Visual Bee downloaded from cnet

I was downloading a free program from cnet called space sniffer and received Visual Bee as well. It changed my home page on IE, Chrome, and Firefox and added toolbars to all three. I later read that cnet is no longer reliable as a source. Now, I am suspicious of everyone but microsoft. Even so, I downloaded adwCleaner from here. I deleted Visual Bee as best I could and ran adwCleaner which deleted items I couldn’t find. I thought I was done but then I found another Visual Bee exe in a “programdata” file. (It was not available to “uninstall” as other parts of the program had been.) I deleted that and emptied my recycling bin. I ran adwCleaner again.
I also restored Firefox to original config as that was the only way I could get rid of the tool bar there.

What else do I need to do? I saw something about OTL. Is this something else that I need to do?

Thanks for any help. This site got me to AdwCleaner, which I think, helped quite a bit.

I am running Vista if that makes a difference

Sure run OTL and attach the log here and I will see what remains

Thanks–attached.

I followed the directions on the sticky post above. So hope this is correct.

This should clear the last of it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O3 - HKU\S-1-5-21-987622420-1275357919-1589713975-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2013/04/19 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\VisualBeeExe
[2013/04/19 15:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks so much. I’m including the log.

Any further problems ?

Hi Essex Boy,
I’ve been traveling all day and have not been able to test. Looking forward to checking it out in the morning (it’s late evening here in LA).

I will definitely let you know! Thanks for all of your help.

Hi,
I think it’s gone. I ran Adw cleaner and got this:
Folder Deleted : C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\qczbwuub.default-1366653572623\extensions\staged [this is actually from the deleted log]
Then I hit delete and ran it again and it came up clean.
Malware bytes also was clean, although it has two items called “hijacker.application” in quarantine. Can I delete those?

I saw a thread that had a list of recommended anti virus, etc programs recently here but I am unable to find it now. I think the OP was asking if he should purchase Malware bytes or not and asking for other recommendations. I’m a newbie with this, but now that I have had to endure one situation, I don’t want to go through it again. Can you point me in the direction of that thread? After receiving such great support here, I think that I am going to uninstall AVG and install Avast. Any thoughts on that?
Essexboy, thanks so much for your help. I was in a state of panic after downloading that toolbar and you really helped me out!

Yes delete the stuff from MBAM quarantine

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

https://dl.dropbox.com/u/73555776/disc%20clean.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

So… I did the clean up on OTL. It deleted itself but not Adwcleaner or Malwarebytes.

I did the following: Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear

However, After hitting OK at the 1st prompt it runs for awhile and then disappears. I’ve tried it about 5 times and waited 5-10 minutes and it seems to die. The tabs never appear. Any suggestions?

Uninstall MBAM via Control Panel, run AdwCleaner and select uninstall

I will look into the disc cleanup problem

Thanks, essexboy. They are both gone now. I tried running the disk clean up again, but had the same result. I watched it in the process monitor. It runs for 4-5 minuts and then the progress bar disappears and it is no longer present in the process monitor.

Follow the initial steps on this page to delete all but the most recent restore points http://www.howtogeek.com/howto/5482/make-system-restore-use-less-space-in-windows-7/
Meanwhile I will see if I can find out why disc clean up does not work

well…tried to do that using the directions for Vista (not on Windows 7) and received this (down below):

Thought about typing in:vssadmin Resize ShadowStorage /For=C: /On=D: /MaxSize=900MB (basically exchanging a D for the C in howtogeek’s directions, but thought I’d better check with you first, since this is waaaaay outside of my comfort zone. :slight_smile:

Here is what I copied from the c prompt:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>vssadmin list shadowstorage
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.

Shadow Copy Storage association
For volume: (C:)\?\Volume{e80440f3-63b4-11dc-83b0-806e6f6e6963}
Shadow Copy Storage volume: (C:)\?\Volume{e80440f3-63b4-11dc-83b0-806e6f6e69
63}
Used Shadow Copy Storage space: 10.357 GB
Allocated Shadow Copy Storage space: 10.825 GB
Maximum Shadow Copy Storage space: 14.882 GB

C:\Windows\system32>vssadmin Resize ShadowStorage /For=C: /On=C:Maxsize=2GB
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.

Error: Invalid option value.

C:\Windows\system32>vssadmin Resize ShadowStorage /For=C: /On=C /Maxsize=2GB
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.

Error: Invalid option value.

C:\Windows\system32>vssadmin resize shadowstorage /for=c: /maxsize=3gb
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001-2005 Microsoft Corp.

Error: A required option is missing.

Resize ShadowStorage /For=ForVolumeSpec /On=OnVolumeSpec [/MaxSize=MaxSizeSpec]
- Resizes the maximum size for a shadow copy storage association between
ForVolumeSpec and OnVolumeSpec. Resizing the storage association may
cause shadow copies to disappear. If MaxSizeSpec is not
specified, there no limit to the amount of space it may use. As certain
shadow copies are deleted, the shadow copy storage space will then
shrink. MaxSizeSpec must be 300MB or greater and accepts the following
suffixes: KB, MB, GB, TB, PB and EB. Also, B, K, M, G, T, P, and E are
acceptable suffixes. If a suffix is not supplied, MaxSizeSpec is in
bytes.

Example Usage:  vssadmin Resize ShadowStorage /For=C: /On=D: /MaxSize=900MB

C:\Windows\system32>

OK lets check the windows files

Go Start > All Programs > Accessories
Right click Command Prompt and select “Run as Administrator”
In the black box that opens type in the following command

sfc /scannow

Allow windows to check al files and reboot on completion.
Then retry disc cleanup

It Worked!!

I was able to run disk clean up.

After entering the command “sfc /scannow” I did get a message (down below) saying that there were some corrupt files but I am assuming that this is not much of an issue. I tried to view them but was unable to do so.

I think I still want to try the re-sizing of shadow storage as well. What do you think about me trying this (from my earlier post)?

Thought about typing in:vssadmin Resize ShadowStorage /For=C: /On=D: /MaxSize=900MB (basically exchanging a D for the C in howtogeek’s directions, but thought I’d better check with you first, since this is waaaaay outside of my comfort zone.)

Thanks for your help!


Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

The system file repair changes will take effect after the next reboot.

The ones that were reported as unrepairable are generally ini files and are of no import

To resize the storage you do not need to use a command line

Go to the restore properties page and use the slider to set the value

Don’t have the slider…Vista :frowning:

Thanks for the info on the unrepairable files. :slight_smile:

Could you try this way as it would save messing with a command line http://www.mydigitallife.info/change-and-set-vista-shadow-copy-or-system-restore-disk-space-limit-in-explorer-gui/

That worked! Gained 1.8 gb.

Thanks so much!