derbiz spyware help

I also need to kno how to get ruid of derbiz

hey i kno u must have loads of people askin how to get rid of derbiz but i am another one. I have little knowledge of how this hijack things works nor how i get rid of derbiz. I have looked at several forums dealing with the derbiz thing and none of them make any sence to me. I am sending you my log and i hope you can tell me what to do. I will need you to give me easy instructions as to what to do about it. please help!

 

Re: I also need to kno how to get ruid of derbiz

From now on create a new thread for your problem to avoid confusion. I will have this thread moved into your own so post in there from now on.

Go ahead and start the READ ME then after you complete it post a fresh HJT log.

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

Re: I also need to kno how to get ruid of derbiz

Nvizzle,

Also before you post a fresh HJT log, go into Add/Remove programs and uninstall Messenger Plus! 3.

After doing this, post a fresh HJT log.

 

How to get rid of annoying derbiz!!

hey ive downloaded all of the antivirus software given to me in the readme. I think i have done everything i can. I just want to send you this to tell me what i can delete. Please help me im geting very frustrated wiv derbiz! lol

 

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

vsnpt513.exe

iexplore.exe <-- End every instance of this process and requested!

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mbjytooljxgoylofzjkfpwa.com/9MjshNdoOZhuNELIcxCfikTXHc7kdZM7R86MmlW6_ UiSghP9JbqsyrYycVUY9sqM.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.derbiz.com/

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteyzx32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\system32\uk_nm.exe -N

O18 - Protocol: bw+0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1736E361-148C-4FE6-A523-41AD193DCA83} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Logitech ←–– Delete this whole folder if it exist!

C:\WINDOWS\vsnpt513.exe

C:\WINDOWS\System32\eliteyzx32.exe <--- also look for and delete other files beginning with elite and ending with exe. There could be as many as ten more.

C:\WINDOWS\System32\uk_nm.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows

FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


After doing ALL of the above,
Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

I followed all the instructions from our Majorgeeks.com site followed by (this does take some time.

I also called the telephone number given on the Derbiz.com homepage – leaving a msg of course, you know they wouldn’t have it any other way. 2 days later I received a call from some lady who said she was contracted by them to take the msg etc and that I should send the a email to: customeservice@derbiz.com . They replied to my email with instructions to follow the url: http://www.derbiz.com/techsupport/uninstall.exe and to RUN or OPEN when prompted.

If this fails to remove then you must SAVE the uninstall program to hard drive or desktop, disconnect from the service and execute the uninstall program by double clicking on the file.

If for any unforeseen reason icons still remain on your desktop or start menu please run the original unisstall on the start menu named ‘Uninstall Launch Derbiz.com’ and follow the below URL in your Internet Browser’s address bar:

http://www.derbiz.com/techsupport/cleanreg.exe

And RUN or OPEN when prompted.

Once these three steps have been completed the Derbiz.com ISP Access Profile will be removed from you computer. I did this twice and everything is now fine. 1 exception but not to do with derbiz.com was the download for the Subtract download which creates a msg to desktop when signing in about the MDAC is not installed if you have this come up, just delete the subtract download and that will take care of the msg relating to the MDAC

The telephone number for Customer Service: 0781 224 9425

Thanks

Michael272727

 

Re: I also need to kno how to get ruid of derbiz

Nvizzle,

If you still have the derbiz problem, you can try these two utilities posted by Michael272727.

http://www.derbiz.com/techsupport/cleanreg.exe

http://www.derbiz.com/techsupport/uninstall.exe