 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
2 edits | Uninstalling Babylon malware. I am helping someone remotely who installed a music ripper for his audio CDs, but it came with and installed Babylon. He said it is screwing with his Internet. Norton, Malwarebytes AntiMalware, SuperAntiSpyware, and Spybot S&D did NOT get rid of it. He has Vista.
From what I read, it is just a toolbar search and not really a malware. Am I correct? I am not familiar with this malware.
Thank you in advance. 
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
·Comcast
| The only Babylon I am familiar with is translation software and it certainly is not malware.
But malware has no conscience about using the same name. My first choice for removal would be MBAM.
From what you stated he ran, it does appears he removed it. Just tell him to keep an eye on the computer for the next week.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 Reviews:
·RoadRunner Cable
3 edits | said by LoPhatPhuud:The only Babylon I am familiar with is translation software and it certainly is not malware.
But malware has no conscience about using the same name. My first choice for removal would be MBAM.
From what you stated he ran, it does appears he removed it. Just tell him to keep an eye on the computer for the next week.
Whoops, I missed a key word (NOT) and updated my original post. He said none of them got rid of them. I told him to try »security.symantec.com/nbrt/nbrt.aspx since he has a Norton product installed. Also, he said Facebook doesn't let him log in because of this "malware". He took a screen shot/capture to share: »i.imgur.com/xm1Kr.gif ... He seems to be using Chrome (not familiar with that web browser). |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26 Reviews:
·Comcast
1 edit | reply to antdude
If all the security programs fail to detect it, it may be limited to Chrome itself. I would, however, expect some registry entries to be present and should be detectavble.
1. Check with the Toolbar manufacturer for instructions on removing.
2. Uninstall the ripper program, then Chrome itself. Reboot and re-install Chrome.
3. Flatten and repave (and take it as a lesson learned) |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26 Reviews:
·Comcast
| reply to antdude
Progress!! I found a removal post!@
»www.raymond.cc/blog/babylon-tool···removal/
No guarantee's but it 's worth a try.
PS: Google for babylon adware That will return a lot of entries, including the one above. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 Reviews:
·RoadRunner Cable
1 edit | I will send him this link and this thread to him. I hope he can handle all that technical stuff.  Is there not a GUI automated tool?
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
 skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South
Charter Internet/TV
Earthlink DSL
CenturyLink
ISP b2b etc
Cisco
| reply to antdude
Coincidentally, a relative of mine called me yesterday because the Babylon malware had hijacked her Chrome browser. She tried Spybot, which identified the malware, but did not remove it. I was going to have her try the steps mentioned in the article: »www.raymond.cc/blog/babylon-tool···removal/, as it would pertain to the Chrome browser.
--
Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner |
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26 | reply to antdude
That one seems to be going around. Time to check for other solutions although that one is thorough. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7
1 edit | Interesting...On wife's win7 with the IE9 saw this the other day when searching in the address bar... home page just happens to be google so don't let that throw you off. Did not investigate it yet.
Update:
people are talking about this one here
»answers.microsoft.com/en-us/ie/f···99b31bf5
I will try to find out how/where she got it.
My first guess would be from a gadget
»Microsoft Recommends Terminating Gadgets |
|
|
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to antdude
It appears that is babylon is an affiliate thing where people or companies can make commission on clicks for ads. some have complained that " it brings up this when I hit new tab search.babylon.com/?affID=112555&tt=010712_4&babsrc=NT_ss&mntrId=409e79f500000000000000266c8efc7d CptTaco1 and that is the affiliate ID for someone making $$$ for a user.  Seems people that have IE, Firefox..and a few other browsers are getting whacked with this one..but not seen any with Google Chrome yet. --
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26 | reply to antdude
Thanks for the link(s) NameGame!!.
ps: ObiJuan thanks you too. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Here is a video for ObiJuan on putting babyJuan for Chrome to sleep.
»www.youtube.com/watch?v=OfwH8xii···e=relmfu
This one is for the udder bouys
ht tp://www.youtube.com/watch?v=O-zNCtXQ7A0&feature=related
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to LoPhatPhuud
said by LoPhatPhuud:Thanks for the link(s) NameGame!!.
ps: ObiJuan thanks you too.
welcome..maybe that stuff will help you and antdude find all the piece of this mud pie and put together a better way of cleaning up the mess... good luck guys and have a nice Sunday.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South Host:
Charter Internet/TV
Earthlink DSL
CenturyLink
ISP b2b etc
Cisco
| reply to Name Game
said by Name Game:It appears that is babylon is an affiliate thing where people or companies can make commission on clicks for ads.
some have complained that " it brings up this when I hit new tab search.babylon.com/?affID=1125�55&tt=010712_4&babsrc=NT_ss&mn�trId=409e79f500000000000000266�c8efc7d
CptTaco1
and that is the affiliate ID for someone making $$$ for a user.
Seems people that have IE, Firefox..and a few other browsers are getting whacked with this one..but not seen any with Google Chrome yet.
It is getting into Chrome too. As I mentioned above, » Re: Uninstalling Babylon malware.--
Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | Yes..that is why posted this video »Re: Uninstalling Babylon malware. |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 Reviews:
·RoadRunner Cable
| reply to Name Game
said by Name Game:Here is a video for ObiJuan on putting babyJuan for Chrome to sleep.
(youtube clip)
one is for the udder bouys
ht tp://www.youtube.com/watch?v=O-zNCtXQ7A0&feature=related
Wow, long video! Thanks. I will pass this to my friend who has this problem.
--
Ant @ »antfarm.ma.cx and »aqfl.net. Please do not IM/e-mail me for technical support. Use the forum! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer |
|
skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South Host:
Charter Internet/TV
Earthlink DSL
CenturyLink
ISP b2b etc
Cisco
| reply to Name Game
Watched the video and went through it with a friend. It appears it is gone, but that is one bit of a stubborn piece of malware.
--
Reality is the leading cause of stress among those who are in touch with it.--Jane Wagner |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 Reviews:
·RoadRunner Cable
2 edits | reply to antdude
Done? My friend followed up with this reply "... I cleared my cache and cookies and the problem went away. I thought about that since I was getting the error in chrome on facebook and not in IE. Malware pisses me off... I piss myself off when I download that crap!"
Now, he doesn't have the problems anymore. I hope so! And eww for "piss". LOL! |
|
skjWelcome to the far side of realityPremium,Mod
join:2002-04-04
Gone South | That's great.
I wonder why the AV programs don't catch this? |
|
antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4 Reviews:
·RoadRunner Cable
| said by skj:That's great.
I wonder why the AV programs don't catch this?
Maybe it is not really a malware? |
|
