dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5236
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

2 edits

Uninstalling Babylon malware.

I am helping someone remotely who installed a music ripper for his audio CDs, but it came with and installed Babylon. He said it is screwing with his Internet. Norton, Malwarebytes AntiMalware, SuperAntiSpyware, and Spybot S&D did NOT get rid of it. He has Vista.

From what I read, it is just a toolbar search and not really a malware. Am I correct? I am not familiar with this malware.

Thank you in advance.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
The only Babylon I am familiar with is translation software and it certainly is not malware.

But malware has no conscience about using the same name. My first choice for removal would be MBAM.

From what you stated he ran, it does appears he removed it. Just tell him to keep an eye on the computer for the next week.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

3 edits
said by LoPhatPhuud:

The only Babylon I am familiar with is translation software and it certainly is not malware.

But malware has no conscience about using the same name. My first choice for removal would be MBAM.

From what you stated he ran, it does appears he removed it. Just tell him to keep an eye on the computer for the next week.

Whoops, I missed a key word (NOT) and updated my original post. He said none of them got rid of them. I told him to try »security.symantec.com/nbrt/nbrt.aspx since he has a Norton product installed. Also, he said Facebook doesn't let him log in because of this "malware". He took a screen shot/capture to share: »i.imgur.com/xm1Kr.gif ... He seems to be using Chrome (not familiar with that web browser).


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 edit

1 recommendation

reply to antdude
If all the security programs fail to detect it, it may be limited to Chrome itself. I would, however, expect some registry entries to be present and should be detectavble.

1. Check with the Toolbar manufacturer for instructions on removing.

2. Uninstall the ripper program, then Chrome itself. Reboot and re-install Chrome.

3. Flatten and repave (and take it as a lesson learned)


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

3 recommendations

reply to antdude
Progress!! I found a removal post!@

»www.raymond.cc/blog/babylon-tool···removal/

No guarantee's but it 's worth a try.

PS: Google for babylon adware That will return a lot of entries, including the one above.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

1 edit
said by LoPhatPhuud:

Progress!! I found a removal post!@

»www.raymond.cc/blog/babylon-tool···removal/

No guarantee's but it 's worth a try.

PS: Google for babylon adware That will return a lot of entries, including the one above.

I will send him this link and this thread to him. I hope he can handle all that technical stuff. Is there not a GUI automated tool?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1

2 recommendations

reply to antdude
Coincidentally, a relative of mine called me yesterday because the Babylon malware had hijacked her Chrome browser. She tried Spybot, which identified the malware, but did not remove it. I was going to have her try the steps mentioned in the article: »www.raymond.cc/blog/babylon-tool···removal/, as it would pertain to the Chrome browser.
--


Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to antdude
That one seems to be going around. Time to check for other solutions although that one is thorough.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit

1 recommendation

Click for full size
Interesting...On wife's win7 with the IE9 saw this the other day when searching in the address bar... home page just happens to be google so don't let that throw you off. Did not investigate it yet.
Update:
people are talking about this one here

»answers.microsoft.com/en-us/ie/f···99b31bf5

I will try to find out how/where she got it.

My first guess would be from a gadget

»Microsoft Recommends Terminating Gadgets


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

2 recommendations

reply to antdude
It appears that is babylon is an affiliate thing where people or companies can make commission on clicks for ads.

some have complained that " it brings up this when I hit new tab search.babylon.com/?affID=1125­55&tt=010712_4&babsrc=NT_ss&mn­trId=409e79f500000000000000266­c8efc7d
CptTaco1

and that is the affiliate ID for someone making $$$ for a user.

Seems people that have IE, Firefox..and a few other browsers are getting whacked with this one..but not seen any with Google Chrome yet.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to antdude
Thanks for the link(s) NameGame!!.

ps: ObiJuan thanks you too.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

Here is a video for ObiJuan on putting babyJuan for Chrome to sleep.

»www.youtube.com/watch?v=OfwH8xii···e=relmfu


This one is for the udder bouys

ht tp://www.youtube.com/watch?v=O-zNCtXQ7A0&feature=related
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to LoPhatPhuud
said by LoPhatPhuud:

Thanks for the link(s) NameGame!!.

ps: ObiJuan thanks you too.



welcome..maybe that stuff will help you and antdude find all the piece of this mud pie and put together a better way of cleaning up the mess... good luck guys and have a nice Sunday.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1

1 recommendation

reply to Name Game
said by Name Game:

It appears that is babylon is an affiliate thing where people or companies can make commission on clicks for ads.

some have complained that " it brings up this when I hit new tab search.babylon.com/?affID=1125�55&tt=010712_4&babsrc=NT_ss&mn�trId=409e79f500000000000000266�c8efc7d
CptTaco1

and that is the affiliate ID for someone making $$$ for a user.

Seems people that have IE, Firefox..and a few other browsers are getting whacked with this one..but not seen any with Google Chrome yet.

It is getting into Chrome too. As I mentioned above, »Re: Uninstalling Babylon malware.
--


Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Yes..that is why posted this video »Re: Uninstalling Babylon malware.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable
reply to Name Game
said by Name Game:

Here is a video for ObiJuan on putting babyJuan for Chrome to sleep.

(youtube clip)
one is for the udder bouys

ht tp://www.youtube.com/watch?v=O-zNCtXQ7A0&feature=related

Wow, long video! Thanks. I will pass this to my friend who has this problem.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1
reply to Name Game
Watched the video and went through it with a friend. It appears it is gone, but that is one bit of a stubborn piece of malware.
--


Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

2 edits
reply to antdude

Done?

My friend followed up with this reply "... I cleared my cache and cookies and the problem went away. I thought about that since I was getting the error in chrome on facebook and not in IE. Malware pisses me off... I piss myself off when I download that crap!"

Now, he doesn't have the problems anymore. I hope so! And eww for "piss". LOL!


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1
That's great.

I wonder why the AV programs don't catch this?


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable
said by skj:

That's great.

I wonder why the AV programs don't catch this?

Maybe it is not really a malware?


jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4

1 recommendation

reply to antdude

Re: Uninstalling Babylon malware.

I just had to deal with this and although I was able to manually clean it up, there was a lot of hidden stuff left behind even after a thorough manual removal.

I acquired this *%$# thing by downloading a free font from a site called fonts101. The download came as an .exe and upon executing, WinPatrol notified me of this unwanted toolbar. I said "no" and "no" etc. etc. Unfortunately after stopping the installation of the font, the toolbar had punched through WinPatrol and been installed in IE, Firefox and Chrome. Also my default search engine had been changed to Babylon in all three. It did all of this without any permission on my part and even though I aborted installing the font. Furthermore it created a user.js in Firefox to ensure that the Firefox about:config settings would be modified even after manually cleaning out the preference settings.

It may not be malware, but it sure acts like it. This is not an easy thing to remove. It places two removable entries that you can uninstall, but uninstalling does not undo the changes to the home page and default search and some of these are not all that easy to change back even after the toolbar has been removed.

After dealing with manual removal, I am happy to recommend Ad-Remover. This free (donation-ware) program will remove it completely.

Download

Good luck!
--
"It turns out we're very good at not seeing things" - Jack Hitt


skj
Welcome to the far side of reality
Premium,Mod
join:2002-04-04
Gone South
kudos:1
reply to antdude
Just had another person call me with this invasive piece of malware. It would be nice if the AV programs caught it. She is using Norton.
--


Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 recommendation

reply to jmorlan
said by jmorlan:

After dealing with manual removal, I am happy to recommend Ad-Remover. This free (donation-ware) program will remove it completely.

Download

jmorlan, you posted links for two different programs.. one link is for "ad-remover" and the other link is for "adwcleaner"..

i am not sure which of the two programs you used..

i have heard "adwcleaner" mentioned before and i saw a log of stuff that it removed from one person's computer, which i thought was impressive..


jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4

1 recommendation

Sorry about that. The download link is for adwcleaner which is correct and what I used to clean up after manually cleaning.

»general-changelog-team.fr/en/too···wcleaner
--
"It turns out we're very good at not seeing things" - Jack Hitt
Expand your moderator at work