PDA

View Full Version : Site Bar - How do I Remove this?!??!?!



lokkovieira
2005-10-24, 15:21
I got infected with a spyware called sitebar... Spybot detects part of it but even though i delete all the files and registry entries i can find related to it, it always come back!!... after 10 minutes my internet freezes... also this spyware makes it impossible to update spybot!!!(I have the latest version, but everyone should be aware of this)

PLEASE!!! SOMEONE HELP ME REMOVE THIS F....... SPYWARE!!!!

spybotsandra
2005-10-24, 15:28
Hello,

Which version of Spybot do you run?
Do you have the latest updates installed?

Best regards
Sandra
Team Spybot

djpailo
2005-10-24, 16:53
post a hijack-this log.

Please do not request HJT logs, thank you.

lokkovieira
2005-10-24, 17:24
im running spybot 1.4 up-to-date...
...and i dont know how to post the 'hijack' of the log

lokkovieira
2005-10-25, 01:13
im sorry not for posting the hijack... I've formatted my pc already... i know it could have been useful but i had to be able to use my computer 'today'...
...here are some screenshots i think that might be useful to someone...

1-it creates some files on c:\
http://geocities.yahoo.com.br/lokkovieira/files.JPG

2-runs cmd.exe
http://geocities.yahoo.com.br/lokkovieira/cmd.JPG

3-runs tp.exe
http://geocities.yahoo.com.br/lokkovieira/tb.JPG

4-opens the following pop-up
http://geocities.yahoo.com.br/lokkovieira/pop-up.JPG

5-after i close the pop-up it tries to open the following site
http://geocities.yahoo.com.br/lokkovieira/site.JPG

6-after I close tp.exe it runs low.exe
http://geocities.yahoo.com.br/lokkovieira/low.JPG

7-after I close low.exe it runs mmxateam.exe
http://geocities.yahoo.com.br/lokkovieira/mmxateam1.JPG
http://geocities.yahoo.com.br/lokkovieira/mmxateam2.JPG

8-after i close mmxateam.exe it runs is.exe
http://geocities.yahoo.com.br/lokkovieira/is.JPG

9-after i close is.exe, cmd.exe is aslo closed... my start bar(start menu) freezes and my browser(firefox) says 'done' instantly to anything i try to open and shows me nothing...

well, thats all thats left of the spyware in my computer now... hope its of some use to help other people... :o

lokkovieira
2005-10-25, 01:20
ow, yeah!... i think the spyware entered my computer via a torrent I downloaded.... here's the torrent link:
...not sure though... I downloaded 2 alcohol torrents yesterday.. i think this one is 'the one' to blame...
..if that's is not the one, then it has to be this one...
...good luck with it guys!

Removed links, if at any time you wish to submit files please do so to: detections@spybot.info
Thank you. :)

bbchai
2005-11-09, 08:12
So can I use Process Tamer to check the Sidebar virus you all are talking here?:)

bbchai
2005-11-09, 08:14
:) So can I use Process Tamer to check the Sidebar virus and other spyware (like the Hijacking of the localhost of IIS) ?:)

[Duplicate Posts Merged]

tashi
2005-11-09, 09:08
Hello.
The topic is Site Bar, do you have reason to believe your computer has this infection?

lokkovieira
2007-01-04, 15:46
yes, it had. before I formated it.

tashi
2007-01-04, 17:48
Ok. :lip:

Anytime you might have a difficult infection that is not removed by the usual methods, please feel free to request assistance in our Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Cheers.