TechSpot

Cannot uninstall Security Toolbar 7.1

By raysdesigns
Jul 22, 2007
Topic Status:
Not open for further replies.
  1. I have Security Toolbar 7.1 installed on my IE browser. I have gotten rid of the toolbar but the virus still directs me to a page to buy spyware tools. I cannot change my home page it just redirects it back to the same page with a warning. I also have a system alert down by my clock. I have run HiJack this, and was told to delete this line.

    O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll

    for some reason it will not delete.

    Here is my entire log:


    Can anyone help?
  2. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Try again in SAFE MODE. Then run AVG antivirus and AVG antispyware in regular then safe mode... get rid of everything else. You have way too many conflicts from too many installs of antispyware, antivirus, and other infestations. You only make it worse when you have all that stuff in conflict with each other.
  3. raysdesigns

    raysdesigns Newcomer, in training Topic Starter

    Not sure what you mean about the all the antispyware i have installed. The only thing I have installed is pest patrol. And what other infestations do I have?
  4. raysdesigns

    raysdesigns Newcomer, in training Topic Starter

    I think its fixed

    I did everything you said. I believe it worked. My home page is no longer being redirected and I no longer have the annoying little warning by my clock.

    Thank you for your help.

    Here is my log after uninstalling all my antispyware and installing AVG spyware

    Let me know if you see anything thats wrong. I would like my computer to be in the best shape it can be.

    Thanks again,

    Ray
  5. raybay

    raybay TechSpot Evangelist Posts: 10,716   +6

    Sorry, but I see AVG Antispyware, AVG Antivirus, Pest Patrol, Symantec, Cookie Patrol. You might want to clean the registry if they are not all installed. Otherwise, now looks good.
  6. GodFather

    GodFather Newcomer, in training

    Hey man I got the same problem there was about three weeks...

    You must only go to safe mode then go

    C:\Program Files\Video ActiveX Access\ and you only need to delete as in safe mode none of his processes with be active so you can easily delete it.

    Then you restart your PC and go to Add or Remove Programs and uninstall then they will ask you that it may have been move or deleted then click ok...

    Then do a registry cleaner and antispyware scan...

    Thats all

    P.S if you try to end the processes in windows they will restart automatically...
  7. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    There is something suspicious-looking in your HijackThis log.

    Please read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)
  8. Irshad_

    Irshad_ Newcomer, in training

    I have the same now, only the toolbar I can't remove & I did uninstall it and stuff like that.
    My parents are gonna be mad if they found out about it !
    Please someone help !!
  9. Irshad_

    Irshad_ Newcomer, in training

    And quick please !!
  10. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    Hello and welcome to TechSpot.

    Please go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

    Then open a new thread in our Security and the Web forum, detailing your problem and symptoms. In that thread, post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of raysdesigns only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  11. antisecuritygir

    antisecuritygir Newcomer, in training

    I had the Security Toolbar 7.1 virus. I battled it for a week, searching the web for ANY answers. Found one that worked, tried to find

    it again to thank them, so I felt that this information needed to be shared. I feel so strongly about it that I am going to put my email

    address here for anyone to email me if they would like to make sure I am a real person and not another trick. I KNOW how frustrating

    this can be. I WILL NOT RESPOND TO EMAILS ASKING FOR MORE TIPS/TRICKS ON HOW TO RID YOUR

    COMPUTER OF THIS. I followed these steps and my computer is working and I want to share this information with as many

    people as possible. I would, however, understand if you wanted to make sure I am real - antisecuritytoolbargirl-AT-gmail.com

    Anyone looking to remove Security Toolbar 7.1 should know that I used a metric %&@#-ton of other programs first, I can't

    guarantee that this will work for you, but it DID work for me. Until I ran SUPERantispyware all other programs would find anywhere

    from 150-800 suspicious files EVERY time I ran their scans, never getting a clean scan. Now I get nothing.

    This is THE WORST virus/malware/spyware infestation I have ever seen, and it happened QUICKLY. I scoured the web and found

    a lot of suggestions that just didn't work, and a LOT of (what I believe to be) fake people lying and saying "I used xxxx(random

    spyware program) and it was free and it fixed my computer!" then I would DOWNLOAD it and it would either be another piece of

    malware OR it would be free to SCAN but not CLEAN your computer.

    WARNING!!!!! If you don't know what you are doing(and most people don't) THEN YOU SHOULDN'T DELETE HIJACKTHIS!

    ENTRIES. Do a search for a forum to post your reports in and there are a lot of awesome people willing to help you sort through it.

    Same goes for your registry.

    Step 1) Going into Start->Control Panel->Internet Options->Programs->Manage Ad-ons and disabling The Security Toolbar 7.1 and

    any other sketchy items that may be there.

    (My own Optional)Step 2) TURN OF WINDOWS RESTORE so that it deletes your restore point, BECAUSE IT WOULD SUCK

    TO RESTORE YOUR COMPUTER TO AN INFECTED STATE.

    Step 3)SUPERantispyware (superantispyware.com/) - I LOVE them and cannot thank them enough for this amazing program

    that too me WAY to long to discover and will never leave my personal arsenal of AV programs.

    Step 3)Hijackthis report and cleanup. (trendsecure.com/portal/en-US/tools/security_tools/hijackthis) Then uploaded the

    report to a forum for consultation from knowledgable Geeks willing to help us lesser mortals.

    (My own Optional) step 5)Re-ran some of my other fave AV/AS programs like Ad-aware and Avast and Search And Destroy - I did

    this because I felt like other virus/spy/malware/s may have gotten in while my computer was not in peak performance. They each

    found one or two things hanging around. Then I would re-scan my main drive a second time with each program to make sure the

    bastards weren't duplicating like Mogwai in a swimming pool.

    (My own optional) step 6)Ran about 4 free registry cleaning programs found on download.com. BE CAREFUL CLEANING

    YOUR REGISTRY YOU CAN FORCE YOURSELF INTO AN O/S REINSTALL IF YOU AREN'T CAREFUL WHAT YOU

    DELETE!

    (My own optional) step 7)Since everything was working better than it has in a LONG time I created a new restore point by turning it

    back on.

    I sincerely hope this works for you.
    I wish I could find the person I got steps 1-3 from because I love them and send many zen-hugs their way.
    I am going to go and post this all over the internet tonight(11/15/2007), anyone who is helped by this information, I URGE you to

    pass it on to any others in need. If you do PLEASE copy and paste this entire message (so we don't play a bad game of telephone)

    Please make sure to leave the keywords at the bottom so that people can find this if they need it!

    Good Luck People!

    Love -antisecuritytoolbargirl

    (these files are all found to be associated with The Security Toolbar 7.1) (incomplete list, this is all that I KNOW of)
    Keywords: unable to use safe-made, task manager closes, security toolbar 7.1, homepage changed, IE pop-ups while using firefox,

    pcontech.com, Trojan.Zlob., ZLOB, Video ActiveX Access, Security Troubleshooting.lnk, Online Security Guide.lnk, Online

    Security Test.url, isamonitor.exe, pmmon.exe, pmsngr.exe, iesplugin.dll, iesuninst.exe, isaddon.dll, isamini.exe, isamonitor.exe,

    pmmon.exe, pmsngr.exe, pmuninst.exe, dxovx.dll, vgibz.dll, psndz.dll, cqsfk.dll, wzhtjqo.dll, lrnjnzf.dll, zpuwriz.dll,tkrsw.dll,

    afzdbl.dll, bgwttyl.dll, dyrwls.dll, ugofuq.dll, gtawclv.dll, vjxwnn.dll, khtbpdl.dll, cfqbw.dll, fdpzgi.dll, gusur.dll, Cyberlog-X

    infections, Trojan-Spy.win32@mx,

    Security Toolbar Registry Entries: (incomplete list, this is all that I KNOW of)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5574E139-F59C-4bee-9A61-150B0D3A16C7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
     
  12. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    It is wrong to tell people to turn off system restore, before their system is clean.

    This is because there won`t be anyway to restore the computer properly. Better to be able to restore to an infected state, than not at all.

    System restore should only be turned off, then on, once the system is clean.
    Also, our removal instructions HERE seem to take care of most of the infected files when present and almost always the Security Toolbar 7.1 itself.

    A lot of the files you mention are nothing whatsoever to do with the Security Toolbar 7.1 and are from lots other infections, that may or not be present on a system by system basis.

    Regards Howard :wave: :wave:
  13. antisecuritygir

    antisecuritygir Newcomer, in training

    I am letting people know what I went through and how I solved my issue.

    I tried the steps without turning off the system restore and it didn't work, I couldn't get my system clean until after I cleared that out.

    And I DID try following all of those steps BEFORE I fixed my computer and NONE OF THEM WORKED FOR ME.

    This is the only way I got my computer back. And now my computer is running better than ever before.

    What good is an infected system restore?
  14. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    An infected restore point can still be used to restore a computer that won`t run if something has gone wrong during the cleanup process. Believe me, I have seen this happen on several occasions and it aint pretty. ;)

    The idea of following the steps in our sticky, is to post the requested log files once done and await any further clean up instructions.

    Are you absolutely sure your system is clean?

    Lack of symptoms is no guarantee that the system is clean.

    If you`d like to post a Combofix log, I`d be very happy to take a look at it for you.

    Regards Howard :)
  15. coppertopfm

    coppertopfm Newcomer, in training

    try this

    I used the trial version of the program UnhackMe for the same problem and it got rid of my problem. You can also buy the program for $20.00.

    Try it it really works and you can use for free for 30 days.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.