Google Answers Logo
View Question
 
Q: Spyware? ( Answered 5 out of 5 stars,   0 Comments )
Question  
Subject: Spyware?
Category: Computers > Security
Asked by: staneyeam-ga
List Price: $25.00
Posted: 04 Dec 2004 11:46 PST
Expires: 03 Jan 2005 11:46 PST
Question ID: 438071
I am currently running Trend Micro PC-cillin Internet Security 2005. 
When I click on scan for spyware the only answer that ever comes up is
BHO_SOFTOMATE.A and even when I remove it , it will eventually return.
What is this, should I be concerned, and if so how do I get rid of this permantly ?
Answer  
Subject: Re: Spyware?
Answered By: clouseau-ga on 04 Dec 2004 12:34 PST
Rated:5 out of 5 stars
 
Hello staneyeam,

Thank you for your question.

My first search hit confirms that this is indeed spyware. See Castlecops:
http://castlecops.com/clsid-1310.html

Field           Value 
GUID            {7D6BEC01-15E2-46F0-8ED3-D715DE09A8F9} 
Filename        Foxxweb Interactive (Softomate) spyware 
Status          X BHO  
Description     Foxxweb Interactive (spyware) 

KEY:

"X" - Certified spyware/foistware, or other malware 
"L" - Legitimate items 
"O" - Open to debate 
"?" - Unknown Status 
"BHO" - Browser Helper Object 
"TB" - Toolbar 

Computer Associates has complete and through instructions for removing this:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082746

Softomate Toolbar 
Origination Date:  March, 2004 
 
Overview 

Category 

    Toolbar: A group of buttons which perform common tasks. A toolbar
for Internet Explorer is nomally located below the menu bar at the top
of the form. Toolbars may be created by Browser Helper Objects.
 
  Clot Factor 

    Softomate Toolbar: 2
The 'Clot Factor' is a measure of how much a pest 'gums up' a machine
by adding registry entries, files, and directories. As more objects
are placed in a machine, manual removal becomes more difficult and
more error-prone.
 

  Countries Affected 

    In the past three months, we have received reports of Softomate
Toolbar in , Canada, Germany, Hong Kong, Japan, Netherlands, United
Kingdom, United States.

  Growth 

    Softomate Toolbar: Insufficient data to report growth
 

Operation 

Detection and Removal 
 
 Manual Removal 
    Follow these steps to remove Softomate Toolbar from your machine.
Begin by backing up your registry and your system, and/or setting a
Restore Point, to prevent trouble if you make a mistake.

   
    Clean Registry:

Remove these registry items (if present) with RegEdit:

HKEY_CURRENT_USER\software\softomate\ietoolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\softomate.softomateobjietoolbar

 In checking for more links on the permanent removal of this, I noted
PaestPatrol also has an article of interest, though almost identical
to the above:

http://www.pestpatrol.com/pest_info/stomp/s/softomate_toolbar.asp

They note their product removes this and have identical instructions
for registry editing for removal.

Most complete instructions appear to be at Symantec if you really wish
to purge all traces from your system:

http://www.symantec.com/avcenter/venc/data/spyware.ietoolbar.html

File names: Toolbar.dll; Searchit_toolbar.exe


Creates the following files: 
%ProgramFiles%\IEToolbar\about.html 
%ProgramFiles%\IEToolbar\basis.key 
%ProgramFiles%\IEToolbar\basis.xml 
%ProgramFiles%\IEToolbar\error.html 
%ProgramFiles%\IEToolbar\logos.bmp 
%ProgramFiles%\IEToolbar\nav.bmp 
%ProgramFiles%\IEToolbar\options.html 
%ProgramFiles%\IEToolbar\toolbar.crc 
%ProgramFiles%\IEToolbar\toolbar.dll (the BHO, detected as Spyware.IEToolbar) 
%ProgramFiles%\IEToolbar\toolbar.inf 
%ProgramFiles%\IEToolbar\version.txt


Creates the following registry entries:

HKEY_CLASSES_ROOT\CLSID\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_CLASSES_ROOT\Softomate.IEToolbar
HKEY_CLASSES_ROOT\Softomate.IEToolbar.1
HKEY_CLASSES_ROOT\TypeLib\{B36CB30A-6ED9-4C63-9A8A-7DE9FA234608}
HKEY_CLASSES_ROOT\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ToolbarToolbar5IEToolbar
HKEY_CURRENT_USER\software\Toolbar5
HKEY_CURRENT_USER\software\Toolbar5\IEToolbar




The following instructions pertain to all Symantec antivirus products
that support Expanded Threat detection.


Update the definitions. 
Unregister the toolbar.dll file. 
Run a full system scan. 
Delete the values that were added to the registry. 
Delete any related files.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and
run LiveUpdate.

2. To unregister the toolbar.dll file

Click Start > Run. 
Type, or copy and paste, the following text:

regsvr32 /u "%ProgramFiles%\IEToolbar\toolbar.dll"

then click OK. 


If a dialog box confirming this action appears, click OK.

3. To run the scan 
Start your Symantec antivirus program, and then run a full system scan.

If any files are detected as Spyware.IEToolbar and depending on which
software version you are using, you may see one or more of the
following options:

Note: This applies only to versions of Norton AntiVirus that support
Expanded Threat detection. If you are running a version of Symantec
AntiVirus Corporate Edition that supports Expanded Threat detection,
and Expanded Threat detection has been enabled, you will only see a
message box that gives the results of the scan. If you have questions
in this situation, contact your network administrator.

Exclude (Not recommended): If you click this button, it will set the
threat so that it is no longer detectable. That is, the antivirus
program will keep the expanded threat on your computer and will no
longer detect it to remove from your computer.


Ignore or Skip: This option tells the scanner to ignore the threat for
this scan only. It will be detected again the next time that you run a
scan.


Cancel: This option is new to Norton Antivirus 2005. It is used when
Norton Antivirus 2005 has determined that it cannot delete an expanded
threat. This Cancel option tells the scanner to ignore the threat for
this scan only, and thus, the threat will be detected again the next
time that you run a scan.

To actually delete the expanded threat: 
Click its file name (under the Filename column). 
In the Item Information box that displays, write down the full path and file name. 
Then use Windows Explorer to locate and delete the file. 

If Windows reports that it cannot delete the file, this indicates that
the file is in use. In this situation, complete the rest of the
instructions on this page, restart the computer in Safe mode, and then
delete the file using Windows Explorer.


Delete: This option will attempt to delete the detected files. In some
cases, the scanner will not be able to do this.
If you see a message, "Delete Failed" (or similar message), manually
delete the file.
Click the file name of the threat that is under the Filename column. 
In the Item Information box that displays, write down the full path and file name. 
Then use Windows Explorer to locate and delete the file. 

If Windows reports that it cannot delete the file, this indicates that
the file is in use. In this situation, complete the rest of the
instructions on this page, restart the computer in Safe mode, and then
delete the file using Windows Explorer.


4. To delete the values from the registry


Important: Symantec strongly recommends that you back up the registry
before making any changes to it. Incorrect changes to the registry can
result in permanent data loss or corrupted files. Modify the specified
keys only. Read the document, "How to make a backup of the Windows
registry," for instructions.


Note: This is done to make sure that all the keys are removed. They
may not be there if regsvr32 removed them.


Click Start > Run. 
Type regedit 

Then click OK. 


Navigate to and delete the following keys:

HKEY_CLASSES_ROOT\CLSID\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_CLASSES_ROOT\Softomate.IEToolbar
HKEY_CLASSES_ROOT\Softomate.IEToolbar.1
HKEY_CLASSES_ROOT\TypeLib\{B36CB30A-6ED9-4C63-9A8A-7DE9FA234608}
HKEY_CLASSES_ROOT\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar\{BECD7FB6-D67E-4104-A8AD-0DBC10251438}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ToolbarToolbar5IEToolbar
HKEY_CURRENT_USER\software\Toolbar5
HKEY_CURRENT_USER\software\Toolbar5\IEToolbar

5. To delete any related files 
Open "My Computer". 

Navigate to %ProgramFiles% and delete the folder "IEToolbar."



Now, if you are unfamiliar with editing your registry, note this article:

http://support.microsoft.com/kb/322756

You did not mention your operating system, but registry editing is
similar in almost all Windows versions. Do read thsi article if this
is new to you.


Search Strategy:

BHO SOFTOMATE


I trust my research has provided you with instructions to rid this
nuissance . If a link above should fail to work or anything require
further explanation or research, please do post a Request for
Clarification prior to rating the answer and closing the question and
I will be pleased to assist further.

Regards,

-=clouseau=-
staneyeam-ga rated this answer:5 out of 5 stars
More in formation the I ever wanted to know, but better too much then too little.

Comments  
There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy