• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

help please: can't get rid of spyware toolbar

moshquerade

No Lifer
a friend had this happen to him at work... not good.
any advice as to how to get rid of this malicious toolbar would be appreciated. thanks.

screenshot
"Perhaps someone has seen this before. Last week I somehow managed to get a nasty little piece of spyware on my computer at work. Not sure where it came from but whenever I open a browser window or explore a folder there is now an additional toolbar with shortcuts to things that are not work appropriate. I've run ad aware which found lots of crap but not this. My IT support has looked it and are befuddled. They've offered to re-image my computer. I will probably take them up on that offer but first wanted to see if anyone could help.

If I right click in a neutral area by the tool bars I see that this is called "Fast Search" I can turn it off there but it reappears everytime I open either a browser or folder.

I've reported it so at least I won't get fired over inappropriate material but I still would like it gone forever.

Add/Remove programs has no listing for it.
 
His IT people have evidently not got the sense to get their computers properly locked down with Restricted-User accounts (aka Limited accounts on standalone WinXP). 😛 They should not only re-image it, but get it properly secured for him, or else if they leave him with the power, he should secure it after the re-image using the steps under Ongoing Prevention on this page. Naturally he should use their antivirus software, but fully configure it. The WinXP SP2 firewall might create some headaches for the IT people if he installs it, but it can be disabled if so.

The two key things for it to work:

1) he must avoid installing anything that is not bona fide known-good stuff. No downloaded games, IM proggies, etc

2) he must use the Limited account for daily-driver stuff, not an Administrator-class account

I know that urging people to put themselves on a Limited account is usually as popular as Lycra in a bar 😛 but it is very powerful as a part of an overall security strategy, at home or at work. I had evidence of that yesterday when I went to see my Mom & Dad and the Dec. 2 antivirus definitions found a would-be threat on the computer that had been thwarted by Limited accounts' inability to install stuff. Up 'til Dec. 1, this threat was invisible to their antivirus software, but the Limited account held the fort in the meanwhile.

If your friend wants to do battle with his icky search bar himself then he should come to the Technical Support forum here and post a request to get started. It can be quite a back-&-forth process so I doubt you would want to be in the middle.
 
To add a little to that, it's conceivable that he got hit with the Bofra virus that was getting distributed by hacked advertising servers, too. If he had WinXP SP2 or up-to-date, properly-configured antivirus software then he would've been safe from Bofra (his IT guys' responsibility to see to that, naturally).

If he can go to Control Panel > Performance & Maintenance > Administrative Tools > Services, and find a Windows Service in the list that corresponds to this thing, he can stop the service and set it to Disabled, then run Spybot Search & Destroy 1.3 from here and hit Tools > Advanced, go down the side to Tools, and look at the BHOs (browser help objects) and disable everything that's not appropriate. If it stays gone, that's a partial victory, but I would still make the IT people blow it away and re-image, and secure it this time around.
 
Back
Top