[etni] Re: tHE 'EFFECTIVE AND TOOLBAR'

**** ETNI on the web http://www.etni.org.il   http://www.etni.org   ****

These toolbar programs are usually doubly dangerous because

1) It lays decoys to be deleted by Spybot programs while secretely
using an unassuming executable file.

2) It writes that secret file into your autostart registry so that it
starts itself during every restart AND reinstates all of its decoys.

In order to remove such spyware, you must:

1) Find the entry in the autostart registry (do it yourself or use a
free program like TDS-3)
2) Make note of what the secret executable file
3) Delete the entry in the autostart registry and NOTHING ELSE
4) Reboot the computer in Safe Mode (F8 at startup screen)
5) Delete the secret executable file (you have just rendered the
spyware helpless)
6) Run your spybot program to mop up the rest of the decoys
7) Reboot in Normal Mode

When you try to delete the secret executable file, you may be told
that this is impossible as the program is still running.  If you are
indeed in Safe mode, then it is possible to open the Task Manager, end
the secret executable file, and quickly delete it before it restarts.

Mike Goldsmith:-)

PS Does anyone need an IT guy in the Jerusalem area?  I'm available. 

On Mon, 28 Mar 2005 11:06:19 +0200, Barry Silverberg and family
<barisil@xxxxxxxxxxxxxxxx> wrote:
> **** ETNI on the web http://www.etni.org.il   http://www.etni.org   ****
> 
> DEAR SUBSCRIBERS,
> I JUST CAUGHT SOMETHING CALLED 'EFFECTIVE AND TOOLBAR' WHICH IS A KIND OF 
> HIJACKER.
> I HAVE MANAGED TO GET RID OF SUCH THINGS BEFORE, BUT NOW, MY AVG, SPYBOT 
> ADWARE AND YAHOO ALL CLAIM TO HAVE ERASED IT BUT IT'S STILL THERE.
> ANY IDEAS/
> ?
> 
> /BARRY
> 
> #####  To send a message to the ETNI list email: etni@xxxxxxxxxxxxx   #####
> #####  Send queries and questions to: ask@xxxxxxxx    #####
>
#####  To send a message to the ETNI list email: etni@xxxxxxxxxxxxx   #####
#####  Send queries and questions to: ask@xxxxxxxx    #####

Other related posts: