|
What is BrowserAid ?
BrowserAid is a manufacturer of various Internet Explorer toolbars, most of which seem to be installed sneakily.
BrowserAid variants
BrowserAid/ABCSearch offers a 'Power Search' feature when right-clicking a selection.
BrowserAid/CashToolbar , BrowserAid/LetsSearch and BrowserAid/QuickLaunch are
minor variations on an adware theme. The script at this site cannot tell them
apart and detects them only as 'BrowserAid'. The toolbar opens untargeted pop-up
adverts periodically when IE is open. LetsSearch hijacks home page and search
settings to point to searchmadesafe.com; QuickLaunch points at quicklaunch.com.
BrowserAid/BrowserPal offers pop-up blocking features. It is a later version
of BrowserAid/pStopper , a pop-up blocker which is not known to have been stealth-installed
and is not targeted by the script at this site.
BrowserAid/Rundll16 is a smaller parasite that only opens pop-ups; it does
not include a toolbar component. It hides in the Windows folder under the name
'rundll16', which is not a system file, but is a filename also used by other
malware (eg. SubSeven trojan, Roron worm, ZMorph virus).
BrowserAid/FeaturedResults is a search result hijacker. Perform a search at
Google and it will pop up a window with no browser controls from featured-results.com,
containing advertiser links dressed up to look like Google search results.
BrowserAid/StlbDist and StlbAd are simple toolbars containing just a search
box, and homepage/search hijacking function.
BrowserAid/WebDownload is a downloader ActiveX control for the StlbDist and
StlbAd variants.
BrowserAid behavior
- Stealth Tactics
- Stays Resident
- Shows ads
- Changes browser
BrowserAid Removal Instructions:
Open the Control Panel's 'Add/Remove Programs' function. There should be an entry
for 'BrowserAid' or 'CashToolbar' (CashToolbar variant), 'Web Toolbar' (ABCSearch
variant) or 'BrowserPal' (BrowserPal variant).
However, the BrowserPal variant leaves an updater task behind which can reinstall
itself and other programs - see Manual Removal, BrowserPal installer.
There may not be a removal option for the LetsSearch, QuickLaunch, Rundll16,
FeaturedResults or StlbDist/StlbAd variants.
Ad-Aware can remove BrowserAid variants.
Manual removal
CashToolbar
The software installs into the Downloaded Program Files folder and puts its
settings into a 'CashToolbar' folder in 'Program Files'. Before you can delete
the files you must deregister the toolbar. Open a DOS command prompt window
(Start->Programs->Accessories) and enter:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\CashToolbarIE.dll"
Then open the registry and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the entry pointing to CashToolbar.exe. Restart the machine and you should
be able to delete both 'Program Files\CashToolbar' and the Downloaded Program
Files:
cd "%WinDir%\Downloaded Program Files"
del CashToolbarIE.dll
del CashToolbarConfig.inf
del CashToolbar.exe
del BrowserAidBarWnd.dll
LetsSearch
The software installs into the Downloaded Program Files folder and puts its
settings into a 'LetsSearch' folder in 'Program Files'. Before you can delete
the files you must deregister the toolbar. Open a DOS command prompt window
(Start->Programs->Accessories) and enter:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\LetsSearchIE.dll"
Then open the registry and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'LetsSearch' and 'RunWindowsUpdate' entries.
Restart the machine and you should be able to delete the LetsSearch folder
inside Program Files. You can also delete the uptodate.exe file inside the Windows
folder, and, using a DOS command prompt window, the files rom Downloaded Program
Files:
cd "%WinDir%\Downloaded Program Files"
del LetsSearchIE.dll
del LSToolbarConfig.inf
del LetsSearch.exe
del BABarWnd.dll
Finally you can remove the LetsSearch folder from Application Data. (Application
Data is to be found inside the Windows folder on Windows 95, 98 and Me, in your
user 'Profiles' folder in 'Windows' on NT, or in your user 'Documents and Settings'
folder on XP.)
QuickLaunch
The software installs into the Downloaded Program Files folder and puts its
settings into a 'QuickLaunch' folder in 'Program Files'. Before you can delete
the files you must deregister the toolbar. Open a DOS command prompt window
(Start->Programs->Accessories) and enter:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\QuickLaunchIE.dll"
Then open the registry and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'LetsSearch' (yes, they forgot to rename it) and 'RunWindowsUpdate'
entries.
Restart the machine and you should be able to delete the QuickLaunch folder
inside Program Files. You can also delete the uptodate.exe file inside the Windows
folder, and, using a DOS command prompt window, the files rom Downloaded Program
Files:
cd "%WinDir%\Downloaded Program Files"
del QuickLaunchIE.dll
del QLToolbarConfig.inf
del QuickLaunch.exe
del BABarWnd.dll
Finally you can remove the LetsSearch folder from Application Data. (Application
Data is to be found inside the Windows folder on Windows 95, 98 and Me, in your
user 'Profiles' folder in 'Windows' on NT, or in your user 'Documents and Settings'
folder on XP.)
ABCSearch
The software installs into the Downloaded Program Files folder. Before you can
delete it you must deregister it. Open a DOS command prompt window (Start->Programs->Accessories)
and enter:
cd "%WinDir%\System"
regsvr32 /u "..\Downloaded Program Files\BrowserAidToolbar.dll"
regsvr32 /u "..\Downloaded Program Files\HighlightHelper.dll"
Then open the registry and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the entry pointing to BrowserAid.exe. Restart the machine and you should
be able to delete the Downloaded Program Files:
cd "%WinDir%\Downloaded Program Files"
del BrowserAidToolbar.dll
del BrowserAid.inf
del BrowserAid.exe
del BrowserAidBarWnd.dll
del HighlightHelper.dll
BrowserPal
Open a DOS command prompt windows (from Start->Programs->Accessories)
and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\BrowserPal\blckbho.dll"
regsvr32 /u "\Program Files\BrowserPal\bptlb.dll"
(You may need to change the name 'Program Files' on non-English versions of
Windows where this folder is called something else.)
Open the registry (from the Start menu, choose Run and type regedit), find
the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and
delete the 'Browser Pal' entry inside this key.
Restart and delete the 'Browser Pal' folder inside Program Files. Then follow
the instructions for the installer.
You can also re-enable JavaScript errors if you want to see them (BrowserPal
hides them so you don't see when a page's script fails due to its pop-up blocking)
by opening the Advanced tab and unticking 'Disable script debugging'.
BrowserPal installer
Open the registry (from the Start menu, choose Run and type regedit), find the
key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and delete
the 'RunWindowsUpdate' entry (or 'ContinueInstall' in partially-completed BrowserPal
installs) inside this key. You can also delete the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunWindowsUpdate
to clean up if you like.
Restart the computer and you should be able to delete the 'bpsinstall.exe'
and 'uptodate.exe' from the Windows folder, and 'ctb_s.exe' from the System
folder (which is itself inside the Windows folder, called 'System32' on Windows
NT/2000/XP or just 'System' under Windows 95/98/Me).
Rundll16
Open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find
the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete
the 'Rundll16' and 'RunWindowsUpdate' entries.
Open a DOS command prompt window (from Start->Programs->Accessories)
and enter:
cd "%WinDir%\System"
regsvr32 /u ..\Rundll16.dll
Restart the machine and you should be able to delete rundll16.dll, rundll16.exe
and uptodate.exe in the Windows folder.
FeaturedResults
Open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find
the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete
the 'Rundll32_7' entry.
Open a DOS command prompt window (from Start->Programs->Accessories)
and enter:
cd "%WinDir%\System"
regsvr32 /u msiefr40.dll
Restart the machine and you should be able to delete the file msiefr40.dll in
the System folder (which is inside the Windows folder, and called 'System32'
under Windows NT, 2000 and XP).
StlbDist
Open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find
the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete
the '' entry.
Open a DOS command prompt window (from Start->Programs->Accessories)
and enter:
cd "%WinDir%\System"
regsvr32 /u stlbdist.dll
Restart the machine and you should be able to delete the files stlbdist.dll
and stlbdist.xml in the System folder (which is inside the Windows folder, and
called 'System32' under Windows NT, 2000 and XP).
StlbAd
Open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find
the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete
the '2CF0B992-5EEB-4143-99C0-5297EF71F44B}' entry.
Open a DOS command prompt window (from Start->Programs->Accessories)
and enter:
cd "%WinDir%\System"
regsvr32 /u stlbdad123.dll
Restart the machine and you should be able to delete the files stlbad123.dll
and stlbad123.xml in the System folder (which is inside the Windows folder,
and called 'System32' under Windows NT, 2000 and XP).
WebDownloader
Open the Downloaded Program Files folder (which is inside the Windows folder),
right-click the 'CWebDownloader Object' entry and choose 'Remove'.
All variants
If BrowserAid has hijacked your homepage, you can set it back from Internet
Options -> General -> Start Page.
Copyright ©
SpywareDot 2002-2005| spywaredot.com. All rights reserved.
|
