|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
November 15th 19, 01:08 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
O.T. hacking
I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have I have a Dell Optiplex 780 Tower, with Windows 7 Professional, SP1, with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal System type : 64-bit operating system and (external hard drives) (8500) WD BLACK SERIES WD2003FZEX 2TB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive (780) Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive Today while online searching for festivals/concerts for my sister this popped up out of nowhe https://postimg.cc/DmBnGmBQ Afterwards, Win 7 did not respond for quite some time and when I tried to do control-alt-delete it also did not respond immediately. I finally was able to gain control and restarted the computer and did all the scans. I called the bank to make sure everything was OK and then I changed my password. I just thought I would post this in case anyone else has a similar problem and if I need to do anything else? Robert 
|
| Ads |
|
#2
November 15th 19, 01:46 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
Robert in CA wrote:
I have a Dell XPS 8500, with Windows 7 Professional, SP1, with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have I have a Dell Optiplex 780 Tower, with Windows 7 Professional, SP1, with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal System type : 64-bit operating system and (external hard drives) (8500) WD BLACK SERIES WD2003FZEX 2TB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive (780) Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive Today while online searching for festivals/concerts for my sister this popped up out of nowhe https://postimg.cc/DmBnGmBQ Afterwards, Win 7 did not respond for quite some time and when I tried to do control-alt-delete it also did not respond immediately. I finally was able to gain control and restarted the computer and did all the scans. I called the bank to make sure everything was OK and then I changed my password. I just thought I would post this in case anyone else has a similar problem and if I need to do anything else? Robert I wonder why these people can't afford a spell checker ? :-) You can see another one of their tries, here. https://malwaretips.com/blogs/remove...ritical-error/ "The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks typically involving utilities built into Windows [tons of junk in eventvwr.msc] and other software in order to gain the victims trust to pay for the supposed 'support' services, when the scammer actually steals the victims credit card account information." But you'd have to phone the number and listen to their high pressure sales tactics, to be tricked into doing that. STEP 1: Use AdwCleaner to remove the "Mozilla Firefox Critical ERROR" [if there is a popup dialog on the screen] STEP 2: Use Malwarebytes to scan for Malware and Unwanted Programs STEP 3: Double-check for malicious programs with HitmanPro [that's a cloud based scanner that uploads stuff] (OPTIONAL) STEP 4: Reset your browser to default settings But this is only a browser attack, by the looks of it. I would clean the cache and move on. Tools : Clear Private Data, that sort of thing. A suggestion here, is to add "Ublock Origin" as an extension. Whether this is going to help, is questionable, as the miscreants likely have Ublock Origin on their browser too, to help them figure out a domain name to use to get into your computer. https://answers.microsoft.com/en-us/...1-fd469aef9b03 https://addons.mozilla.org/en-CA/fir...ublock-origin/ You would think the filter lists you currently have installed, would be working. Sometimes, the start of these chains, is you misspell a URL when connecting to some sales site, and the entire session is a fake. They sometimes buy up domains where the name is "off by one letter", in the hopes a user will mis-type a famous website name. Like Anazon instead of Amazon. The letters should be close enough together, so that if your finger slips off a key, the frequency it happens is non-zero. If you don't do anything, that's OK too. I've had a few of these, and don't really get too excited. If the screen locks up, I want to know why though. But just a colorful web page doesn't scare me. The most worrying part for me, is how good they're getting at it. ******* I think someone tried to tip over my ISP yesterday. One of the two DNS servers went down. The main domain page of my ISP would not render (I could not get to their network status page). It took several hours for the real web site to come back up, and the "network status" didn't say a word about trouble, which is weird. My service was pretty well useless at the time, since while I could coax the main URL of famous web pages to open, all the junk advertiser domain names would not be successfully looked up (from the .js code), and so the page would refuse to render. So I worked on backups for several hours instead. Paul
|
|
#3
November 15th 19, 08:36 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
Robert,
I just thought I would post this in case anyone else has a similar problem and if I need to do anything else? Recently I read about a flaw in FF which would make it appear as if the machine had locked up. Thats probably the slowness you experienced. The message itself is just a run-of-the-mill overlay, hiding the webpage it came from. The source is most likely a poisonned advertising channel. In short, a simple play on Fear, Uncertainty and Doubt (FUD). I called the bank to make sure everything was OK and then I changed my password. You did better than quite a few. :-) Regards, Rudy Wieser
|
|
#4
November 15th 19, 11:44 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Thursday, November 14, 2019 at 5:46:53 PM UTC-8, Paul wrote:
Robert in CA wrote: I have a Dell XPS 8500, with Windows 7 Professional, SP1, with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have I have a Dell Optiplex 780 Tower, with Windows 7 Professional, SP1, with Spywareblaster, Malwarebytes, Avast , Windows Defender and Windows firewall. Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal System type : 64-bit operating system and (external hard drives) (8500) WD BLACK SERIES WD2003FZEX 2TB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive (780) Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive Today while online searching for festivals/concerts for my sister this popped up out of nowhe https://postimg.cc/DmBnGmBQ Afterwards, Win 7 did not respond for quite some time and when I tried to do control-alt-delete it also did not respond immediately. I finally was able to gain control and restarted the computer and did all the scans. I called the bank to make sure everything was OK and then I changed my password. I just thought I would post this in case anyone else has a similar problem and if I need to do anything else? Robert I wonder why these people can't afford a spell checker ? :-) You can see another one of their tries, here. https://malwaretips.com/blogs/remove...ritical-error/ "The scammer will typically attempt to get the victim to allow remote access to their computer. After remote access is gained, the scammer relies on confidence tricks typically involving utilities built into Windows [tons of junk in eventvwr.msc] and other software in order to gain the victims trust to pay for the supposed 'support' services, when the scammer actually steals the victims credit card account information." But you'd have to phone the number and listen to their high pressure sales tactics, to be tricked into doing that. STEP 1: Use AdwCleaner to remove the "Mozilla Firefox Critical ERROR" [if there is a popup dialog on the screen] STEP 2: Use Malwarebytes to scan for Malware and Unwanted Programs STEP 3: Double-check for malicious programs with HitmanPro [that's a cloud based scanner that uploads stuff] (OPTIONAL) STEP 4: Reset your browser to default settings I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert
|
|
#5
November 15th 19, 11:51 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Friday, November 15, 2019 at 12:36:43 AM UTC-8, R.Wieser wrote:
Robert, I just thought I would post this in case anyone else has a similar problem and if I need to do anything else? Recently I read about a flaw in FF which would make it appear as if the machine had locked up. Thats probably the slowness you experienced. The message itself is just a run-of-the-mill overlay, hiding the webpage it came from. The source is most likely a poisonned advertising channel. In short, a simple play on Fear, Uncertainty and Doubt (FUD). I called the bank to make sure everything was OK and then I changed my password. You did better than quite a few. :-) Regards, Rudy Wieser Thanks, and btw for some reason I got signed out of Google and had to sign back in just to post this. Robert
|
|
#6
November 15th 19, 12:37 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
Robert in CA wrote:
I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul
|
|
#7
November 15th 19, 03:41 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Friday, November 15, 2019 at 4:37:38 AM UTC-8, Paul wrote:
Robert in CA wrote: I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul Yes but do I proceed with AdwCleaner and quarantine and disable them or not? Robert
|
|
#8
November 15th 19, 04:15 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Friday, November 15, 2019 at 7:41:35 AM UTC-8, Robert in CA wrote:
On Friday, November 15, 2019 at 4:37:38 AM UTC-8, Paul wrote: Robert in CA wrote: I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul Yes but do I proceed with AdwCleaner and quarantine and disable them or not? Robert I ran AdwCleaner again; I tried to quarantine and disable the Pup.Optional.ByteFence but it never shows up in quarantine so I can delete it. The Dell preinstalled software is still there as well and think it's best just to leave them alone as it only shows as preinstalled software. In passing, I noticed that the detections keep going up with each scan: https://postimg.cc/fJpgz60B https://postimg.cc/yDhhM5hJ https://postimg.cc/Z0cXP7vL https://postimg.cc/HVWDfD1K Robert
|
|
#9
November 15th 19, 05:52 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Friday, November 15, 2019 at 8:15:07 AM UTC-8, Robert in CA wrote:
On Friday, November 15, 2019 at 7:41:35 AM UTC-8, Robert in CA wrote: On Friday, November 15, 2019 at 4:37:38 AM UTC-8, Paul wrote: Robert in CA wrote: I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul Yes but do I proceed with AdwCleaner and quarantine and disable them or not? Robert I ran AdwCleaner again; I tried to quarantine and disable the Pup.Optional.ByteFence but it never shows up in quarantine so I can delete it. The Dell preinstalled software is still there as well and think it's best just to leave them alone as it only shows as preinstalled software. In passing, I noticed that the detections keep going up with each scan: https://postimg.cc/fJpgz60B https://postimg.cc/yDhhM5hJ https://postimg.cc/Z0cXP7vL https://postimg.cc/HVWDfD1K Robert I did a search on Agent Ransack to see if I could locate the file: https://postimg.cc/DJtnNNpS Robert
|
|
#10
November 16th 19, 05:24 AM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
Robert in CA wrote:
On Friday, November 15, 2019 at 8:15:07 AM UTC-8, Robert in CA wrote: On Friday, November 15, 2019 at 7:41:35 AM UTC-8, Robert in CA wrote: On Friday, November 15, 2019 at 4:37:38 AM UTC-8, Paul wrote: Robert in CA wrote: I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul Yes but do I proceed with AdwCleaner and quarantine and disable them or not? Robert I ran AdwCleaner again; I tried to quarantine and disable the Pup.Optional.ByteFence but it never shows up in quarantine so I can delete it. The Dell preinstalled software is still there as well and think it's best just to leave them alone as it only shows as preinstalled software. In passing, I noticed that the detections keep going up with each scan: https://postimg.cc/fJpgz60B https://postimg.cc/yDhhM5hJ https://postimg.cc/Z0cXP7vL https://postimg.cc/HVWDfD1K Robert I did a search on Agent Ransack to see if I could locate the file: https://postimg.cc/DJtnNNpS Robert You could interpret that to mean, on each scan, the removal tool "does something" and Bytefence puts it back. If the item was just a Registry entry, there would be no item in the Quarantine. I doubt they track registry changes with .reg files, and for that matter, you must have noticed by now, just how poor the registry cleaning is on AV tools. They hardly ever remove those remnants - yet the scanners keep looking for them. https://ugetfix.com/ask/how-to-unins...-from-windows/ # Locate and remove all registry entries that belong to ByteFence. HKEY_CURRENT_USER\Software\ByteFence HKEY_LOCAL_MACHINE\Software\ByteFence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\eg ui === spelling? # Then delete all ByteFence related files in the following folders: C:\Program Files\ByteFence C:\Document and Settings\All Users\Application Data\ByteFence C:\Documents and Settings\Rob\Application Data\ByteFence # Finally, delete Search.ByteFence.com plug-in from your web browser and reset its settings to default. Of all the above info, the Run key one looks the most interesting. That could be their tag-team defensive strategy ("puts stuff back"). Paul
|
|
#11
November 16th 19, 01:40 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
On Friday, November 15, 2019 at 9:24:38 PM UTC-8, Paul wrote:
Robert in CA wrote: On Friday, November 15, 2019 at 8:15:07 AM UTC-8, Robert in CA wrote: On Friday, November 15, 2019 at 7:41:35 AM UTC-8, Robert in CA wrote: On Friday, November 15, 2019 at 4:37:38 AM UTC-8, Paul wrote: Robert in CA wrote: I started AdwCleaner and it found this but am not sure if I should proceed with quarantine and disable or not? https://postimg.cc/rRKbTSQd https://postimg.cc/DSKCpkk4 Robert That's pretty weird. The bytefence one, might be some leftovers in the Registry from a previous experience. Whereas the Dell information seems new. And what is weird, is the second entry says "Dell for Windows 10", when the desktop decoration in your screenshot is Windows 7 :-) Either the Dell items are "not real" and a Black Hat made entries with Dell branding to confuse matters. Or those really are Dell entries, legitimate ones, and were found somewhere that adwcleaner scans ??? Dunno what to make of that. ******* Bytefence, if it was actually on your computer, is scareware. This is the kind of interface it would present. It expects you to buy a license, just so you can see a series of scary screens like this. It's like is is Halloween all over again, I'm so scared. https://community.norton.com/en/foru...ce-good-or-bad We know you have Dell entries on the machine, and whether you should keep those, is a matter of constant debate. I don't care about crapware myself, unless it makes work for me. Then I get angry and stuff happens to it :-) Paul Yes but do I proceed with AdwCleaner and quarantine and disable them or not? Robert I ran AdwCleaner again; I tried to quarantine and disable the Pup.Optional.ByteFence but it never shows up in quarantine so I can delete it. The Dell preinstalled software is still there as well and think it's best just to leave them alone as it only shows as preinstalled software. In passing, I noticed that the detections keep going up with each scan: https://postimg.cc/fJpgz60B https://postimg.cc/yDhhM5hJ https://postimg.cc/Z0cXP7vL https://postimg.cc/HVWDfD1K Robert I did a search on Agent Ransack to see if I could locate the file: https://postimg.cc/DJtnNNpS Robert You could interpret that to mean, on each scan, the removal tool "does something" and Bytefence puts it back. If the item was just a Registry entry, there would be no item in the Quarantine. I doubt they track registry changes with .reg files, and for that matter, you must have noticed by now, just how poor the registry cleaning is on AV tools. They hardly ever remove those remnants - yet the scanners keep looking for them. https://ugetfix.com/ask/how-to-unins...-from-windows/ # Locate and remove all registry entries that belong to ByteFence. HKEY_CURRENT_USER\Software\ByteFence HKEY_LOCAL_MACHINE\Software\ByteFence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\eg ui === spelling? # Then delete all ByteFence related files in the following folders: C:\Program Files\ByteFence C:\Document and Settings\All Users\Application Data\ByteFence C:\Documents and Settings\Rob\Application Data\ByteFence # Finally, delete Search.ByteFence.com plug-in from your web browser and reset its settings to default. Of all the above info, the Run key one looks the most interesting. That could be their tag-team defensive strategy ("puts stuff back"). Paul As usual, I did nothing and out of the blue I have a problem. So none of the uninstall's work on the link you gave since you didn't say to select any? So I have to locate all of these in the registry where I could royally screw things up? Then C: drive then the search then reset browser to default settings. How do I do that? I don't have any idea what your referring to by the Run key. I ran another Agent Ransack scan: https://postimg.cc/rznJHzBt Robert
|
|
#12
November 16th 19, 01:45 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
You could interpret that to mean, on each scan, the removal tool "does something" and Bytefence puts it back. If the item was just a Registry entry, there would be no item in the Quarantine. I doubt they track registry changes with .reg files, and for that matter, you must have noticed by now, just how poor the registry cleaning is on AV tools. They hardly ever remove those remnants - yet the scanners keep looking for them. https://ugetfix.com/ask/how-to-unins...-from-windows/ # Locate and remove all registry entries that belong to ByteFence. HKEY_CURRENT_USER\Software\ByteFence HKEY_LOCAL_MACHINE\Software\ByteFence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\eg ui === spelling? # Then delete all ByteFence related files in the following folders: C:\Program Files\ByteFence C:\Document and Settings\All Users\Application Data\ByteFence C:\Documents and Settings\Rob\Application Data\ByteFence # Finally, delete Search.ByteFence.com plug-in from your web browser and reset its settings to default. Of all the above info, the Run key one looks the most interesting. That could be their tag-team defensive strategy ("puts stuff back"). Paul How do I access the registry to remove entries. Robert
|
|
#13
November 16th 19, 01:52 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
You could interpret that to mean, on each scan, the removal tool "does something" and Bytefence puts it back. If the item was just a Registry entry, there would be no item in the Quarantine. I doubt they track registry changes with .reg files, and for that matter, you must have noticed by now, just how poor the registry cleaning is on AV tools. They hardly ever remove those remnants - yet the scanners keep looking for them. https://ugetfix.com/ask/how-to-unins...-from-windows/ # Locate and remove all registry entries that belong to ByteFence. HKEY_CURRENT_USER\Software\ByteFence HKEY_LOCAL_MACHINE\Software\ByteFence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\eg ui === spelling? # Then delete all ByteFence related files in the following folders: C:\Program Files\ByteFence C:\Document and Settings\All Users\Application Data\ByteFence C:\Documents and Settings\Rob\Application Data\ByteFence # Finally, delete Search.ByteFence.com plug-in from your web browser and reset its settings to default. Of all the above info, the Run key one looks the most interesting. That could be their tag-team defensive strategy ("puts stuff back"). Paul I deleted the Bytefence in program files but I see no Documents and Settings. Should I delete all Bytefence files found by Agent Ransack? Thanks, Robert
|
|
#14
November 16th 19, 01:56 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
Robert in CA wrote:
You could interpret that to mean, on each scan, the removal tool "does something" and Bytefence puts it back. If the item was just a Registry entry, there would be no item in the Quarantine. I doubt they track registry changes with .reg files, and for that matter, you must have noticed by now, just how poor the registry cleaning is on AV tools. They hardly ever remove those remnants - yet the scanners keep looking for them. https://ugetfix.com/ask/how-to-unins...-from-windows/ # Locate and remove all registry entries that belong to ByteFence. HKEY_CURRENT_USER\Software\ByteFence HKEY_LOCAL_MACHINE\Software\ByteFence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\eg ui === spelling? # Then delete all ByteFence related files in the following folders: C:\Program Files\ByteFence C:\Document and Settings\All Users\Application Data\ByteFence C:\Documents and Settings\Rob\Application Data\ByteFence # Finally, delete Search.ByteFence.com plug-in from your web browser and reset its settings to default. Of all the above info, the Run key one looks the most interesting. That could be their tag-team defensive strategy ("puts stuff back"). Paul How do I access the registry to remove entries. Robert Your picture shows it's been present for a while. ******* Before you get too excited, first we have to consider the possibility there is an entry in the Control Panels, in Programs and Features. If you see ByteFence is an installed program, select it and select "Uninstall" and see what happens. Try one reboot, after the uninstall is done, then run your search with Agent Ransack again, and see if the component parts have disappeared. If a program is installed the regular way, it's better to remove it the regular way... and then go after the cosmetic leftovers later. The instructions above, say there is a plug-in that is in the browser. You can try about  luginsand see if that is the case in Firefox. Try to use the removal in Programs and Features control panel, then go back later and check again. I could imagine the plugin being left by the installer, so you may have to deal with that separately. It would be real nice, if for once the uninstaller actually worked on one of these things. Cleaning them up by ripping the arms and legs off them, just doesn't give the right leverage. ******* If all of this is a failure, we can use Regedit to remove things from the registry. But if you remember what happened the last time, we found something like "TrustedInstaller" owned the entries, making them hard to remove. Regedit works best, if an administrators group account is available to help out. But things owned by other accounts, won't just "roll over" if an Administrator happens by. And TrustedInstaller is a bitch, which is why a malware would use it. It takes extra effort to become the account in question, and do a removal. Paul
|
|
#15
November 16th 19, 02:18 PM
posted to microsoft.public.windowsxp.general
|
|||
|
|||
|
O.T. hacking
In message , Paul
writes: [] If a program is installed the regular way, it's better to remove it the regular way... and then go after the cosmetic leftovers later. [] Certainly it's usually better to try the provided uninstall than just looking for what you think might be related files and deleting those. I'd get Revo uninstaller, though, at least the free version, and run the application's own uninstaller _from inside Revo_, because I've always had the _impression_ that Revo "watches" the provided uninstaller, and "makes notes of where to look" afterwards. (I don't _know_ that that's how Revo works - anybody? - but I certainly get that _impression_.) If you _just_ run the uninstaller, you won't know where to look - installers often put stuff (both files and registry entries). "Other uninstallers are [I think] available." (I've not used any of them though.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf (Incidentally, it was made in Spain so shouldn't it be a "paella western"?) - Barry Norman [on "A Fistful of Dollars"], RT 2014/10/4-10
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
