spyware toolbar won't be uninstalled

[Guest]

My boyfriend who downloaded a legitimate program that someone had attached
spyware. It's called thesearchmail.combar, and it installed itself, along
with it's very own homepage titled " Search Everything". When he uses XP
search engine to look for the program files associated with this toolbar &
homepage, the search comes up negative [ using "combar", "searchmail", etc.
Outside of uninstalling Widows and re-building his partition, is there
anything he can do to get rid of this? Is there any way to trace those who
run the homepage "Search Everything"? He's using the XP firewall and Norton
Anti-virus, as well as Adaware SE [free version].

 

[Wesley Vogel]

That's why the "legitimate" program was FREE. You pay by getting the
spyware installed on your machine. No such thing as a free lunch. Did he
read the EULA?


Some of this does not apply if you have Windows XP SP2.

First. Make sure of these settings and nothing will install without you
answering YES. (Except what may install as part of some other software.)
Don't click YES if you don't know/trust the source.

Start | Settings | Control Panel | Internet Options | Advanced tab |
Make sure both of these are NOT checked.

 Enable Install On Demand (Internet Explorer)
[[Specifies to automatically download and install Internet Explorer
components if a Web page needs them in order to display the page properly or
perform a particular task.]]

 Enable Install On Demand (Other)
[[Specifies to automatically download and install Web components if a Web
page needs them in order to display the page properly or perform a
particular task.]]

Apply | OK

 Enable Install On Demand (Other)
Is part of the driveby downloading of unwanted programs. i.e. Scumware or
whatever will install w/o you even being aware of it.
=====

Second. If you need a scan right now.

Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

=====

Third.
It is known as scumware. Visit these sites. 1, 2, 3 and 4 are really good.
Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

1) CWShredder ver. 1.59 direct download:
http://www.merijn.org/files/cwshredder.zip

1a) CWShredder ver. 2.0 direct download:
http://www.aumha.org/downloads/cwshredder.zip

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (some other stuff that may be of interest also)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

=====

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

How To Install Spybot Search and Destroy & a brief tutorial
http://tomcoyote.com/SPYBOT/index1.php

HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
=====

MVPS HOSTS file is a free download from:
http://www.mvps.org/winhelp2002/

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
=====

Problems uninstalling? Here's some advice.
http://www.kephyr.com/spywarescanner/uninstallproblems.phtml

Additional information & instructions.
A wealth of information here, boys and girls.

THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.htm

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Bugs, Glitches & Stuffups
http://www.mvps.org/inetexplorer/Darnit.htm

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Spyware and Deceptive Software
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx?gssnb=1

What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp

Cleaning Up XP
http://www.kellys-korner-xp.com/xp_c.htm#cleanup


--
Hope this helps. Let us know.
Wes

In

My boyfriend who downloaded a legitimate program that someone had
attached spyware. It's called thesearchmail.combar, and it installed
itself, along with it's very own homepage titled " Search
Everything". When he uses XP search engine to look for the program
files associated with this toolbar & homepage, the search comes up
negative [ using "combar", "searchmail", etc. Outside of uninstalling
Widows and re-building his partition, is there anything he can do to
get rid of this? Is there any way to trace those who run the homepage
"Search Everything"? He's using the XP firewall and Norton
Anti-virus, as well as Adaware SE [free version].

 

[Lanwench [MVP - Exchange]]

My boyfriend who downloaded a legitimate program that someone had
attached spyware.

Well, either he got an illegitemate hacked copy of the program, or it's a
free app that isn't really free. I'm voting for the latter.

It's called thesearchmail.combar, and it installed
itself, along with it's very own homepage titled " Search
Everything". When he uses XP search engine to look for the program
files associated with this toolbar & homepage, the search comes up
negative [ using "combar", "searchmail", etc. Outside of uninstalling
Widows and re-building his partition, is there anything he can do to
get rid of this? Is there any way to trace those who run the homepage
"Search Everything"? He's using the XP firewall and Norton
Anti-virus, as well as Adaware SE [free version].

Has he tried Spybot Search & Destroy? (http://security.kolla.de)

Also try posting in m.p.windows.security for the most help with malware, as
well as checking out

Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines:
http://mvps.org/winhelp2002/unwanted.htm

 

[Guest]

It is hijackware. Removal instructions can be found at the following URL:
http://www.ozzu.com/ftopic33021.html

You may also want to try Spybot Search & Destroy:
www.safer-networking.org