Unwanted Viral Browser Toolbars

[Bertison]

Hi hoping for some advice about this

My PC is infected by the following:
Snap.do - Babylon Search Toolbar, Claro Search Toolbar. There are 14 total instances of this garbage and I have no idea how they came to be on the computer. I am very conscious of dangerous sites and "passengers" within downloads, I scrutinise everything for the usual check boxes and never check or uncheck anything that might piggy-back in. I have AVG 2012 I.S. and MSE, neither of which have managed to find any of this, never mind kill it.

I have searched the Registry with <Find> and killed these Toolbars in IE and my main browser, FF. However, they return to the Registry after closing it, Restarting and opening <Regedit> again. (Boy, these things are tough!) They do not appear in my browsers now, but Snap.do will show up and take over if I use the Google Search Bar. I have noticed a gradual slow down of my system: not too bad, but timing over a week has shown a slowdown of Boot, by 8 seconds over the 7 days.

As I was typing this, AVG Scheduled Scan pop-up reported no problems, giving 'Zero's' for all, including Spyware. I used Malware Bytes 2 days ago, but have just seen Brink's information about Updates to that, thanks Brink I will try that after logging out, although the sheer persistence of these nasties does not give me confidence.
Thanks to all who post.

 

[gied]

Hi.
Boot time most likely affected by badly uninstalled programs.
First, go through your computer's Control center and uninstall all the programs that were installed during last date. This is not only for the toolbars, but for various programs that "protect" browser settings. some of the toolbars use them.
Next, scan your PC with hitman pro ( HitmanPro 3 - SurfRight
Next, Scan with adwcleaner :
If something is still left, try scanning with Spybot (targets such programs better than mbam), or go through your search settings.

 

[cottonball]

Bertison,

As gied mentioned, try running the AdwCleaner program:
http://www.bleepingcomputer.com/download/adwcleaner/

It searches and removes unwanted toolbars, programs, adwares, and browser hijackers.
Also, it is compatible with Windows XP, Vista, and 7: versions 32 and 64 bits.

After downloading, save AdwCleaner to the Desktop
Right-click on adwcleaner.exe and select: Run As Administrator
Click the Search button

When done, a text file opens.

Please post the content of the AdwCleaner[Sn].txt in your reply.

Note: You can also find the reports at C:\AdwCleaner[Sn].txt (S = search, n = order number), or, C:\AdwCleaner[Rn].txt (R = remove, n = order number)

 

[Night Hawk]

I found some other references that may be more help to you on how to manually remove all traces. AVG will not find and remove a number of "bugs" as I previously ran with AVG and others until coming across a far superior av/antimalware software with an effective firewall.

The first link here instructs on how to remove the toolbar annoyance from IE and Chrome which will have you download Malwarebytes. How to completely remove Babylon Toolbar and "Search the web (Babylon)"

For FireFox the second link deals with it there on the page seen at How To Uninstall The Babylon Toolbar Completely -

And one other page is found at Mozilla when the question comes up for Can you help me completely delete babylon.com from my computer?

The page there list several more links for each step of the process to review. Generally something you install may have a toolbar option with or without the uncheck boxes seen. You must have just lately tried out something new and got burned by the toolbar installer hidden in the mix. The downloaded program doesn't necessarily mean you were on a bad site since crapware is often more cleverly hidden and only seen during the install.

 

[Bertison]

Thanks guys for all of that great advice.
I had an appointment yesterday and did not return until this morning, so apologies for not responding sooner. A little more info:

I had downloaded what I thought to be an Anti Spyware programme from the USA - anyone used "Spyhunter"? That is the source of all the infection reports . Listed as a "Free" Download, it came up with a total of 14 'Infections' all based upon Snap.do, Babylon and Claro Search. When I asked to "Fix" the problems, it asked for $99.99. I uninstalled it, wiped it from the Registry and received a message asking why I uninstalled, then offering the same programme for $10! - thanks, but no thanks!

Purchased & downloaded Malwarebytes Pro, carried out a Full scan, no reports of any Nasties.

gied - thanks, I already tried your suggestions. Kept a note of them though, much appreciated.

cottonball & NightHawk - thanks to you both, I will try them in order. I will report any further results later. I really appreciate your assistance guys, thanks.

 

[gied]

Bertison: As far as I am aware, spyhunter is in ~39 USD range, so it is kinda weird they asked 99 USD. Are you sure this was real SH ?

 

[cottonball]

Bertison,

Save your money!

There are plenty of free programs available.

I haven't bought an Antivirus or a malware protection program for more than 12 years!!

 

[gied]

Cottonball: I actually have purchased couple. I do not believe in "free cheese" kind of programs, and thats how many free antiviruses (and anti-malware) work (well, MSE exception). There are other reasons too.

 

[Bertison]

Hey folks, hope I am not the cause of a disagreement here!

cottonball, I have to say that gied may be right, as I have traced the infection to some hookey FREE Game software downloaded by a relative. Personally, I am very suspicious of the 'free' stuff, MSE and a few more excepted. I would not have downloaded that software and the computer is now password protected in BIOS and Boot from anyone else using it whilst I am away.

I have managed to remove Snap.do altogether from the Registry, now I am going after the rest.

gied, it did indeed state that SH was $99.99, then $10, after I uninstalled it, which is the part that aroused my suspicion. However, I am in the UK and despite the GBPound currently trading at $1.57, on this side of the Atlantic, we usually find US prices to us become £1 = $1. Not complaining, that's business: if they can get away with it and people are dumb enough to pay it, that's their problem.

I will report any progress here, thank you both.

 

[gied]

Bertison : know some guys at company there, as far as I am told, they have no version for 99 USD, but who knows

By the way, AVG got some bad publicity recently due to similar toolbar /search hijacker distributed through its free version like the ones you remove J

 

[M1GU31]

Have you been downloading from cnet? They pack those tool bars at least Babylon from what I know in there downloads. Stay away from downloading from that site. Main reason I never download from there anymore.

 

[cottonball]

Microsoft Security Essentials and avast! Free are good.

Never had any problems with either.

 

[Bertison]

Thanks M1GU31, a Cnet download was responsible. I backtracked and discovered that the Spyhunter prog that I downloaded was spelled differently to the REAL one, which explains things to gied! The real Spyhunter is priced a lot less than $99.99.

I found and killed 2 Snap.do 'Helper Bars' in the Registry, nothing in there from Babylon or Claro Search Bars. I then used my purchase of Malwarebytes Pro, to carry out a Full Scan. It found nothing. The 'puter is much quicker now and I have concluded that the false SH prog was giving me false information to make me "buy" their "product".

I take note of the advice about AVG, which I intend to replace with Bitdefender ASAP. I had BD on my 'puter for 2 years and changed it, due to cost of the next version. False economy I guess.

Lesson learned, but many thanks to all who advised me, this Forum still rocks!

 

[Layback Bear]

Cnets pages and download clutter make it very easy to miss things. It is very easy to miss lots of unwanted things. I use FileHippo. I sure some here won't agree with FileHippo. That being said it works well for me. You still have to watch because sites change policies often.

 

[M1GU31]

Glad I was able to help, I agree with layback bear, filehippo is a better site for downloading software and from my experience with filehippo the files there are clean, I use filehippo myself. Yea anyways I asked if it was cnet because my brothers computer got a babylon toolbar from downloading in that site even though it gives the option not to install but somtimes ppl over read something and miss details. Had to remove it from his xp computer, took a while to remove it because you have to go into the registry and all your browsers options.

 

[Layback Bear]

You will get Babylon whether you put a check mark in the box or remove the check mark. You will get it either way. If the Babylon option is there I recommend finding another place to get the download you want.
Been there done that.

 

[Britton30]

Cnets pages and download clutter make it very easy to miss things. It is very easy to miss lots of unwanted things. I use FileHippo. I sure some here won't agree with FileHippo. That being said it works well for me. You still have to watch because sites change policies often.

I think Filehippo is one of the 2-3 good download sites left. Softpedia, MajorGeeks, c|Net, Download.com all are getting crappy and bundle crapware.
Sometimes one has to look through the license agreement before an opt out box is shown.

 

[Night Hawk]

Thanks guys for all of that great advice.
I had an appointment yesterday and did not return until this morning, so apologies for not responding sooner. A little more info:

I had downloaded what I thought to be an Anti Spyware programme from the USA - anyone used "Spyhunter"? That is the source of all the infection reports . Listed as a "Free" Download, it came up with a total of 14 'Infections' all based upon Snap.do, Babylon and Claro Search. When I asked to "Fix" the problems, it asked for $99.99. I uninstalled it, wiped it from the Registry and received a message asking why I uninstalled, then offering the same programme for $10! - thanks, but no thanks!

Purchased & downloaded Malwarebytes Pro, carried out a Full scan, no reports of any Nasties.

gied - thanks, I already tried your suggestions. Kept a note of them though, much appreciated.

cottonball & NightHawk - thanks to you both, I will try them in order. I will report any further results later. I really appreciate your assistance guys, thanks.

It's called "Scam Ware"! A bogus program will download a list of bugs and then claim you can see them removed when buying the full version when no program actually exists or the fake poses as a genuine article.

Have a look at the notice I posted about one that had the gui of Advanced System Care black and dark theme and all with the words "Security Essentials" as the program name mocking the MS SE genuine article and then charging for it? http://www.sevenforums.com/system-security/222009-new-variant-fake-security-essentials-aware.html

SCAMWARE! is precisely what you ran into apparently. The one I cleaned off of a few laptops last year downloaded 4 trojans and blocked the taskmanager with a fake "Windows Process Doctor" to prevent killing the program. GFI support was a little upset when I hadn't used their special remover tool but opened the file location to find the offender and move it to another location and then boot up in Safe Mode to manually remove the one main file. The regular av program then took care of the rest which included the 4 trojans and rogue scamware gui.

Bertison : know some guys at company there, as far as I am told, they have no version for 99 USD, but who knows

By the way, AVG got some bad publicity recently due to similar toolbar /search hijacker distributed through its free version like the ones you remove J

The AVG Internet Security toolbar alerts you to bad sites allowing you to back off or close the browser window fast to prevent something from being stuffed on your system when hitting a bad site. Someone apparently put out a bogus version mocking the original addon since the actual toolbar doesn't hijack anyone.

As far as these types of "First Buy and then We cure your pc" nonsense the volume of scamwares has been on the rise for the last two years roughly over trojan droppers and other malwares. With everyone having been seeing a slower economy some clowns want to cash in on gullibility by pumping fake versions with close sounding names to valid programs.

 

[Layback Bear]

Cnets pages and download clutter make it very easy to miss things. It is very easy to miss lots of unwanted things. I use FileHippo. I sure some here won't agree with FileHippo. That being said it works well for me. You still have to watch because sites change policies often.

I think Filehippo is one of the 2-3 good download sites left. Softpedia, MajorGeeks, c|Net, Download.com all are getting crappy and bundle crapware.
Sometimes one has to look through the license agreement before an opt out box is shown.

I have been watching for the opt out box in the agreement because you mentioned it before. They know that nobody reads those.
I thank you it is great advice.

 

[Night Hawk]

I think you may find a few things at FileHippo that are tainted as well if you were to go through everything. It's becoming too common place in seeing the "unwanted extras" tossed into the mix when going to download any supposed freebies. That's where they get you with other things tucked away nicely! c/net downloads is seeing this as well.