Help ive been infected

[mollycat]

does anyone know a good free solution to getting rid of tool bars and unwanted pop ups that offer free spyware detectors.

[PoN]

-adaware

-Kaspersky

reinstall internet explorer / firefox

[Dizzy]

spybot search and destory
http://www.download.com/3000-8022_4-10743107.html

[mollycat]

Thanks Pon

[mollycat]

ive already tried search and destroy but it didnt work, but thanks anyways.

[Gregory]

Ooh, I have had this spyware before.

I had to format and reinstall windows.

Yeah, just go to Windows Un-Installer and find the toolbar you want to uninstall.

If that doesnt work then do the following *This is advanced but can be done if you read the WHOLE thing first and pay attention*

How to remove *any* Browser Helper Object from your Computer

What I am about to suggest may not be the most correct method to remove a BHO from your system. In fact, there is no guarantee that instructions below will resolve your issue. What I can tell you, however, is that I have used the following methods to safely remove and restore many systems that have been infected with scumware / Spyware / Adware toolbars.

Before proceeding, please make a backup of your most critical files.

1. Attempt to disable the BHO.

A little while back, I came across a program called BHODemon which can disable BHO's from launching when Internet Explorer starts. BHODemon can also be used to identify the main 'plugin' file associated with the BHO (typically a .DLL or .OCX file located in the Windows System folder). A full explanation of BHODemon (and the link to download the freeware program) is available in a recent Gazette issue.

2. Identify other 'plugin' file(s) associated with the BHO.

Some BHO's are despicably stealthy and will reinstall themselves after your system is rebooted / restarted -- even after the BHO has been disabled. Obtaining the list of files associated with the BHO will require some research:

* Use BHODemon to identify the main .DLL or .OCX file (as seen in the picture above).

* Go to Google.com and type in the BHO filename followed by the word 'remove' (example: "NN_BAR.DLL remove"). 9 times out of 10, Google will provide a list of web sites that have manual removal instructions, along with the list of files associated with the offending BHO.

* Finally, write down the file names and folder locations of the BHO 'plugin' files (example: %SystemDir%\winnb40.dll).

Side note: %SystemDir% is a generic path (I.E. folder) variable. By default, the System Directory for Win95 /98 / ME is C:\Windows\System; for Windows NT/2000, it is C:\WINNT\System32; and for Windows XP, it is C:\Windows\System32.

3. Reboot into Safe Mode and remove the BHO files from your computer.

In order to permanently remove the BHO files from your computer, you must reboot into Safe Mode (or DOS mode) or your system will report a 'sharing violation' error when attempting to delete the file(s). To access Safe Mode:

* Click Start -> Shutdown (or Turn Off).

* Select 'Restart'.

* Once the computer restarts, press F8 repeatedly on the keyboard until a Boot Menu appears. This *must* be done before the Windows boot screen appears.

* Choose to boot Windows in Safe Mode.

Once you are in Safe Mode, use your notes detailing the file names and paths of the offending BHO's and rename (or remove) the files from your system. Renaming the .DLL / .OCX file will allow you to undo your changes -- whereas deleting a file is not easily undone.

Side note: A safe way to rename a file is to place a few harmless characters in front of the real file name (example: if the file is popups.dll, rename it to zz_popups.dll).

4. Remove the BHO references from your System Registry.

* Click Start -> Run -> type in "regedit" (no quotes, and press Enter).

* Once RegEdit appears, click File -> Export to make a backup of your registry. In case you make a mistake, you can import your old registry to reverse the proceeding changes.

* Now you're ready to remove the BHO references from your Registry. In the RegEdit window, press F3 to search. Next, type in the name of each BHO file you recorded in Step #2 -- minus the file extension (for example: search for 'popups' instead of 'popups.dll').

* When a match is found, look on the left side of the RegEdit Window. Left click the expanded folder which encapsulates the BHO entry. Press DEL on your keyboard to delete it.

* Press F3 and until no more matches are found; repeat this process for all BHO files you recorded in Step #2.

5. Remove any suspicious references from your Startup locations.

Download Startup_CPL.exe from Mike Lin's web site. This program will list multiple startup locations that launch programs when Windows is booted. If you see anything suspicious, disable it from launching in your startup. If you are unsure of whether or not a program entry is safe to disable, you can research it using Pac's Portal web site.

Side note: Startup_CPL is zipped. In order to use Startup_CPL, you will first need to extract it using WinZip. I have a free downloadable video tutorial on how to use WinZip available here.

6. Reboot your computer.

The offending BHO should now be removed from your computer. If, however, you are unable to resolve your problem, you can:

* Attempt a System Restore (if applicable).

* Import your Registry backup and reboot your computer (if you think you may have accidentally deleted the wrong registry entry and have inadvertently caused your system to become unstable), or

* Backup your most critical files and reinstall Windows. I have a downloadable eBook and video guide which explains how to do this in great detail.

[mollycat]

Hey thanks guys i got the problem fixed it turned out that the worm or whatever it was was called iexplore.exe inside a folder named microsoft in my music folder. it looked suspicious so i deleted using safe mode and problem was fixed. Oh yeah search and destroy helped kill the cookies as well.

Thanks guys.