Author Topic: Babylon search toolbar virus  (Read 37458 times)

0 Members and 1 Guest are viewing this topic.

Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Babylon search toolbar virus
« on: December 18, 2011, 12:12:49 AM »
I was downloading a program from CNET and was "forced" to accept installation of the Babylon search toolbar also (I should of course have discontinued the download).  All attempts to get rid of it by Revo uninstalling and manually deleting babylon files thrown up by searching my folders have been unsuccessful.  (one file S-I-5-21-195799 .. refuses to be deleted).  Can Avast fix this?
It comes up whenever I open a new tab in Internet Explorer 8 - the default page is set at blank.  I use Windows XP
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23638
  • malware fighter
Re: Babylon search toolbar virus
« Reply #1 on: December 18, 2011, 12:16:15 AM »
Hi,

You could follow the instructions given here: http://www.ehow.com/how_5104258_remove-babylon-toolbar.html

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #2 on: December 18, 2011, 12:29:34 AM »
Thanks for the instant reply.  Unfortunately 1. there is no babylon icon next to my system clock and 2. Babylon no longer appears within Add / Delete Programs (after I used Revo Uninstall).  Yet the Babylon page still appears when I open a new tab!  I think this might require a more radical (Avast?) solution!
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23638
  • malware fighter
Re: Babylon search toolbar virus
« Reply #3 on: December 18, 2011, 12:42:01 AM »
I shall ask for one of the official removers to help you to get rid of it.
Wait for him to appear and follow his instructions,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71650
  • No support PMs thanks
Re: Babylon search toolbar virus
« Reply #4 on: December 18, 2011, 12:59:55 AM »
What was it that you were downloading ?

This is one of the very reasons why many of us have stopped using cnet and been saying not to use cnet as it has this wrapper that also downloads crapware.

You should be able to find whatever it is you want to download at majorgeeks or snapfiles, etc.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 37.0.2, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #5 on: December 18, 2011, 01:23:29 AM »
Interesting - I had up to now assumed that CNET / Downloads.com was "kosher". 

There is quite some correspondence on the CNET Forum from earlier this year from folk who have had the same affliction as I have.  I followed up one of the solutions and was able to stop Babylon from appearing with Firefox, but not with Internet Explorer 8 which I use more often.

I think it was the latest Foxit pdf reader that I was downloading.  Previous downloads never had the Babylon "option" forced on me.

I will wait to hear from the official remover.  The key might (might) have something to do with the file S-1-5-21-1957994488-1425521274-725345543-1004 which was the one babylon file which refused to be deleted manually after my search of my hard drives. It cropped up in both the C:\Recycler and D:\Recycled folders.
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline DonZ63

  • Poster
  • *
  • Posts: 470
Re: Babylon search toolbar virus
« Reply #6 on: December 18, 2011, 01:55:06 AM »
Glad to see other share my opinion that cnet is a spyware/crapware monger. To bad it took this long for the rest of world to realize this. I knew this many moons ago.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36474
  • Dragons by Sasha
    • Malware fixes
Re: Babylon search toolbar virus
« Reply #7 on: December 18, 2011, 11:55:24 AM »
Hi lets remove this little bugger

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
babylon*.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #8 on: December 22, 2011, 01:22:18 AM »
Before undertaking radical surgery (= registry alterations??)I thought I would try all the easy and obvious alternatives first:
Avast full system scan - nowt
Avast boot scan - nowt
Malwarebytes - nowt
SuperAntiSpyware - positive threats (unrecognised) - removed
Sophos Anti Root Kit - positive threats (unrecognised) - removed
Spybot Search and Destroy - identified Babylon Search Bar - removed
Result: In IE 8, which defaults to a blank page on opening, the s**ing Babylon page STILL opens up when I open a new tab.
Next step will be your OTL approach after all!
- The Babylon people must be pretty competent to have got their file so deeply embedded
- For all I know the Babylon page might perform a useful function, but I would prefer to be the one to decide if and when to call it up.
- Does not CNET guarantee to be free from spyware? [This was the first such incident that I have experienced in many downloads - identifiable as such and presumably avoidable - but one is one too many]
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65826
Re: Babylon search toolbar virus
« Reply #9 on: December 22, 2011, 02:03:42 AM »
Quote
Does not CNET guarantee to be free from spyware?
No, it's not anymore.
The best things in life are free.

Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #10 on: December 23, 2011, 12:46:11 AM »
Hi lets remove this little bugger

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
babylon*.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

I had not realized until re-reading your msg that what you want is something like what I assume Hijack This does (I have never used HT myself).  I have done exactly as you said and the two logs are attached. Await your thoughts!
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26573
Re: Babylon search toolbar virus
« Reply #11 on: December 23, 2011, 12:57:45 AM »
from the OTL log it seems you have avast and Comodo internet security installed.... does this comodo have antivirus ?
it also show  some McAfee security scan ?


Never install multiple AV as this will create all kind of windows errors and false positive detections

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

it is recomended to run a removal tool so all leftovers are gone when removed


run and reboot - Uninstallers for Security Software
http://thewebatom.net/uninstallers/security-software/



Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #12 on: December 23, 2011, 01:35:07 AM »
I did not think that I had more than one AV program installed.  This should be Avast.

Comodo as far as I am aware is a firewall only (not a full suite).

McAfee Security Scan is something which offered itself to me only recently (I can't remember the exact origin).  I was suspicious at first but it "seems"(!) genuine enough ..  If it only scans then it should not conflict with another AV program.

If I run the uninstallers you mention, will this not leave me unprotected? At this stage I only want to get rid of Babylon!!
"There are 10 kinds of people in the world, those that understand binary and those that don't"

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26573
Re: Babylon search toolbar virus
« Reply #13 on: December 23, 2011, 01:48:29 AM »
Quote
If I run the uninstallers you mention, will this not leave me unprotected? At this stage I only want to get rid of Babylon!!
no...you still have avast, and if your Comodo install is only firewall then it is okay..
The McAfee i would remove...even if only a scanner it can conflict...see the reply from quietman7

you may wait untill essexboy have commented on this...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Telegraph_Sam

  • Jr. Member
  • **
  • Posts: 97
Re: Babylon search toolbar virus
« Reply #14 on: December 24, 2011, 12:59:12 AM »
In the meantime could I use the various other features (which I don't understand)of Old Timer to backup other attempts to "fix" the problem?  Or is it better to use it purely to scan and generate a "passive" log?

"There are 10 kinds of people in the world, those that understand binary and those that don't"