YES i got it!!! took forever to get rid of it. finally did it and theres still part of it left. or maybe its diff im not sure. there were a ton of things that got removed and i was left with 3 files that couldnt be removed by s&d. just keeps telling me to restart but it never works.


SURFSIDEKICK 3 is whats left. cant get rid of it. my anti virus doesnt even detect it. it puts more stuff on too. anyone out there that can help me?:scratch:

kioska
If you are not being helped at another forum, please follow these instructions.
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

Start a topic here:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)

Someone will then take a look at the system and advise you. :)

this damn thing is stuck on my comp. cant get rid of it. spybot detects it but it cant get rid of it. its really horrible. popups and such. also my windows installer pops up too. antivirus is useless. PLEASE HELP!!!!!!



found this!!

Infected with SurfSideKick?


Description
This application is Adware and may display pop-up or pop-under ads and direct the user to unsolicited websites. SurfSideKick displays ads, secretly downloads updates of itself, connects to controlling servers, and protects itself from deletion/uninstall.

Vendor
Its author is SurfSidekick.com.



Threat Level: High Risk
SurfSideKick Characteristics
Displays ads
Records personal data / keystrokes
Hijacks internet browser
Allows remote influence
Downloads unsolicited files
Disables programs / system
Makes unauthorized phone calls
Exploits a security flaw
Floods internet connection
Distributes threats
Tracks browsing activity with installed applications
Tracks browsing activity with cookies
Installs without user consent
Inadequate uninstall procedures
Insufficient privacy disclosure and consent
Uses excessive system resources



XoftSpySE claims to be able to get rid of it, but they will charge me 30 bucks to do it!! not even sure if i trust them.

hhhhmmmmmm

i was actually able to uninstall it. i doubt that worked though. my firewall wont turn on and the windows installer keeps poping up. i really hope someone can help me.

kioska please see my post above.

Re: XoftSpy, it may have been de-listed, not to say I personally would recommend it. ;)

Rogue/Suspect Anti-Spyware Products & Web Sites (http://www.spywarewarrior.com/rogue_anti-spyware.htm#notes)

thanks for the fast reply and sorry for posting in the wrong area!! :)

should i continue in this post with what is going on on my comp or create a new post in the malware forum and describe everything that ive done and is still happeneing?. there might be something there that can help others prevent what happened to me.

Hi there, you posted in the right area no problem. ;)

You could either post a Spybot-S&D log into this topic or a HJT log in the malware forum.


Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Cheers.

when i update spybot i am unable to update the advanced detection library. says bad checksum. sounds like something i need badly!!! :(

ok got the update thanks very much. doing a new check now!!!

Hello,

Many users have reported that they are not able to download updates. The 'Search for updates' reveals updates, but they cannot be downloaded. Often a 'HTTP Error 403' or 'bad checksum' is displayed. This has a simple reason - millions of people trying to download from the same server, which can't handle such a burden. In combination with the growing size of the detection file this is becoming a serious problem. We are currently considering possibilities to improve the situation. This includes the search for additional servers and ways of more effective compression. At least one server will soon be added, others will follow hopefully.

In order to overcome the problem for now, if you try again, have a second look at the update-menu-bar after searching for new updates. Therefore choose the update site from the navigation bar on the left. Now you'll see the update-menu-bar. It has a pull-down item to select a mirror. Click the arrow beside it, and select a different location (try the ones locatest nearest to you first), where you'll most probably have better chances to download. For a better understanding we have placed a picture at this link on our website:
http://www.safer-networking.org/en/howto/update.html
In section 4 you'll see how to select a download location nearest to you.

If this sounds too difficult please try to download the updates manually:
http://www.safer-networking.org/en/download/index.html
Here is the direct download link:
http://www.spybotupdates.com/updates/files/spybotsd_includes.exe
Just download and run that file - it is self-installing.

The information about "bad checksum" is also available in our FAQ:
http://www.safer-networking.org/en/faq/20.html

For more information please do also have a look into our forum:
http://forums.spybot.info/showthread.php?t=63&highlight=checksum

Best regards
Sandra
Team Spybot

will hopefully get everything fixed with the new update!! will post log when done if everything isnt fixed. the log will be very long though is there more i could uncheck to make it shorter?

ok heres the log. as per the instructions.

Edit.
Posted at the same time. ;)

ok after fixing the problems i did another search and found more items again.

Avenue A inc
Doubleclick

and i still get popups.

my problem with the windows installer is gone!! :)

also every once in a while i hear some clicks in the backround!! makes me nervous like someone is doing something on my comp i dont know about!!

should i post another log?

DAMN!!!

did a reboot and searched with spybot again and the same problems came up again.

for some reason the windows installer keeps coming up!!

the use source is

C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\

also i cant make my firewall work
says due to an unidentified problem windows cannot display firewall settings

and of course im still getting popups.

Hi there.
Please do the following:


Follow these instructions.
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

Start a topic here:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)

Someone will then take a look at the system and advise you as soon as able.

Please report anything the on-line anti virus scanner finds in the topic you start in Malware removal.

Also see here:
Sun Microsystems~Java. Check it is up-to-date & old versions removed (http://forums.spybot.info/showthread.php?t=2559)
You have old versions that need to be removed.

Cheers.

WOW i started uninstalling the java updates and the viruses didnt like that. all of a sudden things were popping up like crazy. spybot is continually blocking things now.

kioska:

You are running TeaTimer. I hope that you are not blocking the registry entries that were being deleted when you uninstalled jre1.5.0_04 and the new entries being added during the installation of jre1.5.0_06.

uhmmmmm

im not sure. should i turn teatimer off?and if i didnt what should i do?

ugh i cant get rid of the problems now. i run spybot in safemode and fix everything but its back when i start normally. :(

kioska:

re: TeaTimer.

The registry change portion of TeaTimer is not rule based. TeaTimer monitors approximately 35 registry keys. If any change is made to one of the registry keys that TeaTimer is monitoring a popup dialog is issued asking you to either "Allow change" or "Deny change", unless you previously used the "Remember this decision" and then answered "Allow change" or "Deny change" in which case TeaTimer will only issue a popup notification of the action it took.

I will repeat - the registry change portion of TeaTimer is not rule based. When you get a popup dialog such as the following:
Spybot - Search & Destroy

Spybot - Search & Destroy has detected an important registry entry that has been changed.
TeaTimer has not attempted to interpret if that registry change is good, bad or indifferent. The only thing that TeaTimer is doing, is informing you that a change occurred and giving you the opportunity to either "Allow" or "Deny" that change.

You should also keep in mind:
You cannot reverse any Registry change decisions ("Allow change" or "Deny change") that you make with TeaTimer. You have to redo whatever you were doing so that the Registry change is done again (or manually edit the Registry).
If you allow all changes, you would be no worse off than if I didn't have Teatimer Enabled at all.
If you deny the wrong change you can adversely affect the stability, functionality and security of your system.

If you understand what TeaTimer is actually doing from the above description, then you should be able to make an informed decision at to whether or not you should continue to use Spybot's TeaTimer.

re: The problems you are having.

I believe that tashi (http://forums.spybot.info/member.php?u=7) suggested that you post in the Malware Removal forum in the following post:
http://forums.spybot.info/showpost.php?p=18794&postcount=16

kioska
Please start a topic in malware removal and I will ask Lonny to take a look.
Don't worry about removing anything just yet. :)
Thanks.

thank u guys for the help ill start a thread.

New topic here:
http://forums.spybot.info/showthread.php?t=3469