THE SOLUTION!!! anyone with security toolbar 7.1 follow this threa

followed your advise (sans Avast) and it worked!! I've killed security
toolbar 7.1 (knocks on wood)

anyone with the security toolbar 7.1 follow this thread.

Also take a look at the hijackthis log, it not hard to see "bad" things
yourself. Read each line, especially, the filename at the end of each line.
I deleted four entries and toolbar was gone. one file was xx.exe another was
rffzm.exe . the last two are webbuying.exe & SNM.exe /startup. the last is
spynomore that i first downloaded to try and kill toolbar, i didnt like it.

good luck.

JB

ps i used castlecops to post hijackthis log.
"antisecuritygirl" wrote:


I had the Security Toolbar 7.1 virus. I battled it for a week, searching
the web for ANY answers. Found one that worked, tried to find

it again to thank them, so I felt that this information needed to be
shared. I feel so strongly about it that I am going to put my email

address here for anyone to email me if they would like to make sure I
am a real person and not another trick. I KNOW how frustrating

this can be. I WILL NOT RESPOND TO EMAILS ASKING FOR MORE TIPS/TRICKS
ON HOW TO RID YOUR

COMPUTER OF THIS. I followed these steps and my computer is working and
I want to share this information with as many

people as possible. I would, however, understand if you wanted to make
sure I am real - antisecuritytoolbargirl@xxxxxxxxx

Anyone looking to remove Security Toolbar 7.1 should know that I used a
metric %&@#-ton of other programs first, I can't

guarantee that this will work for you, but it DID work for me. Until I
ran SUPERantispyware all other programs would find anywhere

from 150-800 suspicious files EVERY time I ran their scans, never
getting a clean scan. Now I get nothing.

This is THE WORST virus/malware/spyware infestation I have ever seen,
and it happened QUICKLY. I scoured the web and found

a lot of suggestions that just didn't work, and a LOT of (what I
believe to be) fake people lying and saying "I used xxxx(random

spyware program) and it was free and it fixed my computer!" then I
would DOWNLOAD it and it would either be another piece of

malware OR it would be free to SCAN but not CLEAN your computer.

WARNING!!!!! If you don't know what you are doing(and most people
don't) THEN YOU SHOULDN'T DELETE HIJACKTHIS!

ENTRIES. Do a search for a forum to post your reports in and there are
a lot of awesome people willing to help you sort through it.

Same goes for your registry.

Step 1) Going into Start->Control Panel->Internet
Options->Programs->Manage Ad-ons and disabling The Security Toolbar 7.1
and

any other sketchy items that may be there.

(My own Optional)Step 2) TURN OF WINDOWS RESTORE so that it deletes
your restore point, BECAUSE IT WOULD SUCK

TO RESTORE YOUR COMPUTER TO AN INFECTED STATE.

Step 3)SUPERantispyware (http://superantispyware.com/) - I LOVE them
and cannot thank them enough for this amazing program

that too me WAY to long to discover and will never leave my personal
arsenal of AV programs.

Step 3)Hijackthis report and cleanup.
(http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)
Then uploaded the

report to a forum for consultation from knowledgable Geeks willing to
help us lesser mortals.

(My own Optional) step 5)Re-ran some of my other fave AV/AS programs
like Ad-aware and Avast and Search And Destroy - I did

this because I felt like other virus/spy/malware/s may have gotten in
while my computer was not in peak performance. They each

found one or two things hanging around. Then I would re-scan my main
drive a second time with each program to make sure the

*******s weren't duplicating like Mogwai in a swimming pool.

(My own optional) step 6)Ran about 4 free registry cleaning programs
found on www.download.com. BE CAREFUL CLEANING

YOUR REGISTRY YOU CAN FORCE YOURSELF INTO AN O/S REINSTALL IF YOU
AREN'T CAREFUL WHAT YOU

DELETE!

(My own optional) step 7)Since everything was working better than it
has in a LONG time I created a new restore point by turning it

back on.

I sincerely hope this works for you.
I wish I could find the person I got steps 1-3 from because I love them
and send many zen-hugs their way.
I am going to go and post this all over the internet
tonight(11/15/2007), anyone who is helped by this information, I URGE
you to

pass it on to any others in need. If you do PLEASE copy and paste this
entire message (so we don't play a bad game of telephone)

Please make sure to leave the keywords at the bottom so that people can
find this if they need it!

Good Luck People!

Love -antisecuritytoolbargirl

(these files are all found to be associated with The Security Toolbar
7.1) (incomplete list, this is all that I KNOW of)
Keywords: unable to use safe-made, task manager closes, security
toolbar 7.1, homepage changed, IE pop-ups while using firefox,

www.pcontech.com, Trojan.Zlob., ZLOB, Video ActiveX Access, Security
Troubleshooting.lnk, Online Security Guide.lnk, Online

Security Test.url, isamonitor.exe, pmmon.exe, pmsngr.exe,
iesplugin.dll, iesuninst.exe, isaddon.dll, isamini.exe, isamonitor.exe,


pmmon.exe, pmsngr.exe, pmuninst.exe, dxovx.dll, vgibz.dll, psndz.dll,
cqsfk.dll, wzhtjqo.dll, lrnjnzf.dll, zpuwriz.dll,tkrsw.dll,

afzdbl.dll, bgwttyl.dll, dyrwls.dll, ugofuq.dll, gtawclv.dll,
vjxwnn.dll, khtbpdl.dll, cfqbw.dll, fdpzgi.dll, gusur.dll, Cyberlog-X

infections, Trojan-Spy.win32@mx,

Security Toolbar Registry Entries: (incomplete list, this is all that I
KNOW of)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger
Service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper

objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer
Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet
Explorer Secure Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5574E139-F59C-4bee-9A61-150B0D3A16C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}


--
antisecuritygirl
------------------------------------------------------------------------
antisecuritygirl's Profile: http://forums.techarena.in/member.php?userid=35147
View this thread: http://forums.techarena.in/showthread.php?t=756670

http://forums.techarena.in


.