pardon my rant, but...
Last night I was up until all hours trying to remove a toolbar (turned out it was actually 2 different toolbars) that some website decided that I should use instead of the one that I like.

No matter how many times I removed it...it came back.
I even clicked on one of its buttons and...instead of going where it said it was going to...it went to a search engine that I've never heard of. After following a few help links...and being told how lucky I was to have this crap on my machine...I found an uninstall tool for the toolbar. I reluctantly downloaded the file and ran it...and rebooted as instructed...and POOF...nothing happened.

I tried a few free spyware/adware removers...all found the file...none removed it.

I finally paid $30 for a program that said it would remove the problem (along with a bunch of others) and it seems to be gone...so far.

My question is....what are these people thinking? Do they honestly think by 'taking over my machine' I and going to be so impressed that I will make their site my home page? Or that I would ever consider buying anything from any company that was in any way even remotely involved with them?

I know this is a fairly popular marketing technique now...but WHY? And I thought spam was bad...at least you can delete that.

Thanks for letting me vent!

Did you reboot after running the spyware/adware programs?

I'm curious because a friend of mine seems to be having the same problem with a toolbar taking over his browser, and no matter what is done he can't get it removed.

I've tried helping him, because I've ran into the same thing, but for some reason what I've done doesn't work in this case - unless I'm forgetting a step or I've just been lucky, I'm not sure which it is?

[quote="wenwilder"]Did you reboot after running the spyware/adware programs? [quote]

Rebooted...re-ran the programs....rebooted again. Nothing worked.

HijackThis found the files but could not clean it.
Spy Hunter is the one that finally killed it. Downloaded their free version...it found it...along with 35 other Cookie based parasites and 150 file based parasites (gotta find out what sites my kids are visiting). Bit the bullet and paid the 30 bucks to buy there full version to remove it. And it worked. The only part that really bothered me was that Spy Hunter showed me that some of these parasites were meant to allow someone to gather personal information from my system...credit card info, etc....but to by their program, I had to enter Credit Card information.

The toolbar is still listed on my view/toolbars menu...haven't been able to get rid of that yet...but at least it is no longer controling my system.

Take the company who put the unauthorized toolbar on your system to court. Sue them for reimbursment of your software purchase, your wasted time, and legal fees. Also file a complaint with the FBI.

SPYBOT!!

http://security.kolla.de

SPYBOT!!

I second that motion.

Haven't had the toolbar fiasco (fortunately), but when I was in my web stats program this a.m. I saw that someone has linked to me from their blog. I went to the URL and sure enough, there was a link--but it was directly to my site's contol panel!!

When I was looking for contact info, a bunch of adult site pop-ups appeared, but no contact info. I did a whois search and have located the site owner. Now what?

Any ideas are welcome.

Thanks,

Judith

I have had the toolbar problem, but also I have had a spyware program that highlighted keywords on any web page I was on and when you clicked on the keywords it sent me to a dating site...

I saw this happen to keywords on several of the sites I have designed. I can not believe that this is legal. These crooks are re-directing my customers away from my sites...They are hijacking our sites!

Does anyone know legal contacts to get this stopped?

Thanks,

Rich

I know what it's like when you can't shake these things. Although I have my own online business I still work as a System Admin for a large company in the UK.

We have a trust policy with our PC users, we trust them not to download software or visit sites that are "potentially hazardous" but the inevitable happens and all too often I have spend my time sorting out the mess.

I use a variety of tools to remove unwanted programs including some very dodgy toolbars, sure I use spybot and adaware but my last resort is HijackThis.

If you are not an experienced IT user then I would stay away except as a last resort, this thing is viceous but very effective.

You can read about it and get a free copy at several sites including:-

http://www.spychecker.com/program/hijackthis.html



As I say, HijackThis is usually my last resort but I have to admit, it has got rid of the most stubborn programs.

Now if only I could find a program that would save me having to do the autopsy on the users PC to determine how it got there..... Ah well.

Regards

Steve
www.e-readit.co.uk
The Online bookstore
that offers you more.

Spybot search & destroy is great.
Just use it with caution it can really clean you up.

Can't really sue them I don't think. Because I think that toolbar your refering too was put there because of something you probably clicked "ok" too. The only reason I say this, is because I just took one of these stupid things that was hijacking my brothers XP machine, off........ and boy was it a pain in the rear.

It ended up that the only thing that worked real well for me was http://mjc1.com/mirror/hjt/ << page hijacking "fix"

A great forum (not that this one isn't) that is DEDICATED to spyware and spyware removal software is
http://www.spywareinfo.com/ I HIGHLY recommend it if you run windows.

I don't run windows, but I do get paid to fix Windows computers, and that site (plus google) are lifesavers :)

1) They created and planted the toolbar. (problem)
2) You freaked out and spent $30 (reaction)
3) They sold a $30 solution to a problem they created.

brillant

you live and learn

Has anyone tried searching the registry for references to the parasite. I got rid of the GATOR parasite/toolbar by searching the registry for GATOR. After deleteing every reference, it went away.

I have an elderly neighbor who had this problem. To top it off, he's Italian and speaks broken English. He asked me to look at his computer and sure enough his toolbar had been hijacked by a porn portal and his home page had been changed. He was getting daily porn come-ons in his email and every now and then nice photo would show up unannounced on his desktop. The first thing I did was to clear all his cookies and, reset the home page and turn off the toolbar, but no dice. It still came up every time I restarted IE. So I decided to download Ad-Aware. Every time I tried to go to Lavasoft, IE crashed. If I tried Google or Altavista, IE crashed. Not only wouldn't this program go away, it wouldn't let me download anti-spyware or use a different search engine! So I went back to my house, downloaded Ad-Aware, burned it onto a CD and brought it back to his house. Had to reboot the computer -- the program was running off a DLL in his Windows directory -- but I eventually got rid of the program. He still gets lots of spam for Viagra and, er, equipment enlargers, but that's another problem.

I feel for ya' on the toolbar. I haven't had that happen yet (yet) but have had some similar pests. Not long ago I accidentally clicked 'yes' on a “make this site your homepage” pop-up. For about a week I toiled with removing that. Re-installing the browser, etc. did no good.

Finally I remembered what really makes windoz work- the registry! Zip zap and gone. Since that time I have had to use the registry to remove a few other things. There are a few sites, the ones I've found are in Europe, that seem to want persistent virtually impossible to locate mini-programs to run whenever I log on.

I use a decent registry cleaner, ctrl-alt-del to see what else is running and of course a firewall. Sad that the Internet is drifting this way. From “autoloads” to persistent pop-ups/unders that seem to never want to disappear to spam this once upon a time great place to find the weird and off the wall views is growing.

I can still remember all the newsgroup flak when a couple lawyers started selling their services :-) Times change. Those lawyers merely showed everyone else the door, now we all enjoy the stampede.

What may seem an annoyance to one person is a marketing tool to another.

I actually believe this should be illegal. owever, "policing" the internet is so scary it might be easier to let it run its course as infuriating as it is.

when I was in my web stats program this a.m. I saw that someone has linked to me from their blog. I went to the URL and sure enough, there was a link--but it was directly to my site's contol panel!! When I was looking for contact info, a bunch of adult site pop-ups appeared, but no contact info. I did a whois search and have located the site owner. Now what?

what was the context for the link to your control panel, out of curiosity? do you think this is an attempt to hack your site in some way? As a start, I would be inclined to contact the site owner and ask him for some answers...

When I was looking for contact info, a bunch of adult site pop-ups appeared, but no contact info. I did a whois search and have located the site owner. Now what?

Any ideas are welcome.

Thanks,

Judith

If nothing else report the whole incident to Consumer Sentinel (http://www.consumer.gov/sentinel/index.html) if they don't handle the problem they'll know who does.

I really would like to know what toolbar you got "stuck" on your PC so I don't do that. Thanks.

Sounds like they were using a BHO to make sure the toolbar loaded up each time the browser was restarted, even if you'd tried to remove it via conventional means.

A BHO is a Browser Helper Object. If you want to keep tabs on what BHO's are trying to install, get a free program from Wilders' Security called Spyware Guard.

Also download their Spyware Blaster, which sets the CSLID kill-bit for known malicious software, preventing it from running.

Get Spybot Search & Destroy, and install it's BHO, to prevent you from accessing known malicious websites, and install the HOSTS file entries from Spybot S&D to reroute known malicious websites to 127.0.0.1 (localhost). (Basically, it tricks your computer into thinking that the malicious website is hosted on your own computer. Since your computer probably isn't hosting a website, that site will come up blank.)

Also, get a program called SpySites, which will add the known malicious websites to the Restricted Zone, and set up your Restricted Zone to DISABLE EVERYTHING.

And finally, get Xteq's XSetup, which will let you tweak so many things it'd take an entire book to describe them all (many, many of them security related).

There are several other things you can do to make your security level higher... mine's so high that unauthorized programs/scripts can't run... I've actually downloaded a virus just to test this, and it blocked the virus' execution. This is because I'm running an application sandbox, so only the programs which I have authorized to run, can run. If they're changed (via virii infection), they can't run, and if they're an unknown file, they can't run. This, in addition to regular AV, real-time spyware checking, regular malware/virii scans, and a few other tricks make for a computer that's really hard to mess up.

For instance, I'm also hack-proof, for all intents and purposes, as I'm running a firewall with extensive IPSEC security protocol tweaking, and I'm running an obfuscation proxy that prevents a lot of the data leakage from IE (I can't even access the Windows Update site without dropping my proxy because the site can't determine what O/S I'm running). The GUID's (Microsoft calls them Product ID's.. they're essentially a form of super-cookie that can allow a website to track you) of IE, Windows, Media Player, etc. are changed every 15 seconds, so it's impossible to track me using that.

I'm also running my own high-security implementation of a DNS server, set up to automatically mitigate DOS attacks and prevent DNS cache poisoning. Hence, I can't get redirected to a malicious website by some hacker poisoning my ISP's DNS cache.

I've had concerted efforts at break-ins to these computers (one guy tried for over 3 days... I let him, just to see if he could do it... he couldn't), and DDOS attacks, all of which had no effect (except for, of course, the DDOS attacks taking most of our bandwidth during the attacks...). I backtraced the hackers, and started port scanning them at a rate of 100 ports per second... they quickly disconnected. One of the hackers was a script kiddie who had stupidly left their Messenger service running, so I did a Net Send to say hi. I doubt I'll be hearing from him again.)

If you do your homework and Google around a bit, you'll also find a way to enable a fifth Zone in your Internet Options>>Security control panel applet, called 'My Computer'. You guessed it, you can use it to tighten up the security of the scripts/programs running within the local computer. I've got mine set up so the security is actually higher than my Internet Zone security settings (Javascript is disabled, scripts can't run without asking, etc).

Think of the internet as a very cold, very windy, very barren place near the North Pole. If you want to stay warm, you have to dress in layers. And if you don't want to get eaten by the polar bears, you had better make sure they can't get near you.

Thus, dress your computer in security 'layers' (for instance, adding all known malicious websites to the HOSTS file and redirecting them to localhost, and adding all known malicious websites to the Restricted Zone in your Internet Options>>Security control panel applet; or running an application sandbox to prevent virii from running, and running AV software).

And, make sure the hackers (the internet's 'polar bears') can't get near you by ensuring that you have a properly configured firewall, IPSEC security protocols, preferably a NAT router, and for God's sake, STAY AWAY FROM THE POLAR BEARS! In other words, don't frequent the sites or download the software that may get you into trouble.

The benefits are numerous... I've got a fast, stable, practically maintenance free machine that's a dream to use despite being complexly configured. I don't have to worry about hackers, virii, spyware, adware, malware, and I haven't seen a pop-up in ages. (for that matter, I don't see very many advertising banner-ads on websites, either, they're all blank...).

Because of my setup, it's impossible to visit these malicious websites... my proxy rewrites the HTML code before it reaches the browser, and removes any links to known malicious sites (something you might think about implementing if you have kids in the house who insist on visiting these kinds of sites), and even if I did somehow manage to click a link to a malicious website, it'd show up either blank (because of my HOSTS file), or be so severely restricted that it couldn't do anything (because it's in the Restricted Zone).

THAT is layered security.

LOP toolbar ,search option installed by my daughter.

The so called removal software is VIRUS riddled. Do not use this.

I can only fix with a Format/ reinstall programs.

Minstrel,

The link to my control panel appears on a list of links on the main blog page. I'm wondering about hackers too. I like your suggestion about contacting the site owner and asking questions. Will try that via email and get back to you if I get any answers, although I expect to be ignored. I have reported the problem to my host, but don't expect they will do anything. It has just occurred to me that maybe I ought to go to their blog and click on their other links to see where they go.

Consumer Sentinel looks very interesting, though it appears to focus on fraud, identity theft, and use of internet to bilk individual consumers financially. I will look around that site and see if there's anything useful.

Thanks for the suggestions,

Judith

Can anyone recommend a program for Mac users?

Can anyone recommend a program for Mac users?A program to do what, tj?

LOP toolbar ,search option installed by my daughter.


LOP is the one that started all of this...
I also noticed this weekend that going to AOL.com loads a DoubleClick parasite...now why would AOL allow that?

LOP is the one that started all of this... I also noticed this weekend that going to AOL.com loads a DoubleClick parasite...now why would AOL allow that?
Have you ever looked at the amount of junk AOL loads onto someone's system if they install the AOL software? And most of it is done without asking whether you want to do it... AOL isn't against junkware - they just want to make sure that only THEIR junkware is installed.

AOL is terrible when it comes to loading things on your machine with thier software...

But I'm not even talking about thier software...I just go onto AOL.com to pickup my e-mail and, BAM, Parasites!

I use Spybot S & D and it has an 'Immunize" function that blocks "secret" downloading of spyware etc. that is done without the users permission or knowledge!!
I have it set to alert me everytime it blocks something - I cannot believe how much it blocks, even from 'reputable' sites, and I'm talking major news sites and the like!

http://story.news.yahoo.com/news?tmpl=story&cid=581&e=3&u=/nm/20031118/tc_nm/tech_spyware_dc

Here is a decent article on the legal issues.

http://story.news.yahoo.com/news?tmpl=story&cid=1804&e=3&u=/washpost/a58655_2003nov18

Here is a more proactive article.

Rich

sorry, .....spyware removal software for the Mac

thanks

sorry, .....spyware removal software for the Mac - thanks
I don't use Macs so I can't give you a personal recommendation but here's one that has been recommended by others: MacScan (http://macscan.securemac.com).

ran a scan last night...
and the original five cookies are back. LOP.com is right there on the top of the list.

I ran a Whois on LOP.com and basically came up with nothing other than the regisrtar is TUCOWS, INC.

No phone numbers, no names, no e-mail addresses.

This is one I would love to go after!!!

I recently got an adware program i couldn't figure out how to get rid of... came thru internet explorer and messed up my address bar searches. Adaware couldn't find it, and 'fix IE'(under add remove programs/IE) didn't work either. Also, reloading IE from the downloaded zip file (ie6.exe) didn't work either. Here's what I finally figured out and how: I downloaded a free very small program called BHODEMON... it disables the entries in the registry by renaming them. That's not quite what i wanted, so I went searching thru the registry (be careful when editing the registry, always back it up before modifying, and don't just go searching for things and deleting them willy nilly). In the registry there's an entry called BROWSER HELPER OBJECTS... that's where the adware helpers often make their entry. You can look there and use search to track multiple entries that are made throughout the registry. I then removed all of the entries that had anything to do with this particular spyware program. I also found the file [pathname].dll that the registry entry called (which had been downloaded as part of the spyware) and removed it from my computer also. (I had found this earlier using a date search when the problem first appeared, but was reluctant to delete it because it had a name that looked like something I shouldn't delete). The next thing I discovered was that if you open IE, then use tools/internet options/privacy/edit, you can selectively block any web addy you want. So, now everytime I run adaware, I look for the cookies it removes, go to the cookie (c:\windows\cookies) and edit it to find the web addy to block. So far i've blocked doubleclick.net, advertising.com, xupiter.com, fastclick.net, and several others. It works great!!!

Well...once again...last night it was back.
Updated all of my spyware scanners...ran them...still there.

Got the newest version of adware...updated the filerefs...ran it....did some registery editing....4hrs later seems to be gone...again.

To quote a friend of my who I was chatting with will I was working on this...'da bastards!