question about removing spyware from my comp.

I downloaded spybot s&d on the advice of a fellow cpf'er to check my computer for spyware and adware. I ran a couple of checks for spyware and the first time it came up with the program named "hotbar" It says it is a directory file or something and I hit the "fix problems" button on spybot and it supposedly fixed the problem. However, the next time I ran spybot it found the exact same "hotbar" program, for some reason spybot will not get rid of it. My question is: how do I delete this off my computer? I have looked all through windows explorer, and have not found it, and not being any sort of expert on this stuff I figured somebody on here would know how to get rid of this. Thanks! /ubbthreads/images/graemlins/grin.gif

something you installed checks for hotbars presence and finding it gone reinstalls it?
so called freeware often has these parasites bundled.
did you do the updates to spybots&d?
dont forget to use the immunize function after you get all the updates.

My work computer now has popups !
Even if I am not surfing the net, every so often they pop up.

I ran Adaware, and Spybot, both found some things, but the popups are still there. /ubbthreads/images/graemlins/frown.gif

[ QUOTE ]
jtice said:
My work computer now has popups !
Even if I am not surfing the net, every so often they pop up.
you either have spyware or need to turn off messenger service.under services.set startup type to disabled.
I ran Adaware, and Spybot, both found some things, but the popups are still there. /ubbthreads/images/graemlins/frown.gif

[/ QUOTE ]

You both might want to see what's loading at startup. See if there is anything you don't recognize/use and un-install it or at least remove it from the startup folder. See if that helps, if not ..... the search continues.

Mike

[ QUOTE ]
jtice said:
My work computer now has popups !
Even if I am not surfing the net, every so often they pop up.
/ubbthreads/images/graemlins/frown.gif

[/ QUOTE ]

Does your company have a network, and someone to maintain it? If so, I'd talk to them.

If you are responsible for your own firewall and disabling unnecessary services, that's another matter.

Home computers need a firewall. XP has one built in. You can get "administrative alerts" through the old NT style Messenger Service, although a firewall should block it. IF you are on your own, you can disable the service called "Messenger".

XP has one (or two) of those instant messaging things like AOL's instant messenger that can generate popups, I think.
I guess it is called Microsoft Messenger, or something like that. I have mine disabled though it took a while to figure out how to do it. Actually my ZoneAlarm firewall prevented it from doing anything anyway.

bwcaw, you might want to look here for hotbar removal.

http://www.pchell.com/support/hotbar.shtml

I'm not an expert but I think I can get rid of it for you.

It's in your registry. Hotbar usually comes from an email sent to you by someone you know. It has smiley faces.

To get rid of it do these things.

Make sure Adaware and SearchAndDestroy have been updated today and then run them again.

Make sure you have WinZip. If you don't get a free trial copy here: http://www.winzip.com/ddchomea.htm

Go here http://www.lurkhere.com/~nicefiles/index.html and download HiJackThis. It will come to you in a zip file. If that link doesn't work go here: http://www.spywareinfo.com/~merijn/downloads.html That's the guy who wrote it. I trust both of these sites.

Before proceeding know that we are going to be in your registry so go slow and be careful.

Shutdown your browser and any programs you have running that you might not want anyone to know about.

Open HiJackThis.

On the config button, make sure backups is checked. If we make a mistake we can go get your original registry.

Run the program using the SCAN button. It's very fast.

Save the log by using that button. Copy and paste the log to notepad and save it.

What we are looking for is in an BHO (browser helper) [browser hijacker] one of them is going to say hotbar near the end of that line of the log.

If you are not comfortable with the process at this point you can copy/paste the log that you save in notepad and post it here in this thread and I'll tell you which BHO to checkmark.

If you are comfortable with the process, simply check the line that has hotbar in it and click the "Fix checked" button. That will get rid of HotBar.

Again I'm not an expert but I've used this program to get rid of ShopNav hijacker at home and get rid of HotBar at work. HotBar is a browser helper. ShopNav acts like a helper but is a hijacker. Here is what it looks like:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page=http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=

Also, I'll bet there is a simpler way to get rid of HotBar but I don't know it. The benefit of learning how to use HiJackThis is good.

If you decide to post the log here it is going to show what you are running. I wouldn't mind posting my log but you might.

If you decide to post your log, let's not fix this by committee guesses. Just listen to known experts (I'm not) like Silveron or James S or Empath or Snakebite or Mike or eluminator etc. Some of the newer members are experts also, but I can't remember their handles unless I see them.

Don't skip the step of checking for today's updates for Adaware and SpyBot then re-running them.

I'll check back in later tonight to see how you are doing.

- Jeff

Thanks guys, I will update spybot and try getting it from there, if that doesn't work, I will attempt icebreak's suggestion. However it will prolly be a couple of days before I have enough time to fool with it. It ticks me off that companies will install stupid crap like that in your computer withought your knowledge. I hope someday those slimeballs will get a big fat lawsuit. Thanks again guys! you are the greatest! /ubbthreads/images/graemlins/thumbsup.gif

What kind of pop-ups are you getting at work? I assume it is not the standard pop-ups that you get when you go browsing with IE.

I know of two other types... One is a plain windows message window with text and a close button (this is a windows messenger service for use by System Admins to send notices to everyone). You can go here for a simple program to turn it off (and learn more about it).

There is another group of pop-up server programs that get installed in your computer and will pop-up a full graphics/color ad in a browser like window--even if you are not browsing the web (just connected). Use either RUN MSCONFIG or Spybot Search and Destroy Advance mode, TOOLS, SYSTEM STARTUP and start disabling anything that does not look right.

Another way to find spyware/ad-server programs is to install Zone Alarm Freeware (even if you don't want to use it all the time) and it will tell you the name and location of every program trying to access the internet. You can then block, but more importantly remove from your startup file / hard drive any of these programs you don't want to run on your computer.

One other program you can use is Spyware Blaster--this prevents spyware from being downloaded to your computer in the first place (I think it is somewhat similar to Spyboot--but I am using a belts and suspenders approach to prevent problems).

Between all of these programs (including Adaware and Norton Antivirus or equivalents) I was able to clean a badly infected Windows 2000 machine without much effort (took an hour or two to clean).

-Bill

PS: To get rid of browser hijacking by search engines, I just installed the Google Tool Bar. It seemed to cleanup the search engines and it is also a good pop-up blocker.

And also, search for a "hosts" file (not the one in the \i386 directory). Sometimes you will find other entries besides the standard:

127.0.0.1 localhost

You can place a # comment symbol ("#") in front of any entry you wish to disable... Also, check and make sure that the file is not write protected or you will not be able to edit and save it.

-Bill

So.

No joy on this issue?