Avast WEBforum
Other => Viruses and worms => Topic started by: Telegraph_Sam on December 18, 2011, 12:12:49 AM
-
I was downloading a program from CNET and was "forced" to accept installation of the Babylon search toolbar also (I should of course have discontinued the download). All attempts to get rid of it by Revo uninstalling and manually deleting babylon files thrown up by searching my folders have been unsuccessful. (one file S-I-5-21-195799 .. refuses to be deleted). Can Avast fix this?
It comes up whenever I open a new tab in Internet Explorer 8 - the default page is set at blank. I use Windows XP
-
Hi,
You could follow the instructions given here: http://www.ehow.com/how_5104258_remove-babylon-toolbar.html
polonus
-
Thanks for the instant reply. Unfortunately 1. there is no babylon icon next to my system clock and 2. Babylon no longer appears within Add / Delete Programs (after I used Revo Uninstall). Yet the Babylon page still appears when I open a new tab! I think this might require a more radical (Avast?) solution!
-
I shall ask for one of the official removers to help you to get rid of it.
Wait for him to appear and follow his instructions,
polonus
-
What was it that you were downloading ?
This is one of the very reasons why many of us have stopped using cnet and been saying not to use cnet as it has this wrapper that also downloads crapware.
You should be able to find whatever it is you want to download at majorgeeks or snapfiles, etc.
-
Interesting - I had up to now assumed that CNET / Downloads.com was "kosher".
There is quite some correspondence on the CNET Forum from earlier this year from folk who have had the same affliction as I have. I followed up one of the solutions and was able to stop Babylon from appearing with Firefox, but not with Internet Explorer 8 which I use more often.
I think it was the latest Foxit pdf reader that I was downloading. Previous downloads never had the Babylon "option" forced on me.
I will wait to hear from the official remover. The key might (might) have something to do with the file S-1-5-21-1957994488-1425521274-725345543-1004 which was the one babylon file which refused to be deleted manually after my search of my hard drives. It cropped up in both the C:\Recycler and D:\Recycled folders.
-
Glad to see other share my opinion that cnet is a spyware/crapware monger. To bad it took this long for the rest of world to realize this. I knew this many moons ago.
-
Hi lets remove this little bugger
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
babylon*.*
/md5stop
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
-
Before undertaking radical surgery (= registry alterations??)I thought I would try all the easy and obvious alternatives first:
Avast full system scan - nowt
Avast boot scan - nowt
Malwarebytes - nowt
SuperAntiSpyware - positive threats (unrecognised) - removed
Sophos Anti Root Kit - positive threats (unrecognised) - removed
Spybot Search and Destroy - identified Babylon Search Bar - removed
Result: In IE 8, which defaults to a blank page on opening, the s**ing Babylon page STILL opens up when I open a new tab.
Next step will be your OTL approach after all!
- The Babylon people must be pretty competent to have got their file so deeply embedded
- For all I know the Babylon page might perform a useful function, but I would prefer to be the one to decide if and when to call it up.
- Does not CNET guarantee to be free from spyware? [This was the first such incident that I have experienced in many downloads - identifiable as such and presumably avoidable - but one is one too many]
-
Does not CNET guarantee to be free from spyware?
No, it's not anymore.
-
Hi lets remove this little bugger
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
babylon*.*
/md5stop
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Attach both logs
I had not realized until re-reading your msg that what you want is something like what I assume Hijack This does (I have never used HT myself). I have done exactly as you said and the two logs are attached. Await your thoughts!
-
from the OTL log it seems you have avast and Comodo internet security installed.... does this comodo have antivirus ?
it also show some McAfee security scan ?
Never install multiple AV as this will create all kind of windows errors and false positive detections
Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638
it is recomended to run a removal tool so all leftovers are gone when removed
run and reboot - Uninstallers for Security Software
http://thewebatom.net/uninstallers/security-software/
-
I did not think that I had more than one AV program installed. This should be Avast.
Comodo as far as I am aware is a firewall only (not a full suite).
McAfee Security Scan is something which offered itself to me only recently (I can't remember the exact origin). I was suspicious at first but it "seems"(!) genuine enough .. If it only scans then it should not conflict with another AV program.
If I run the uninstallers you mention, will this not leave me unprotected? At this stage I only want to get rid of Babylon!!
-
If I run the uninstallers you mention, will this not leave me unprotected? At this stage I only want to get rid of Babylon!!
no...you still have avast, and if your Comodo install is only firewall then it is okay..
The McAfee i would remove...even if only a scanner it can conflict...see the reply from quietman7
you may wait untill essexboy have commented on this...
-
In the meantime could I use the various other features (which I don't understand)of Old Timer to backup other attempts to "fix" the problem? Or is it better to use it purely to scan and generate a "passive" log?
-
In the meantime could I use the various other features (which I don't understand)of Old Timer to backup other attempts to "fix" the problem? Or is it better to use it purely to scan and generate a "passive" log?
Essexboy will use OTL to kill the malware.....if he see any in the Log, and depending on malware type
but you need to be trained in this to create the OTL fix......if not you may create paper weight
-
If you do not know what you are removing with OTL it could mess up your day
-
I don't know what I am removing - other than that it goes by the name of Babylon - so I will do nothing and await the results of the log scan. Tks.
-
Sorry about that I missed that you posted the logs
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2011/12/10 23:43:51 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/10/08 16:38:59 | 000,008,156 | ---- | C] () -- C:\WINDOWS\_000007_.tmp.dll
[2010/10/08 16:38:56 | 000,007,860 | ---- | C] () -- C:\WINDOWS\_000005_.tmp.dll
[2010/10/08 16:37:07 | 000,007,170 | ---- | C] () -- C:\WINDOWS\_000006_.tmp.dll
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Tks, will do as soon as Christmas commitments permit. Assume that it would be wise to create a restore point for safety before starting?
-
OTL will set a restore point for you
-
I should have seen that in the text.
I also noticed that it seems that OTE is being instructed to search Mozilla Firefox files. Previously following a tip I got from another forum (before coming here!) I was able to stop Babylon appearing when running Firefox. Since then it has only been apparent when opening a new tab in IE 8. I will run your fix and report back but I wonder if it will also sus the thing out if it is hiding in IE 8?
-
Nothing was showing within the IE area
-
Not there yet I fear. I re-ran OTE with your new text pasted in. Pop-up screen appeared "Cannot create file C:\Documents and Settings\Iain\Desktop\cmd.bat". Program seemed to abort at this point
I tried again. Screen popped up entitled 01012012_002757.log-Notepad.
"Files\Folders moved on Reboot ..
Registry entries deleted on Reboot ..."
Again the program seemed to abort.
I tried again. Same result as first attempt.
So far there has been no reboot but I am about to switch the PC off since the task has stretched into the New Year! Happy New Year to anyone reading.
-
recently lost files for the 4th time this time..babylon toolbar avast and malware bytes failed to remove it or detect and would hang up /crash if it did detect it....hmmm why ? i use the sandbox like good kitteh and no pron sites so how/why this my worry?
-
Can anybody tell me why Avast does not detect Babylon Search (we have a paid Avast subscription for at least 7 systems) and I cannot get in touch with technical support -because we don't have a password....
-
Can anybody tell me why Avast does not detect Babylon Search (we have a paid Avast subscription for at least 7 systems) and I cannot get in touch with technical support -because we don't have a password....
no solution today has 100% detection of all malware out there. hopfully someone send in a sample of that to avast lab so they could add it.
to your problem its better you start your own thred in the future but i suggest to send an email to the support team im not sure there email hope someone will give you a hand on that.
-
Can anybody tell me why Avast does not detect Babylon Search
It might detect it....if you enable scanning for PuP (Potentially Unwanted Programs), because that is what such toolbars are, not malicious infections. PuP scanning is off by default, since the average user does not understand what PuP means, they want everything to be VIRUS or NOT VIRUS.
-
Thanks, Evangelist. Ok, during loading not maybe but after it has installed itself a sort of repairsuggestion? I now had to use Spybot S&D which worked well but I try to avoid ''too many virus utilities''', especially the shareware ones, they make me feel guilty, -Andre-