Is this Adware?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Homerj, Aug 17, 2004.

  1. Homerj

    Homerj Private E-2

    After removing several objects and finally becoming spyware and virus free Chaslang suggested that I check the add/remove to ensure that unauthorized downloads did not occur. There are several things I do not recognize. They may be important so I do not want to remove them without getting some advice. Here they are:

    bsoft
    Find... On the Internet
    Google Toolbar for Internet Explorer
    Internet Expedition
    Internet Explorer (with a letter and 6 numbers)
    Internet Utilities 97
    Microsoft Data Access Components (2 letters and 6 numbers)
    rb32
    Search Assistant - My Search

    Is there anything I should remove or be concerned about?

    Thanks,

    Homerj
     
    Homerj, Aug 17, 2004
    #1
  2. munky4745

    munky4745 Private First Class

    If I were you I would download firefox internet browser (type firefox in google first link) and just yea remove all of those files you listed except Microsoft Data Access Components + Internet Expedition
    + Internet Utilities 97. If you want and you don't use them just delete the 2 internet one's but to my understanding only the search assistant and the google toolbar (questionable) are spyware.
     
    munky4745, Aug 17, 2004
    #2
  3. bobb39

    bobb39 Private E-2

    I run a program called Fix-it Utilities by VCOM. It cleans up unneccessary files, has a disk cleaner and fixer. will clean up registry, has a system diagnostic section and also a anti-virus section. It won't delete all viruses but it tells you where they are located and you can go in and delete them manually. I run fix-it program quite often to keep all dead files and folders out of my machine. Like any utility program, some caution must be observed but I'm no pro with a computer and have had no problems with it. Another good program I got for fee of the internet is Power Desk. It will show all files and folders on your computer including hidden files if you so desire. I use Power Desk when I get a virus that fix-it won't delete. I can scroll down to the file and delete it.
     
    bobb39, Aug 17, 2004
    #3
  4. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    If you guys can not answer his questions, please do not answer at all. My answer was pretty simple. Go to Google.

    Google toolbar is NOT spyware.

    rb32 is a virus:
    http://www.liutilities.com/products/wintaskspro/processlibrary/rb32/

     
    Major Attitude, Aug 17, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I agree with Major!

    And also you should to remove
    Search Assistant - My Search

    But you may have problems removing this one as some aspects may have been removed already from your previous thread (http://forums.majorgeeks.com/showthread.php?t=38558)

    See if you can get more info on the below items. You need to see if you can find out what they installed and where they installed it so you can get some information from the files they have installed:
    bsoft
    Find... On the Internet

    We need to see a HijackThis log because the RB32 (RapidBlaster) usually puts some items in the registry and sets up some items to run at startup. Please read this link and post a HijackThis log attachment: http://forums.majorgeeks.com/showthread.php?t=38752
     
    chaslang, Aug 18, 2004
    #5
  6. Homerj

    Homerj Private E-2

    Hey here is my hijack log as requested. I have not removed any of the items as of yet, I thought I would wait for your feedback from the hijack log. I know previously I tried removing the Search Assistant - My Search and I got this message, as well it was not found on the C: drive or regedit:

    Error Loading C:\PROGRA~1\MYWAY\SRCHASTT\1.BIN\mysrchas.dll
    The system cannot find the path specified

    bsoft I searched my C: drive and could not locate file but was found in the regedit.

    HKey_Current_User/software/microsoft/windows/Doc Find Spec MRU.

    As well as Hkey_Local_Machine/software/microsoft/windows/uninstall/bsoft

    and here

    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU

    rb32 was found here

    HKEY_USERS\.DEFAULT\Software\Webroot\SpySweeper\Startup\2_rb32 ml975e

    Find... On the Internet was not located on my C or regedit
     

    Attached Files:

    Homerj, Aug 19, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please download the proper version of HijackThis: http://www.majorgeeks.com/download3155.html
    And post a new log attachment but this time save it to a .txt file. Not a .doc file.

    You are not explaining clearly when you get this message:

    Error Loading C:\PROGRA~1\MYWAY\SRCHASTT\1.BIN\mysrchas.dll
    The system cannot find the path specified

    Are you alway getting it when you boot your system? Or do you mean there is still an entry in Add/Remove Programs for this and when you select uninstall you get that message (I wouldn't think so)? Please explain exactly when you get that message.
     
    chaslang, Aug 20, 2004
    #7
  8. Homerj

    Homerj Private E-2

    Sorry for the late response.

    There is still an entry in Add/Remove Programs for this and when I select uninstall I get that message, that is exactly what is happening. My system boots without any problems or pop up messages, that all seems ok.

    Here is my new hijack attachment.

    Please advise.

    Thanks,

    Homerj
     

    Attached Files:

    Homerj, Aug 24, 2004
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should read info in this link and remove the no longer support (and problematic) Microsoft Java and install the Sun version:
    http://forums.majorgeeks.com/showthread.php?t=25834

    Did you uninstall the Google Toolbar? Notice that the DLL file is missing on the O3 line of your HijackThis log. If you did uninstall it and no longer use it, you should have HijackThis fix the below lines related to the Google Toolbar. If you still want to use it, it may need a reinstall.

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.111-deleon.dll (file missing)
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR_EN_2.0.111-DELEON.DLL/cmbacklinks.html

    Fix the below two lines with HijackThis:
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
    O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

    To remove the MYWAY\SRCHASTT stuff you will probably need to edit the registry yourself and delete related lines. The best way may be to use a tool like: RegCleaner
     
    chaslang, Aug 24, 2004
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds