I Need Help With Spyware!!

[katinamarie72]

My Ad-aware found these things, and I'm not sure if its all safe to delete?

Huntbar Object recognized!
Type : RegKey
Data : BTLINK_
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWAREMicrosoftWindowsCurrentVersionUninstallBTLINK_404


Huntbar Object recognized!
Type : RegKey
Data : BTLINK_
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWAREMicrosoftWindowsCurrentVersionUninstallBTLINK_DLL


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : BTIEINScriptConfigProj.BTIEINScriptConfig


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : btlink.relatedlinksProtocol


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : btlink.ResProtocol


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID{26E8361F-BCE7-4F75-A347-98C88B418322}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID{63B78BC1-A711-4D46-AD2F-C581AC420D41}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID{CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface{26E8361F-BCE7-4F75-A347-98C88B418321}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwareBTIEIN


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : SoftwareBTIEIN


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwareMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{63B78BC1-A711-4D46-AD2F-C581AC420D41}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\BTLINK


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Typelib{26E8361F-BCE7-4F75-A347-98C88B418328}


IGetNet Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : SoftwareMicrosoftInternet ExplorerURLSearchHooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 17
Objects found so far: 17


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : SoftwareMicrosoftInternet ExplorerMainSearch Barwww.websearch.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://www.websearch.com/ie.aspx"
Rootkey : HKEY_CURRENT_USER
Object : SoftwareMicrosoftInternet ExplorerMain
Value : Search Bar
Data : "http://www.websearch.com/ie.aspx"

Possible browser hijack attempt : SoftwareMicrosoftInternet ExplorerSearchSearchAssistantwww.websearch.com

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://www.websearch.com/ie.aspx"
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwareMicrosoftInternet ExplorerSearch
Value : SearchAssistant
Data : "http://www.websearch.com/ie.aspx"

Possible browser hijack attempt : SoftwareMicrosoftInternet ExplorerMainSearch Barwww.websearch.com

ClientMan Object recognized!
Type : RegData
Data : "http://www.websearch.com/ie.aspx"
Rootkey : HKEY_CURRENT_USER
Object : SoftwareMicrosoftInternet ExplorerMain
Value : Search Bar
Data : "http://www.websearch.com/ie.aspx"

Possible browser hijack attempt : SoftwareMicrosoftInternet ExplorerSearchSearchAssistantwww.websearch.com

ClientMan Object recognized!
Type : RegData
Data : "http://www.websearch.com/ie.aspx"
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwareMicrosoftInternet ExplorerSearch
Value : SearchAssistant
Data : "http://www.websearch.com/ie.aspx"


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwaremicrosoftwindowscurrentversionmoduleusageC:/WINDOWS/Downloaded Program Files/btiein.dll


Huntbar Object recognized!
Type : RegValue
Data : c:windowsdownloaded program filestiein.dll
Rootkey : HKEY_LOCAL_MACHINE
Object : SoftwareMicrosoftWindowsCurrentVersionSharedDLLs
Value : C:WINDOWSDownloaded Program Filestiein.dll


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID{3C53010D-97BA-4650-84C5-1A6FAA31055E}


Huntbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : PROTOCOLSHandler
elatedlinks


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 8
Objects found so far: 25


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Huntbar Object recognized!
Type : File
Data : btiein.dll
Object : C:WINDOWSSYSTEM32\nFileSize : 192 KB
FileVersion : 2.0.0.114
ProductVersion : 1.0.0.0
Created on : 6/4/2003 12:17:32 AM
Last accessed : 6/12/2003 4:00:00 AM
Last modified : 5/15/2003 6:35:10 PM



Huntbar Object recognized!
Type : File
Data : btiein.dll
Object : C:WINDOWSDownloaded Program Files\nFileSize : 192 KB
FileVersion : 2.0.0.114
ProductVersion : 1.0.0.0
Created on : 5/15/2003 6:35:10 PM
Last accessed : 6/12/2003 4:00:00 AM
Last modified : 5/15/2003 6:35:10 PM



Huntbar Object recognized!
Type : File
Data : ivwricno.wzg
Object : C:Program FilesCommon FilesBTLINK\nFileSize : 39 KB
Created on : 6/4/2003 12:20:16 AM
Last accessed : 6/12/2003 4:00:00 AM
Last modified : 6/4/2003 12:20:18 AM



Huntbar Object recognized!
Type : File
Data : btlink.dll
Object : C:Program FilesCommon FilesBTLINK\nFileSize : 276 KB
FileVersion : 1.0.0.541
ProductVersion : 1.0.0.0
Created on : 6/4/2003 10:46:02 AM
Last accessed : 6/12/2003 4:00:00 AM
Last modified : 5/15/2003 6:35:12 PM

Archived topic from Iceteks, old topic ID:869, old post ID:7517

[Chris Vogel]

You should be able to quarantine those. You can always restore them if you needed them, so I would quarantine them and see what happens. Nothing should happen really. After they have been quarantined for a few days, I would delete them.

Archived topic from Iceteks, old topic ID:869, old post ID:7518

[Wren]

That's what I do and have had no problems.

I have a program called CookieWall that helps to keep spyware off the system...it picks up every cookie and gives you options what to do with them. I seldom have spyware anymore.

Archived topic from Iceteks, old topic ID:869, old post ID:7519

[Chris Vogel]

it picks up every cookie and gives you options what to do with them.

Doesn't that get a bit annoying? Mozilla has that option, but I have never enabled it. I guess I should. In the 1.4 branch of Mozilla, I would have more control over cookies, but I am not brave enough to use the 1.4 branch yet.

Archived topic from Iceteks, old topic ID:869, old post ID:7523

[Wren]

It's just one click to make your choice for the cookie. Not nearly as much trouble as trying to get spyware removed. I wouldn't be without it. It caught Gator the other day, was glad to see that one popup so it could go into the kill file.

Archived topic from Iceteks, old topic ID:869, old post ID:7524

[Chris Vogel]

I guess I will enable Mozilla's cookie filters....

Archived topic from Iceteks, old topic ID:869, old post ID:7525

[Wren]

Good idea.

Think I am going to have to unplug...thunder rumbling!

Archived topic from Iceteks, old topic ID:869, old post ID:7526

[Red Squirrel]

I just moved this to a more appropriate forum, could be considered "general" but more networking/internet.



Archived topic from Iceteks, old topic ID:869, old post ID:7531

[Red Squirrel]

Since it's all registry keys, you can also backup the whole registry (regedit / file / export) and go from there, if it does something bad, just open up the backup.

Once I deleted all my registry to see what happends... never try that. Simply put, windows won't reconize a .exe file.

Archived topic from Iceteks, old topic ID:869, old post ID:7532

[Chris Vogel]

Once I deleted all my registry to see what happends... never try that. Simply put, windows won't reconize a .exe file.

I have always wanted to do that.

Archived topic from Iceteks, old topic ID:869, old post ID:7537

[Chris Vogel]

I just moved this to a more appropriate forum, could be considered "general" but more networking/internet.

Oops... Sorry, Katina.

Archived topic from Iceteks, old topic ID:869, old post ID:7542

[Wren]

It's my understanding, you don't change registry settings unless you know what you're doing.

Archived topic from Iceteks, old topic ID:869, old post ID:7543

[katinamarie72]

Do I put these in the "quarntine" or press the "next" button?

Archived topic from Iceteks, old topic ID:869, old post ID:7545

[katinamarie72]

ohh and the quartine box asks for a file name, do I just name it anything?.....

Archived topic from Iceteks, old topic ID:869, old post ID:7546

[Chris Vogel]

Do I put these in the "quarntine" or press the "next" button?

Press the "next" button.

Archived topic from Iceteks, old topic ID:869, old post ID:7548

[Wren]

Just name it whatever so you can find it if need be.

Archived topic from Iceteks, old topic ID:869, old post ID:7549

[katinamarie72]

ok..I did that and it said some objects could not be removed:
c:windowssystem32tiein.dll
c:program filescommon filestlinktlink.dll

do you think it didn't delete because I need this??.....

Archived topic from Iceteks, old topic ID:869, old post ID:7551

[Wren]

I don't know, kat, I've never had that happen.

Archived topic from Iceteks, old topic ID:869, old post ID:7552

[katinamarie72]

I don't know, kat, I've never had that happen.

Thanks Wren......... ..........boy doing this stuff makes me nervous....

Archived topic from Iceteks, old topic ID:869, old post ID:7553

[Red Squirrel]

just backup whatever you do, and if you delete files, rename them to ".del" or something, and if you see everything works fine after a few days, just delete those files

Archived topic from Iceteks, old topic ID:869, old post ID:7557

[Wren]

I know what you mean. I saw the post at the other forum and this looks like it's going to be hard to get rid of.

Archived topic from Iceteks, old topic ID:869, old post ID:7558

[Chris Vogel]

ok..I did that and it said some objects could not be removed:
c:windowssystem32tiein.dll
c:program filescommon filestlinktlink.dll

do you think it didn't delete because I need this??.....

Perhaps the files were in use, and maybe that is why they weren't deleted.

Archived topic from Iceteks, old topic ID:869, old post ID:7561

[Wren]

Sometimes those spyware files get embedded in the registry and have to be taken out manually. I saw the removal instructions...not an easy task!

Archived topic from Iceteks, old topic ID:869, old post ID:7564

[Chris Vogel]

Maybe to get rid of those ones that wouldn't delete, you might have to go into Safe Mode.

Can AdAware run in Safe Mode? I have never had to do it....

Archived topic from Iceteks, old topic ID:869, old post ID:7566

[Wren]

I don't know if you can run Ad-aware in safe mode. It's been a long time since I had to use it...that was back when I had WinME.

Archived topic from Iceteks, old topic ID:869, old post ID:7572