Solved Claro toolbar infection?

[Britton30]

I think I may have an infection from downloading a Shockwave Flash player although I UNchecked all of the add on in its program. I got a "Claro Toolbar" installed and IE opened to a Claro search as my home page. I uninstalled this Claro toolbar but I think something remains. I have downloaded NBRT 3 times but it won't run, see error. I also ran Power Eraser and nothing was found. I ran the free MalwareBytes too and it was clean.

I did uninstall the toolbar and removed it from IE9 Add Ons.

 

[marsmimar]

This has me puzzled, Gary. Claro is apparently a fairly well-known problem. But after Googling, Bing-ing, Yahoo-ing, and using a few more search engines, and going through literally dozens of pages, I couldn't find any removal instructions from any of the well-known antimalware companies. Even searching on BleepingComputer failed to provide anything. This was the closest I came to finding removal instructions that didn't also include an ad to buy some unknown, unheard of, removal tool.

How To Remove The iSearch Claro Search Hijacker Virus (isearch.claro-search.com) | Botcrawl.com

 

[Britton30]

Thanks Lee, I did the search regimen as well but didn't find what you did. I had already went through the normal uninstall process and disabling of the addon. Maybe I have got rid of it but...
I did a system restore to the day before I downloaded it which corrected another issue. I ran the sfc scan which found corrupt files that couldn't be repaired. http://www.sevenforums.com/performance-maintenance/270178-non-repairable-files-2.html#post2222697 The search service still will not start on demand, perhaps that is normal?

I used the Norton removal tool and installed an earlier version which corrected the toolbar missing, it is now back. My earlier version of Norton had this issue which I think was Claro related. The red "X" on the tray icon mean it is not working or not up to date or expired.



Sorry if this confuses you, it has me too.

 

[gied]

Haven't heard of claro tooblar distributed through trojans. However, in many cases it might install additional software on its own to protect the user from uninstalling it.
As Claro is Potentially unwanted program only, it is not surprising that bootable scanner does not find anything (they aim at rootkit/trojan infections more).

 

[Layback Bear]

Download AdwCleaner 2.101 Free - Adware and toolbar remover - Softpedia

 

[Cr00zng]

Maybe it's my duckduckgo.com search engine, but there are some pretty good advices for cleaning up after Claro toolbar. Top two search result by the ducks for "uninstall Claro":

Remove Claro Search Virus, removal instructions
Remove Claro Search (Removal Instructions)

 

[Britton30]

Download AdwCleaner 2.101 Free - Adware and toolbar remover - Softpedia

Maybe it's my duckduckgo.com search engine, but there are some pretty good advices for cleaning up after Claro toolbar. Top two search result by the ducks for "uninstall Claro":

Remove Claro Search Virus, removal instructions
Remove Claro Search (Removal Instructions)

Thank to you both! The AdwCleaner found some more crappola and removed it. My system seems to be chugging along fine so far.

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : K:\ProgramData\Babylon
Folder Deleted : K:\Users\GlBritton\AppData\Roaming\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\592dcdfb369bf15
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
*************************

 

[marsmimar]

Great news, Gary!

 

[Layback Bear]

Good old Bayblon is still getting people.
Here is another little program that find things that aren't infection but you might not want.
Download CKScanner by askey127 from Here & save it to your Desktop

 

[Britton30]

Hmm, I Googled CKScanner and some sites say it is a virus? I tried getting it though but the download was going only 2.02KBs and then froze.

I did find some more claro items in the Registry by doing a search, no Babylon though.

 

[Layback Bear]

I tick on Here in post #9 and I get this.



I have never got a warning of any kind. I keep it on my desktop all the time.

 

[C-11]

Just ran across this if you'd like to try it.

Junkware Removal Tool Download

Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs.
Junkware Removal Tool has the ability to remove the following types of programs:

• Ask Toolbar
• Babylon
• Browser Manager
• Claro / iSearch
• Conduit
• Coupon Printer for Windows
• Crossrider
• Facemoods / Funmoods
• iLivid
• IncrediBar
• MyWebSearch
• Searchqu
• Web Assistant

When run, Junkware Removal Tool will remove all traces of these programs including their files, Registry keys, and folders.

 

[Britton30]

I tick on Here in post #9 and I get this.

View attachment 247471

I have never got a warning of any kind. I keep it on my desktop all the time.

I got a similar one in IE9 Jack, but without a home page for a software, I usually skip it.

 

[Layback Bear]

I don't think there is a home page. I do understand your concern. I found it on the Malwarebytes site and on the Windows 7 Forum. I trust both so I used it without any problems.

​

Jacee​

Consumer Security​

Join Date: Feb 2009

Windows 7 Ultimate 32bit SP1
6,403 posts

​

​

Can you copy and paste CKScanner 'log'?

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.