Where did this come from

[huffman]

For the last two days when I startup my PC (Win 7 Pro with IE9 and Google Toolbar installed I get this popup:



I follow the links on the popup and get these:





They provide NO real help and would like to stop this popup if possible.

Any help would be appreciated.

 

[marsmimar]

I'm going to take an educated guess and say your computer has been infected with malware. According to a quick search for Spigot, Inc (the company listed in your fist snip) they seem to make "custom" toolbars so other companies can increase their revenue. This Avast forum article may help you.

http://forum.avast.com/index.php?topic=63642.0

I'd definitely concur with the suggestion to install the free version of Malwarebytes, update it, and run a full scan. I also checked bleepingcomputer for any mention of "spigot" (use their search function) and it returned over 300 entries:

Search Form - BleepingComputer.com

 

[seavixen32]

I agree that Malwarebytes is well worth trying: Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

 

[Urthboundmisfit]

Did you install a new prog/that sneakily installed a toolbar recently?

According to Spigot Inc, the toolbar is "easily" removed: Spigot Search Settings | Easily Remove searchsettings.exe
Look for something in Control Panel/Programs and Features/Uninstall-change program/ Spigot and/or Dealio and remove it.

I would also run MBAM as previously suggested. Install it, update it's defs. Under Settings>>Scanner settings for PUP (potentially unwanted programs) & PUM (potentially unwanted modifications) set it to show results, but be careful to only remove objects related to the toolbar.

Hope this helps

 

[Britton30]

In my experience toolbars just muck things up. I would suggest you remove the Google toolbar. It can serve no useful function beyond what a shortcut added to your Favorites bar for google.com would provide.

 

[Urthboundmisfit]

What Britton30 said.

 

[jcgriff2]

"Internet Explorer" tab - SysInternals Autoruns for Windows

 

[huffman]

I have found the problem:



Aliases of Backdoor.Spigot (AKA):
[Kaspersky] Backdoor.G_Spot.20
[McAfee] BackDoor-AAG
[F-Prot] security risk or a "backdoor" program
[Panda] Bck/Spigot.A
[Computer Associates] Win32.Spotbot.20

It is located in C:\Program Files\Common Files. There is NO uninstall file associated with it.

I ran Malwarebytes and it is not considered to malware, it was NOT found. It does not show up in either Program Removal or Revo Uninstaller.

To remove it, my understand requires changing a registry entry. God I hate making changes to the registry.

Open regedit

To delete each registry key listed in the Registry Keys section, do the following:
Locate the key in the left pane of the Registry Editor window by sequentially expanding the folders according to the path indicated in the Registry Keys section. For example, if the path of a registry key is HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName1, sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA, and FolderB folders.
Select the key name indicated at the end of the path (KeyName1 in the example above).
Right-click the key name and select Delete on the menu.
Click Yes in the Confirm Key Delete dialog box.

delete each registry value listed in the Registry Values section, do the following:
Display the value in the right pane of the Registry Editor window by sequentially expanding the folders in the left pane according to the path indicated in the Registry Values section and selecting the specified key name. For example, if the path of a registry value is HKEY_LOCAL_MACHINE\software\FolderA\FolderB\KeyName2\,valueC=, sequentially expand the HKEY_LOCAL_MACHINE, software, FolderA, and FolderB folders and select the KeyName2 key to display the valueC value in the right pane.
In the right pane, select the value name indicated after a comma at the end of the path (valueC in the example above).
Right-click the value name and select Delete on the menu.
Click Yes in the Confirm Value Delete dialog box.

I really don't want to do this. When I get my nerve worked up I guess I will try it.

Hope this helps someone else.

 

[marsmimar]

Try the Revo Uninstaller Pro version. It comes with a free 30 day trial. Use the forced uninstall mode to see if Spigot can be removed. Revo will also scan the registry and delete registry remnants.

Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

 

[Britton30]

"Internet Explorer" tab - SysInternals Autoruns for Windows

^^^^I would use this to find all the reg entries involved. If you miss one it could just regenerate the program and assimilate your PC like a Borg drone.

 

[huffman]

This morning I had a new popup similar to the one originally posted. It was different but still had to do with changing how my browers would work. I did NOT allow it to make changes.

At that point I decided to do a restore using a restore point prior to when the Spigot folder was created. The restore went fine, however
C:\Program Files\Common Files\Spigot
is still there. When I restarted again, there were no popups. I guess it is wait and see now.

BTW jcgriff2 I will give that program a try. It looks like a good utility to have on hand.

 

[jcgriff2]

I agree 100%.

I mentioned AutoRuns for the IE toolbar removal (& should have posted that fact). It definitely is not a malware removal app like MBAM.