Tech Support Forum - View Single Post

oddjob · 07-08-2005, 02:44 PM

Hi again Silven

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

BroadJump & Support.com

If you have one of these you will most likely have the other. Either way, here is some information on them.

BroadJump - Newer name for BroadJump Foundation Client (BJCFD) - from BroadJump.com - now Motive.

The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.

Support.com - Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information.

I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have BroadJump installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself.

Expose hidden files

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Kazaa

One reason why you may be having problems on this computer is because Kazaa is installed. I appreciate KazaaLite is marketed as “reverse engineered” and without malware but removal is still advised.

Download KazaaBegone here…

http://www.greyknight17.com/spy/KazaaBegone.zip.

This uninstaller will remove all elements from all Kazaa versions as well as all of the bundled software that comes with it.

FunWebProducts & MyWebSearch

Download ScanSpyware here…

http://www.scanspyware.net/info/FunWebProducts.htm

Run the trial version and let it remove all it finds of FunWebProducts and related apps.

Other downloads

Download CWShredder here. Run it and instruct it to “fix” anything it finds.

Download Spybot Search & Destroyand install it. Please run it, click "Search for Updates" then "Check for Problems". If it finds something, check/tick all items in RED and hit the “Fix Selected Problems” button. Exit Spybot.

Download Ad-aware SE latest updates and run the program.

Download CleanUp! by going here. Do not run it yet.

HijackThis fix procedure

Reboot the PC into safe mode<<< Click Here for instructions

Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one IF they are running (You must kill them one at a time):

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\Kazaa Lite K++\KazaaLite.kpp

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs IF FOUND:

Viewpoint

MyWebSearch (Smiley Central or FWP product as applicable)

MyWebSearch Email Plugin

My Way Speedbar (AOL and Yahoo Messengers) (beta users only) (Outlook, Outlook Express and IncrediMail)

Search Assistant - My Way

Open HijackThis and click on Scan. Check the following entries (make sure you do not miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk500YYUS

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab

O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.reciperewards.com/bundles/reciperewards.cab

Please remember to close all other windows, including browsers, before clicking “Fix checked”.

Delete the following File indicated in RED and Folders indicated in BLUE if they still exist:

C:\Program Files\Viewpoint

C:\PROGRA~1\SEASID~1
NOTE >> I can’t see the full name of this folder. Please check your procgram folder and delete the file whose name begins with the 6 characters SEASID

C:\Program Files\Kazaa Lite K++

C:\Program Files\MyWebSearch

C:\Program Files\Windows Media Player\wmplayer.exe

Reboot your System in normal mode.

Final cleanup

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

There will be some minor orphaned registry entries left behind by the uninstalls in the Add/Remove Programs part of the fix. These can be cleaned up by running SpyBot Search and Destroy or Ad-Aware SE again or left alone.

If you have a fast internet connection (Broadband), run online scans at Panda Activescan and Housecall.

Housecall has now been upgraded. Please run ALL the free scans offered at these sites.

Make sure they both perform a full system scans and please use the “Autoclean” option when running Housecall.

If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details back to this thread.

Please post a fresh HijackThis log so that we can check if your system is clean.

MOST IMPORTANT…..

Please also give us an update on how the system is operating now.

OJ

07-08-2005, 02:44 PM	#3 (permalink)
oddjob Registered User Join Date: Jan 2005 Location: London, UK Posts: 305 OS: WinXP SP2/98/98SE	Hi again Silven Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. BroadJump & Support.com If you have one of these you will most likely have the other. Either way, here is some information on them. BroadJump - Newer name for BroadJump Foundation Client (BJCFD) - from BroadJump.com - now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. Support.com - Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have BroadJump installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself. Expose hidden files Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Kazaa One reason why you may be having problems on this computer is because Kazaa is installed. I appreciate KazaaLite is marketed as “reverse engineered” and without malware but removal is still advised. Download KazaaBegone here… http://www.greyknight17.com/spy/KazaaBegone.zip. This uninstaller will remove all elements from all Kazaa versions as well as all of the bundled software that comes with it. FunWebProducts & MyWebSearch Download ScanSpyware here… http://www.scanspyware.net/info/FunWebProducts.htm Run the trial version and let it remove all it finds of FunWebProducts and related apps. Other downloads Download CWShredder here. Run it and instruct it to “fix” anything it finds. Download Spybot Search & Destroyand install it. Please run it, click "Search for Updates" then "Check for Problems". If it finds something, check/tick all items in RED and hit the “Fix Selected Problems” button. Exit Spybot. Download Ad-aware SE latest updates and run the program. Download CleanUp! by going here. Do not run it yet. HijackThis fix procedure Reboot the PC into safe mode<<< Click Here for instructions Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one IF they are running (You must kill them one at a time): C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Kazaa Lite K++\KazaaLite.kpp Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs IF FOUND: Viewpoint MyWebSearch (Smiley Central or FWP product as applicable) MyWebSearch Email Plugin My Way Speedbar (AOL and Yahoo Messengers) (beta users only) (Outlook, Outlook Express and IncrediMail) Search Assistant - My Way Open HijackThis and click on Scan. Check the following entries (make sure you do not miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk500YYUS O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.reciperewards.com/bundles/reciperewards.cab *Please remember to close all other windows, including browsers, before clicking “Fix checked”.* Delete the following File indicated in RED and Folders indicated in BLUE if they still exist: C:\Program Files\Viewpoint C:\PROGRA~1\SEASID~1 NOTE >> I can’t see the full name of this folder. Please check your procgram folder and delete the file whose name begins with the 6 characters SEASID C:\Program Files\Kazaa Lite K++ C:\Program Files\MyWebSearch C:\Program Files\Windows Media Player\wmplayer.exe Reboot your System in normal mode. Final cleanup Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. There will be some minor orphaned registry entries left behind by the uninstalls in the Add/Remove Programs part of the fix. These can be cleaned up by running SpyBot Search and Destroy or Ad-Aware SE again or left alone. If you have a fast internet connection (Broadband), run online scans at Panda Activescan and Housecall. Housecall has now been upgraded. Please run ALL the free scans offered at these sites. Make sure they both perform a full system scans and please use the “Autoclean” option when running Housecall. If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details back to this thread. Please post a fresh HijackThis log so that we can check if your system is clean. MOST IMPORTANT….. Please also give us an update on how the system is operating now. OJ Last edited by oddjob; 07-08-2005 at 02:46 PM.