locked
Spyware/Adware:Grokster, KaZaA, DoubleClick, 2o7.net(NetSonic), TribalFusion, YourSiteBar RRS feed

  • Question

  • Is there a simpler way to eliminate these?

     

    Why doesn't WLOneCare do it?

     

    some of this are remnants after uninstalling Skype.

     

    Several on-line spyware/adware scanners found this.

     

    Spybot S&D found others (that WLOneCare did not)

     

    Tried to send list of Registry entries, etc. on this site, limited to 5000 characters

     

     

    Grokster                                                                                                             

    Category : P2P

    Also known as: Adware/MoeMoney[Panda], Adware/TopMoxie[Panda], ->license.txt[F-Prot], Adware/PurityScan[Panda], PurityScan[Name used by Ad-aware]

    Autorun References:

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run grokstersupport

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run grokster

     

    DLL Files:

    %program_files%\grokster\registerx.dll

    setregacl.dll

    aminstall.dll

    %system%\gr03.dll

    %system%\gr0ck03.dll

     

    KaZaA                                                                                                                                  

    Category : P2P

    Also known as: Adware/BrilliantDigital[Panda], Adware/TopMoxie[Panda], Adware/Medload[Panda], Kazaa, Kazaa Media Desktop

    Autorun References:

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run kazaa

     

    DoubleClick                                                                                                                   

    Files:

    systemroot+\temp\cookies\katayon@doubleclick[1].txt

     

    Manual DoubleClick removal:
    Delete file Windows\temp\cookies\katayon@doubleclick[1].txt

     

    2o7.net   (aka NetSonic) OMNITURE                                                                                           

    Privacy Issues

    http://www.omniture.com/s2/privacy_policy.html#cookies

     

    NetSonic Removal Instructions (2o7)

     

    Kill the following processesaylnlfdx.exe, netsf.exe, ezstub.exe, ggbwkfnq.exe, netsonicuninst.exe, w3kselfinst.exe, webmain.exe, netsoniccleanup.exe

    Unregister the following DLLs and reboothp3rd.dll, ns6lib.dll.
    instaldll.dll, installdll.dll, netsonic.dll, sporder.dll, w3util2.dll in Program Files\netsonic\

    Delete these registry entriesHKEY_CURRENT_USER\software\web3000.com
    HKEY_CURRENT_USER\software\web3000.com\netsonic\lastbrowserpath
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netsonic
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netsonic\displayname
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\netsonic\uninstallstring
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\cachepath
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\email
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\fname
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\installpath
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\lname
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\max cache size
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\mname
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\name
    HKEY_LOCAL_MACHINE\software\web3000.com\netsonic\version

    Remove the following files1687cde1.1, 1fd3b1061.1, 2659912c3.1, 2802a12f7.1, 284381339.1, 2933f1305.1, 29b9d1342.1, 2b6c413a9.1, 2cabd1424.1, 2ec8114d3.1, 2fd0c1500.1, 318811520.1, 32bd71618.1, 33dcd160c.1, 348731620.1, 34e8215bf.1, 3511c1658.1, 355561611.1, 36f981686.1, 370f81692.1, 37d18171f.1, 37fa816ed.1, 3b49a179f.1, 3d1e21802.1, 3db691814.1, 403861890.1, 4146b196a.1, 42fc0195f.1, 5497c1d2a.1, aylnlfdx.exe, basis.dst, basis.kwd, basis.pu, basis.pu.dyn, basis.rst, ezstub.exe, feedback.url, ggbwkfnq.exe, help.url, hp3rd.dll, install.log, my keywords.lnk, my preferences.lnk, netsonic.txt, netsonic.w3k, netsonic_com - netsonic faq.htm, ns6lib.dll, readme.url, toptext button show - hide.lnk.
    netsf.exe in c:\directpopupadvertisertrial.exe\netsonic\
    netsonic.lnk, readme.lnk, uninstall netsonic.lnk in Program Files\Common Files\netsonic\
    instaldll.dll, installdll.dll, netsonic.dll, netsonic.ini, netsonicuninst.exe, partner.sku, sporder.dll, w3kselfinst.exe, w3util2.dll, webmain.exe in Program Files\netsonic\
    nft0.html, nft1.html, nft2.html, nft3.html, nft4.html, nft5.html, readme.htm in Program Files\netsonic\userguide\
    netsonic.lnk in startupfolder+\
    netsoniccleanup.exe in Windows\

    Remove the following directoriesProgram Files\Common Files\netsonic
    Program Files\netsonic
    Program Files\netsonic\icache\a21.g.akamai.net
    Program Files\netsonic\icache\a94.g.akamai.net
    Program Files\netsonic\icache\ads.bidclix.com
    Program Files\netsonic\icache\ezula.com
    Program Files\netsonic\icache\img.business.com
    Program Files\netsonic\icache\login.yahoo.com
    Program Files\netsonic\icache\mail.yahoo.com
    Program Files\netsonic\icache\service.bfast.com
    Program Files\netsonic\icache\us.a1.yimg.com
    Program Files\netsonic\icache\us.f407.mail.yahoo.com
    Program Files\netsonic\icache\us.i1.yimg.com
    Program Files\netsonic\icache\us.js1.yimg.com
    Program Files\netsonic\icache\view.atdmt.com
    Program Files\netsonic\icache\winecom.112.2o7.net
    Program Files\netsonic\icache\www.ezula.com
    Program Files\netsonic\icache\www.google.com
    Program Files\netsonic\icache\www.netsonic.com
    Program Files\netsonic\icache\www.web3000.com
    Program Files\netsonic\icache\www.wine.com
    Program Files\netsonic\icache\www.winehq.com
    Program Files\netsonic\skins\metal
    Program Files\netsonic\userguide

     

    TribalFusion.com                                                                                                           

     

     

    YourSiteBar

     

    DLL Files:

    %program_files%\yoursitebar\ysb.dll

    ysbactivex1.dll

    ysb[1].dll

    ysbactivex.dll

    vt.adware.ysbar.a-cf1c844a06ea693ef251fbf46dbec477.dll

     

     

     

    YourSiteBar is Adware which is malware.
    Installing it is highly not recommended.

    This Adware is also known as:•Adware/Envolo - named by Panda.

    YourSiteBar Removal Instructions

    Unregister the following DLLs and rebootcxtpls.dll, ysb.dll, ysbactivex.dll.

    Delete these registry entries

    HKEY_CLASSES_ROOT\clsid\{7157b9a3-0283-03be-09d8-5474069e934}
    HKEY_CLASSES_ROOT\clsid\{76825395-073d-2f38-25f0-8912a7d8f08}
    HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
    HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55--30386a3f5686}
    HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
    HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
    HKEY_CLASSES_ROOT\ysb.ysbobj
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\contains\files\c:\windows\downloaded program files\ysbactivex.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\yoursitebar
    HKEY_LOCAL_MACHINE\software\yoursitebar

    Remove the following filesauf0.exe, auto_update_uninstall.exe, cfin, cxtpls.dll, shortcuts.txt, yoursitebar.xml, ysb.dll, ysbactivex.dll, ysbinstall_1000489_3.exe.

    Remove the following directories

    Favorites\going places
    Favorites\living
    Favorites\shop
    Favorites\technology
    Program Files\yoursitebar

     

     

    Sunday, November 23, 2008 1:20 PM

Answers