adavance searchbar

Discussion in 'privacy problems' started by Jays1, Nov 20, 2004.

Thread Status:
Not open for further replies.
  1. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    Hi everybody

    i am having a probelm removing the adavance searchbar. The location of it is

    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{43F02779-6D88-4958-8AD3-83C12D86ADC7}

    but when i remove it, it just keeps regenerating it self. I have done a search for it and, run a couple of other spyware scans, it appears to me that i don't have it except in that one loaction.

    any help would be nice

    Thanks

    Jays1
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    What indicatons are you having....besides finding that reg entry....that the Advanced Toolbar is "regenerating it self" ?
     
  3. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    that is the only indication i have been able to find so far. It doesn't appaer to me that it has been installed except for that one reg entry.
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hmmm....what caused you to zero in on that CLSID(43f02779-6d88-4958-8ad3-83c12d86adc7) ?

    You mentioned you ran some spyware scans....which ones ?

    Do you see a C:\Program Files\Advanced Searchbar folder on your hard drive ?
     
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Expanding on Bubba, here's a somewhat more comprehensive picture of this piece of malware.

    Blue
     
  6. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    in response to buba's question i don't see that folder on my hard drive and the spyware scans i have run are spyware doctor(which picked up the clsid), spybot s&d, adaware, pest patroal and spybouncer. I did check out the site that
    BlueZannetti has mentioned and i don't see any of process, etc in my system.
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    It would be interesting to know what the value of that registry key is.

    If the DWORD value is 1024 this would mean you are protected against this item.

    Regards,

    Pieter
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    That's what I thought you were going to say but I'd still like to make doublely sure.

    SpywareBlaster and Spybot place entries in that registry location you mentioned in your first post but that CLSID(43f02779-6d88-4958-8ad3-83c12d86adc7) is not part of their respective databases....so....do any of the other programs you have installed have a feature that sets ActiveX kill bits ?

    Also....if you'll re-visit that above registry entry and click on that entry....what Data value do you see in the right hand box....0X00000400(1024) ?

    Edit:
    I'm a slow typer :)
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    It is not slow typing. Just a lot as you do a much better job at explaining things well. :)

    Regards,

    Pieter
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Jays1,

    I meant to mention something earlier about SpyBouncer....it is considered a Rogue/Suspect product that is of "unknown, questionable, or dubious value as anti-spyware protection".

    "Spybouncer....aggressive advertising, reported hijacks, false positives work as goad to purchase"

    Further list of---> Rogue/Suspect Programs

    I suggest you also consider checking out a list of....Trustworthy Anti-Spyware Products
     
  11. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    The only other program that would appear to have the ActiveX kill bits would be spyware doctor, and that is the Data value i am seeing in the registry.
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    regarding my above request:

    "if you'll re-visit that above registry entry and click on that entry....what Data value do you see in the right hand box....0X00000400(1024)" ?
     
  13. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    In reposne to buba's question the data value that i am seeing matches the one you have given me .
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I appologize jays1....I overlooked in your earlier post where you said.... "that is the Data value i am seeing in the registry". Sorry for having asked you twice.

    Ok....with that value it means a program placed that entry there with the intentions of preventing the Advanced Searchbar toolbar from being installed. That is a good thing....however....you'll have to confirm or some other user of Spyware Doctor will have to confirm if that CLSID is part of it's database because the trial version of SpywareDoctor does not give me the ability to use there ActiveX kill bit feature....unless I buy it :)

    I am going out on a limb and say this is simply a False positive by Spyware Doctor of a....what I'll call....valid ActiveX kill bit setting....given the info you have provided.
     
  15. Jays1

    Jays1 Registered Member

    Joined:
    Oct 31, 2004
    Posts:
    8
    Thanks for all the help, actually i've just updated spyware doctor and done another scan and it's fixed as well another spyware problem i was having a while ago when i first posted on this forum.

    from

    Jays1
     
  16. pctools

    pctools Registered Member

    Joined:
    Nov 24, 2004
    Posts:
    29
    Hi.

    Spyware Doctor release updates frequently. Please make sure to apply these updates. Thank you.
     
Thread Status:
Not open for further replies.