Security Toolbar 7.1

[Ustlach]

I read as much as I could about this trojan/virus on these forums. The "Cannot uninstall Security Toolbar 7.1" thread is apparently closed so I did not attempt to post to it and am trying to start a new thread.

I let a young friend use my lap top and within a minute or two he had picked up the Security Toolbar 7.1. Fortuntately he told me about it immediately and I have not contacted any of my usual websites. I use the internet a lot for banking and other sensitive activites and from I have read this trojan/virus can create serious problems.

One poster recommended a complete disc reformat and reload of OS and software. Unfortunately my HP Pavilion laptop did not come with any installation cds. There is a partition on the harddrive with backup of some of the non-OS software.

I am not able to restore to any of my previous restore points. All restoration attempts fail. I assume the trojan is managing that.

I scanned with Spybot. It found a few problems and fixed them, but it did not fix the Security Toolbar 7.1 problem.

I am scanning now with AVG. (By the way, I also have a pc and am using it to do this work.)

I read an impressive and convincing post here by AntiSecurityGirl, from November 2007. Has anyone followed her advice and successfully gotten rid of this trojan?

Anyone with any other pertinent and useful information about getting rid of this thing, please post.

Anyone know how I get installation cds from HP for my laptop without a major hastle with them. I am willing to pay for them.

Thanks to you all.

 

[kritius]

Have you followed all the steps in the Viruses/Spyware/Malware, preliminary removal instructions?

If you repost with the three requested logs then im sure that somebody will be able to help you out.

Also it might be good to post the specs of the laptop in your public profile.

Good luck with it.

 

[Ustlach]

Dear mohrng,

I just posted about the Security Toolbar problem. I did not see this thread of yours and I apologize the many other nice people who contribute here, especially the specialists.

So you are convinced of this 15 step mehtod? Did you have any trouble following the steps; were they all clear enough for a non-techie like me to follow?

Thanks.

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)

I have completed Julio's 15 point process to remove a trojan. In this case it was the Security Toolbar 7.1 problem.

I got no files with problems from the Panda Antirookit scan.

Looking forward to hearing from any TechSpot guru about my log files, which are attached.

Thanks.

jb

 

[Ustlach]

Security Toolbar 7.1 issues

Kritius,

Thanks for your reply.

I just found another thread on this subject. I am totally new here and I am not having much luck using the search tool. I get way more than what I ask for and I missed the recent thread by mohrng.

I saw Julio's post, the 15 steps, which you referred me to again. I guess I will start that process and several people have recommended. It scared me off at first because he said if you do any banking or other serious work (other than gaming) with your computer, you better not attempt to cleanse your system of this trojan. It would have already stolen passwords etc. and the likelihood of major problems, stolen identity, etc. are great. But as I thought about this over night, I figured he must mean those passwords would have been picked up by the trojan as I entered them after getting infected. I have not used my laptap at all since I got the infection, except to look for ways to get rid of it. I have not accessed any of my sensitive websites or accounts.

And since I have no re-installation cds, I cannot restore anyway.

I will try to complete as much of the info about my laptop in my profile as I can. I probably won't understand what it is asking me for. But I will try.

Thanks for your help.

 

[kritius]

Go HERE and download SysSpec.exe it will tell you the majority of what you need to know about entering your system specs.

i just saw your post in that thread after replied in this one, with regards to the search function, if you go to advanced search and search by key word then select search titles only, it should narrow down what your trying to search for.

Good luck with everything and im sure if you have any questions im sure that someone will be able to answer them.

 

[Ustlach]

SysSpec

I am so leery of downloading anything.

Will this program give me a list of specs that I would refer to in order to complete my system profile, or would I somehow refer interested parties to the reports that this prodect generates?

I really don't think I will be able to complete that profile. It looks way over my head.

jb

 

[kritius]

It'll give you a list of specs that you can use to fill in the profile.

Even if you just give the basics then it would be some help, fill in what you can and then leave the rest.

The priority is getting your system clean so I would concentrate on following the 15 step plan.

Good luck

 

[momok]

Posts moved and threads merged. Please use only this thread for your problem now.

1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
   
   

   Folder::
   C:\WINDOWS\wt
   Registry::
   [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e00263-a383-11dc-a266-00130247ef8d}]

2. Save this as CFScript on the desktop.
3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
   
   
   
   
4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
   Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of Ustlach only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[Ustlach]

Doesn't execute

I cut and pasted the command (including the space in the word "m ountpoints2") and it simply appears on my screen like the opened .txt file and does not execute.

I will attach the script file. I took the space out of the word "m ountpoints2" and saved it and tried it that way. Still did not execute.

Let me know if I should put the space back in.

Any ideas?

 

[momok]

Hi,

Leave the space out of the command. Have you tried running this step in safe mode? You need to drag the txt file over and release on the ComboFix exe file.

Edit: If you still can't run it, post the fresh logs I requested anyways.


Regards,
momok

 

[Ustlach]

Still does not execute

When I drag and drop the script file onto the Combofix.exe in your post it first pops up a message with a yellow shield and an exclamation point and this message:

To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options....

I click and get something like this:

Allow Blocked Content
What's the Risk
_______________________
Information Bar Help

I click to allow blocked content and then IE browser simply opens the script file and displays it to me.

I do the above two times and on the third time I no longer get the pop up message. The browser just opens the script file.

I cannot connect to the internet from safe mode. It says the server or page is not found.

I will work on doing the scans and reports you requested.

Thanks for your help.

Thanks again.

jb

I have the scan logs ready. But I cannot see how to attach them while editing this post...and I was instructed not to make a new post when there were no intervening posts. Please advise.

jb

 

[momok]

Hi,

Are you able to still run ComboFix without the script? If so, please do a scan in normal mode. I await your new logs.

Regards,
momok

 

[Ustlach]

Please see my previous post re: using CFScript. Cannot access internet while in SafeMode.

I ran the two scans and will attach the logs.

Thanks.

jb

P.S. I am anxiously awaiting your further instructions and advice.

 

[momok]

Hi,

The AVG scan is not a fresh log. I would like to see a new log from a new scan. Also, I requested you to run ComboFix in normal mode without using the script file. Please do so and post the fresh logs. Please wait at least 24 hours for a reply before bumping a thread, and at least 48 hours before a private message.

Regards,
momok

 

[Ustlach]

Scan Logs & Reports

Attached are most recent scan logs & reports.

 

[momok]

Hi,

It appears that the combofix script did somehow execute, as the entries are already removed.
Your logs look clean now.

1. Please download and run CCleaner via step 9 of the instructions HERE.
   
   
2. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
   
   
3. Turn off system restore (XP/ME only). Learn how to do that HERE.
   This will remove all the remaining nasties from your old restore points.
   
   
4. After that turn system restore back on.
   This would have created a new safe and clean restore point for your system.
   
   
5. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
   May I recommend you to read this article.
   This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
momok =)

This thread is for the use of Ustlach only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.