IBIS and Comet Systems problem...

Hello all! My name is Joshua and I'm new here today (please be nice, lol), so pardon my ignorance if there is a simple solution to this that I have overlooked...

Over the past 6 months or so, every time I log in to my account (XP SP2), my Microsoft AntiSpyware Beta catches both the IBIS Toolbar and Comet Systems browser hijackers (I have screenshots if needed). I go ahead and remove them each and every time, but why do they keep coming back?...IBIS comes back every session! Do I need to delete old restore points from when I used to have System Restore enabled?

Besides the MSAS Beta, I've run tests (in Safe Mode) with AdAware SE Personal and AVG 7.0 Pro, I've done an online scan at Trend Micro, and I even downloaded and did a scan with HijackThis! last night (although, I cannot make heads or tails of the results).

What really bugs me, is that I recently switched to Firefox for my default browser (best move in a long time), so why/how are these "IE" hijacks coming in?

Sorry for the long read, but thanks for any help.

Joshua

 

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Thanks for the reply. I'll look through the sticky again and see what happens.

 

Well, after following all steps on the sticky, I think that it may be whipped! After updating the AdAware SE to build 1.06 (I still had 1.05), it picked up the following:

http://img219.imageshack.us/img219/6442/result49lk.jpg

Also, the RavAntivirus (from the sticky) picked up the following:

WIN32/Gaobot.dam#2
WIN32/Lemmy.B

The program was not able to clean these files, but I was able to delete them manually from the HD.
I'm not sure which of these files had anything to do with the "IBIS" problem, but appears to be gone.

Thank you

 

Post a HijackThis Log as an attachment, and we'll look to see if anything is still hanging around.

 

Here is the logfile, however, I forgot to close out my internet browser before running the scan. Please advise if I need to run it again. Thanks.

 

You can have HijackThis fix the following lines:

Also you can uninstall Logitech Desktop Messenger, it is unnecessary.

 

Those lines have been fixed. However, when attempting to uninstall the Logitech Desktop Manager, I receive the following...

http://img283.imageshack.us/img283/1212/logitech8gm.jpg

 

OK, that's a problem for the Software Forum. You'll get better help there with that. At a glance it is an InstallShield issue. Reinstalling the Logitech Desktop Messenger and then uninstalling it may fix it.

 

This did the trick. Thanks for all your help.

 

Everything working better now?

 

Yes, thank you. Is it going to be okay to leave the programs downloaded from the sticky on my HD? (ie Spybot, etc)...Will any of them interfere with each other or MSAS Beta? The reason I ask is because I noticed that Spybot warned that MSAS Beta may try to block some of its actions.

 

You can leave the programs you downloaded and installed from the sticky on your HD. Yes MSAS sometimes interferes with Spybot, but not often.