IBIS Toolbar

I have three computers networked, a desktop, my laptop, and a used laptop I bought on eBay for my wife not long ago. Her laptop is the problem. Right when I got it, it was bombarded with popups and was actually hard to control. I tried several remedies, finally downloaded AdAware 6, and that seemed to do the trick for a few weeks. There were still a lot of tracking cookies and some malware each time I ran AdAware, maybe every other day, but recently things have gotten much worse. My grandchildren were here last weekend, and were playing games and such on that laptop, downloading things from the internet.

Now, I have a problem. Lots of popups, and when I run AdAware, it shows maybe 35 items, 7 of which are IBIS toolbar in various forms. When I try to remove them, the AdAware program freezes up, requiring ctrl-alt-del. I have tried it about 6 times always with the same results. On the freeze-up when I hiy ctrl-alt-del, it shows 100% CPU usage, though after I unfreeze it, that returns to normal.

I'd like to get rid of all the crap on the computer once and for all. I thought AdAware would do it, but that doesn't seem to be the case. (BTW, my other two computers have no such problems.)

I'm nearly to the point of just getting rid of the compute and buying her a new one. But I hate to give up. Any suggestions?

Bill Conklin

 

Hi Bill.
I am not sure how to help you but one of the brains surelly will.
IBIS is a BHO
(Browser Helper)
I googled it and found this.
It might have what you need.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=ibis+toolbar
Good luck.

 

Thanks Dawg! (Love your avatar!)
This morning, I ran AdAware again, and by manually checking off the files and processes I wanted to remove, I was able to quarentine and remove them all. Interestingly, I rescanned immediately and there were some IBIS toolbar files there again!

So I have to believe there's something resident in the computer that is controlling this. I had seen the article you sent, but not sure how it will help me. I'm going to read it over again, and I want to thank you for taking an interest and sending some help.

I hope some of the "Brains" will take a look at this, because I have a definite feeling it's beyond my knowledge... Waaaaaay beyond!

Thanks Dawg, and thanks to anybody who will offer me some help!

Bill Conklin

 

I did not read the articles my self but I should have explained further.
You should turn off system restore.
This will hold them.
Then go into safe mode and remove them with the scanners.
Understand ??
If you need more help doing this go to
Start
Help
And choose the topic.
That should take care of it.
But like I say I am new at this also.

 

Hi Bill AdAware is excellent. Here's a short list of other, complimentary, apps that work well with Adaware. Spybot catches things that Adaware misses (and vise versa). SpyWare Blaster keeps the stuff from coning back. CWShredder goes after the pesty CoolWebSearch baddie. CrapCleaner cleans up leftovers.
Finally Hijack This gives you a logfile of possible baddies that you can post in the "Specifically SpyWare" board for help.
There's more, but those are pretty basic applications.
Good Luck
Bill

 

Thanks for nice and helpful replies.
I just feel like there has to be something resident in the computer that'
s causing a lot of the crap. Let me ask you, BillH, what's the best approach for that?

bill conklin

 

Mean Dog's idea of turning off System Restore and using CWShredder and Spybot to nuke the persistant ones from Safe Mode is solid. Then download and run HijackThis. (I think your idea about something resident in the pooter is on the money. It could be one of the worms or a coolwewbsearch variant or something new. ) After you run HijackThis (download is in my previous post.) go to MA's excellent thread on how to use HijackThis. If you have problems identifying anything in the HJT log file post the log in Spyware Specific. and let the people who are really up on the subject help you.
Good Hunting
Bill

 

Thinking some more (for me a very dangerous thing ) Have you checked out your running processes in: run>services.msc? Look for something odd. Like a process that seemsright but is using too many Kbs or Megs or Gigs of ram or too big a usage number, something like that. Dunno, you got me thinking like a paranoid again

 

I had apparently cleaned the computer completely by scanning it with Ad-Aware. When I was done, I re-scanned and got zero items.

My wife used the computer briefly for some eMail (no downloads or attachments and no strangers) and complained that the computer was "very slow."

It was. so I scanned again with Ad-Aware and found 6 items from "rads01.quadrophone." I'm not sure what to do with this one. I can implement the suggestions Bill H made earlier, but thought I'd run this new info by the panel first.

Pretty obvious there is something resident in this computer that sets this up again and again.

Any/all help will be much appreciated!!

Bill

 

Further: When I went to quarantine and then delete the six rads01.quadrophone items, and pressed "next" in Ad-Aware to begin the quarantine, the process just froze up. I hit Ctrl-alt-del and had an awful time getting out. There were 22 iterations of task mgr running, and this filled up the CPU. Everything one tries to do now is so slow it's hard to get anything to work.

I'm really at wits end. I have not been able to quarantine this thing, and I don't know what to do.

I purchased this used pooter on eBay, and obviously the last owner dumped this problem rather than trying to fix it.

Heeeeeelp!

bc

 

after battling this bastard for nearly 4 hours, i FINALLY found the solution to get rid of it once & for all. this is taken from kephyr.com & edited a little bit to battle some they didn't know about

Manual removal
Please follow the instructions below if you would like to remove Bubba.wintools manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Bubba.wintools remains on your system after stepping through the removal instructions, please double-check by stepping through them again.

1. Start your computer in safe mode.
2. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
3. Browse to the key:
   'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
4. In the right pane, delete the value called 'WinTools', if it exists.
5. Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {87766247-311C-43B4-8499-3D5FEC94A183}', if it exists.
6. Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {87766247-311C-43B4-8499-3D5FEC94A183}', if it exists.
7. Exit the registry editor.
8. Restart your computer in safe mode.
9. Start Windows Explorer and delete the directory:
   %ProgramsDir%\Common files\WinTools\
   Note: %ProgramsDir% is a variable. By default, this is C:\Program Files.

 

Edit by chaslang: Please post your problems in your own thread. Thread hijacking is not polite and your problem is not the same.

 

Edit by chaslang: Text deleted! Answer was not for Bill Conklins problem