Re: IE toolbar addd by virus
From: Chuck (none_at_example.net)
Date: 6 Oct 2004 15:48:10 -0500
On Wed, 6 Oct 2004 11:41:03 -0700, newuser00
>Somehow a virus and spyware have added a toolbar to my IE. I tried to
>uninstall all the programs to no avail. I cannot remove the toolbar only turn
>it off. I installed the latest version of IE 6. As well I have sooo many
>pop-ups coming in. Spybot hasn't removed my problems completely. It seems to
>be a temporary bandaid and at reboot it all comes back! Any help is greatly
Sometimes Spybot is not enough. HijackThis with expert advice is the best tool,
but only after preliminary cleaning from the other tools.
How current is your virus protection? Try one or more of these free online
virus scans, which should complement your current protection:
Now check for, and learn to defend against, additional problems - adware,
Start by downloading each of the following additional free tools:
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Create a separate folder for HijackThis, such as C:\Program Files\HijackThis -
copy the downloaded file there. AdAware and Spybot S&D have install routines -
run them. The other downloaded programs can be copied into, and run from, any
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://forum.aumha.org/viewtopic.php?t=5877>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D again. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and delete everything ("Fix
Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Block known dangerous scripts from installing.
Block known spyware from installing.
Make sure that the spyware detection / protection products that you use are
Harden your operating system. Check at least monthly for security updates.
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
(The third is included, and updated, with Spybot (see above)).
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
Paranoia comes from experience - and is not necessarily a bad thing.