TechSpot

Tool Bar 888 and Adrotator on my lap top!

By And 75
Jan 9, 2007
  1. Hi a newbie here, about a month ago down loaded a file from Lime Wire (never again) and woe behold my lap top starting going hay wire pop ups and all sorts.

    Anyway used adaware se, xsoft spy 04, norton 07 and avg free, has got rid of most of the nasties but having trouble to get rid of tool bar888 and adrotator and a few data miners

    Also help on fully removing norton 07. As was a waste of time and money

    All help much appreciated


    Many Thanks
    Andrew
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    If you got trouble removing Norton, you might try this thread: How to get rid of Symantec/Norton (for good!!).

    In any case, check out the Viruses/spyware/malware preliminary removal instructions and follow the instructions exactly. Then post fresh HJT and AVG logs as attachments as per this thread. Then we can see how badly your system is infected.

    Cheers and welcome to TechSpot! :)

    This thread is for the use of and 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  3. And 75

    And 75 TS Rookie Topic Starter

    Ok thanks for the information, will try later and post the HJT and Avg log files
    and see how we are doing


    Andrew
     
  4. Rik

    Rik Banned Posts: 3,814

    If you have any problems with removing Norton, then here is a set of instructions which should help you.

    Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


    This thread is for the use of and 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
     
  5. And 75

    And 75 TS Rookie Topic Starter

    Sorry for the delay, have run AVG nothing found, as with avg spy ware and sb s&d and adaware personnel se have run the HJT log file, attached, can any tell me if system is clean

    Tool Bar 888 pop up has stopped i think

    Any advice would be much appreciated

    Andrew



    View attachment hijackthis.log
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    C:\WINDOWS\system32\br_rt.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Update.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: mycpmads.com Browser Optimizer - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [{3A2ACFCC-06C5-2057-0120-052002c}] "C:\Program Files\Common Files\{3A2ACFCC-06C5-2057-0120-052002c}\Update.exe" mc-110-12-0000137

    O4 - HKLM\..\Run: [{3A2ACFCC-0320-2057-0120-052002c}] "C:\Program Files\Common Files\{3A2ACFCC-0320-2057-0120-052002c}\Update.exe" mc-110-12-0000137

    O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Common Files\{3A2ACFCC-06C5-2057-0120-052002c}\Update.exe

    C:\Program Files\Common Files\{3A2ACFCC-0320-2057-0120-052002c}\Update.exe

    Reboot into normal mode and rehide your protected OS files.

    Rename HijackThis.exe as per THESE instructions and post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. And 75

    And 75 TS Rookie Topic Starter

    Hi many thanks for the help, have followed as per instructions and have attached an upto date HJT log, can you tell me if my system is now clean, is a bit slow, but only have 256mb of ram so intend to upgrade ram.

    Also notice Yahoo tool bar that I did not put there, how do I get rid of this.

    Plus have to fully remove Norton.

    Hopefully no more pop ups or anything else
    Thanks again
    Andrew



    View attachment 12615
     
  8. Rik

    Rik Banned Posts: 3,814


    You have not followed this part of Howard's instructions, it is very important that you do so and then post a new HJT log.



    This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. And 75

    And 75 TS Rookie Topic Starter

  10. Rik

    Rik Banned Posts: 3,814

    You have still not done it correctly.

    Taken from your hijackthis log - C:\DOCUME~1\HPUSER~1\LOCALS~1\Temp\Temporary Directory 2 for Analyze.zip\HijackThis.exe

    The instructions clearly state the following - "Rename the Hijackthis.exe file to Analyze.exe. This is because some malware can hide from HijackThis.exe."


    This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. And 75

    And 75 TS Rookie Topic Starter

    Think last attachment was incorrect

    So here is the correct one hopefully

    Andrew




    View attachment 12645
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. And 75

    And 75 TS Rookie Topic Starter

    Many thanks to you Howard, Rik and Kitty Kat, lap top running much better and ordered more ram yesterday so should be sweet.


    Least have learnt to ditch Norton, shocking.

    Thanks again

    Andrew
     
  14. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Excellent. Glad to hear your problem's solved.

    Cheers :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...