thingy? I've had this issue many times in the past, now I know it has to be deleted while "System Restore" is turned off. I'm by no means an expect on this, but I've been threw the whole RASSIN@&$(*FRASSIN thing myself.

Just a thought.

 

I apologize for not providing enough information, this is as much frustrating for me as it is for you.

When I indicated that it did not work I meant to say that the scans performed accordingly however they did not find the btiein.dll. It seems that only Norton discovers this object and then is unable to delete it from my system. My system is custom built, about 4 years old. I am running windows 98 and I have the most recent updates.

The following items/scans have been completed:

CW Shredder - did not find btiein.dll
http://housecall.trendmicro.com/hou.../start_corp.asp <--- Select Auto Clean - did not find btiein.dll
http://www.pandasoftware.com/active...n_principal.htm - did not find btiein.dll

I am pretty sure that I ran kephyr in safe mode, but to make sure I will do that again this evening. From the link you provided I tried everyting listed, manually searched the registry for 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {63B78BC1-A711-4D46-AD2F-C581AC420D41}. 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {63B78BC1-A711-4D46-AD2F-C581AC420D41}. The stuff in the squiggle brackets was found and I did delete it from the registry. I restarted my computer and as mentioned started windows explorer to find this problem but was not able to locate it. From this site I also downloaded "Bazooka" and ran it and it did not find btiein.dll.

I then ran Norton 2004 again and sure enough if found btiein.dll and then Norton was unable to remove it.

As mentioned tonight I will try a full scan with Adaware 6.0 and kephyr in safe mode, hopefully this will work.

Is there anything that I missed or did not mention?

In an earlier post I mentioned that I tried removing a file called "Search Assistant - My Search" I figured this must be the problem but it does not allow me to remove or delete? It says that I should be looking for "Search Toolbar" but I cannot find it anywhere. Does this have something to do with btiein.dll or is it something different all together. When I go to control panel/add remove it is listed but cannot be removed, it provides an error message.

homerj

 

Good point.

I was able to find a few other items that Norton did not find, as for what they were I do not remember except that one or two of them were some type of trojan as well as the other 2 items I listed earlier.

I did both links you mentioned below and when I selected show hidden files that is when I found the "NULL" item and deleted it. I was unable to find the btiein.dll and when I did a system search it was not found either.

I will try going to c:\windows\system and look for btiein.dll using explorer and if it is there I will delete it.

Unfortunately Norton says it find it but does not indicate where? Do you know if Norton 2004 has a way of displaying where the virus is located? I have checked the manuals and no where can I find a way to do this.

Homerj

 

Finally I am rid of all spyware, thank you chaslang for all of your help and patience.

A virus was detected during a safe mode scan with Norton, not sure if you have heard of this one. It is called "swix.ocx (Bloodhound.packed)". Norton is the only product that you mentioned me to try that found the problem. It is located in C:\Windows\swix.ocx. Norton indicated that the delete failed but it looks like it was successful in quarentining the item. I did send them the file for analysis hopefully this will help. I know that NAV indicated that this is unknown and may not be a virus.

I tried using "AntiVir" one of the free downloads and it was unable to find during a regular scan and in safe mode, both times all hidden files were shown.

Is this something I need to worry about?

homerj

 

The file was quarantined and I was able to delete it while in regular mode, should I have deleted the file in safe mode?

I just ran another Norton scan, Adaware, Spy Bot and Spy Sweeper and no items were found.

Major Attitude suggested that I need to be worried if my searching habits are questionable. If I happen to be on a website that was questionable does it mean I should worry and that I may still be infected? I do use Kazaa Lite could that be the source?

Thanks,

homerj

 

Thanks again for all of your help, you guys are great.

I guess this is the end of my thread.

homerj

btw I will have a look at the add/remove and see if "Search Assistant - My Search" is still there.

 

help i have the crt32_v2.dll file that i can't remove.

running win 98 SE.

ideas?