Toolbar 888

[Nominus Experse]

Recently, I accidently downloaded a very hazardous file. I knew it was bad news, but as things happen, sometimes you just don't think and end up doing stupid things... So such a thing happened to me...

I now see that I have a new program in my Add/Remove Programs in my Control Panel. It's called Toolbar 888. Where I should have the option to remove it, it says Change/Remove. It then "pretends" to be rid of itself, but I think all it's doing is spreading more of its ilk. It never disappears... It simply says that it is "Complete" with whatever the hell is was "doing".

I have noticed new processes running, notabley being called C:\WINDOWS\system32\spoolsv.exe and alg.exe etc...

My question then, is how am I to be rid of this thing...

I have run Spydoctor, Ad-Aware, AVG, and ewido. Nothing.

It's rather frustrating as I will get random pop-ups that direct me to download Winantivirus Pro and other obvious hoaxes.

I did find a site talking about the same problem, and I was wondering if it was safe and/or credible.

Here is the link to mentioned site:
http://forums.techguy.org/security/5...bar-888-a.html


So, any help would be much appreciated.

Thanks

[o_O]

Toolbar 888 is a nasty piece of adware. A bit of Googling turned up <a href="http://defeat-rogue-spyware.com/toolbar888/info.html?gclid=CI2SmY6y8IcCFR1uTAodu1bjgA">this page</a> which has a tool called Xoftspy available to download.
I tested the executable there and it's legitimate, so no need to worry about getting more spyware from that.

You don't need to worry about alg.exe and spoolsv.exe; alg.exe is a Windows service which provides a network gateway, so you can't use the internet without it, and spoolsv.exe is a process which handles various printing jobs.

[Nominus Experse]

I downloaded Xoft

Ran the scan, and it found one major threat, which happened to be a registry change.

It then said that I must purchase it, which would down me $40. It might fix is, and it may not. The only thing that would be certain is that I would have to spend $40, which I do not feel like doing.

There has to be a different, and cheaper, method of being rid of this thing...

[Roto13]

How much you wanna bet they're from the same people?

[Sylvie]

Try PrevX. It gets rid of stuff good.

[Iceglow]

hmm panda isn't too bad at getting the difficult ones. That or there is always the time honoured tradition of whipping out the cd's and usb memory sticks and saving the documents you cannot live without then formatting the hard drive, one guaranteed fix and the best part about it if you have a restore cd (or even just access to a friends one) and the original windows xp product key you get with the computer you simply format, re-install and change the product key to your original one. Then simply place a phone call (afaik this is the only way since net validation I believe only works once) which should be free and enter in the code to activate. Believe me this manner of activation works I got the advice on it from Microsoft activation centre (from the sounds of the voices I have heard in the past based somewhere in india or bangladesh) and it has worked every time.

[Nominus Experse]

I have solved the issue by manually going into my registry and changing my Windows Settings to allow me to see all files on my CPU, regardless if they are integral to the system or not.

I used this in conjugation with HijackThis and VundoFix to be rid of it completely and utterly.


A mod can delete this now, thanks.

[rubah]

deleting would be dumb, because someone else might have teh same problem later on xD

[Nominus Experse]

deleting would be dumb, because someone else might have teh same problem later on xD

Well, perhaps, but HijackThis requires that you know what you are doing. It finds EVERYTHING, regardless if its malware or not. Knowing what to be rid of and what to keep is quite pertinent. The average Joe would either be too confused or would simply delete everything that came up with HijackThis. HijackThis can do more harm than good if people use it improperly, so there ought to be a warning of some sort perhaps...

However, Vundofix is worth mentioning, and all it requires is someone with patience and the ability to restart the CPU. VundoFix also allows immediate results, though it does not completely get rid of the cursed thing.