Suicide inducing unwanted toolbar trouble

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Meg001, Jul 30, 2005.

  1. Meg001

    Meg001 Private E-2

    I realise that this topic has come up in previous posts but none have actually helped me. I seem to have an extra toolbar in IE and I can't get rid of it. Obviously, I've tried removing it through Tools-Toolbars but there's no sign of it, and there isn't in Add/Remove progs either.
    I've run Ad-Aware, AVG, Hijack This, and Webroot Spysweer but have still not got rid off it. Not sure what to do next. Any ideas?
    I'm pretty much computer retarded so if you start throwing ideas at me involving complicated procedures etc, then I'll need it in idiot language. Thanks in advance
     
    Meg001, Jul 30, 2005
    #1
  2. mcadam

    mcadam Major Amnesia

    Could suggest how to hide it, not sure about removing it.
    If you click view > toolbars, you can uncheck the toolbar text. Is there an option to uninstall it from the toolbar itself? I.e. with the Yahoo toolbar, you click options then go down to uninstall.
     
    mcadam, Jul 30, 2005
    #2
  3. dutch981

    dutch981 Private E-2

    Which operating system do you use? (windows 98, windows xp, etc)

    What kind of toolbar is it? (e.g., google, yahoo, my way, etc)

    Do the spyware removers detect it?
     
    dutch981, Jul 30, 2005
    #3
  4. Meg001

    Meg001 Private E-2

    It doesn't show up in the View- Toolbars bit so I can't hide it and I run a Windows XP system. I have no idea what kind of toolbar it is because it doesn't say on the actual toolbar. Nothing happened when I used the spyware software, it didn't show anything relating to the toolbar.
     
    Meg001, Jul 31, 2005
    #4
  5. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Please follow standard cleanup procedures as given below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    Major Attitude, Jul 31, 2005
    #5
  6. Meg001

    Meg001 Private E-2

    Ran all the steps with no success, am leaving logs of the tests undertaken and hope it shows something i couldn't see.
    Will post the other logs in separate reply as I can't put in more than 2
     

    Attached Files:

    Meg001, Jul 31, 2005
    #6
  7. Meg001

    Meg001 Private E-2

    About buster and ccleaner
     

    Attached Files:

    Meg001, Jul 31, 2005
    #7
  8. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    I see some very obvious programs. Make sure you look in uninstall as well for programs you didnt install, shopping related and Traveling Salesman. Another huge problem, you are not current on your service packs. Once your cleaned up please update at Windows Updates or this is all for nothing. I also do not see a firewall running, at least turn on windows Firewall. Remove:

    C:\WINDOWS\etb\pokapoka62.exe
    O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
    O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\Meg\Application Data\rpen.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOCUME~1\MEG\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

    Let me know specific symptoms if problems persist, otherwise, follow steps i gave you at top of this message.
     
    Major Attitude, Jul 31, 2005
    #8
  9. Meg001

    Meg001 Private E-2

    By checking the uninstall info, I assume you meant the Uninstall file in Program Files which I did and found nothing. I also deleted the files that you mentioned in the last post but two keep re-appearing whenever I re-scan:

    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
    O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner-C:\DOCUME~1\MEG\LOCALS~1\TEMP\_VWUPSRV.EXE (file missing)

    I couldn’t find this file either C:\WINDOWS\etb\pokapoka62.exe and when I went to look for this file in the Search program, it turns out that I can’t use it anymore and I get this message instead: A file that is required to run search companion cannot be found. Please go through setup again. Which is weird cause it worked just like yesterday. My firewall is also back up, but it sometimes turns it self off, can’t explain why. I don’t download the Service Packs, because the two times I’ve done it, I’ve had to start up my whole system again, from scratch and I’ve lost all my work on my computer.

    I did find a Google folder in Program Files, which had a document called toolbar in it, which I then deleted but it doesn’t seem to have had any effect. That’s all I got.
     
    Meg001, Jul 31, 2005
    #9
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Meg001,

    Please attach a current HJT log from normal mode.
     
    bjgarrick, Aug 2, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds