Tech Question

[housekeeper]

I'm posting due to the fact there are some tech savvy members of this forum, also with the oft chance someone may have some insight into my dilema. Last week I went onto Cnet to download a utility, in addition to the utility I also had 2 other programs install themselves onto my computer unbeknownst to me. One I was able to completely delete, the other I've manually removed I'd guess about 98% of, it's seemingly not posing a dire threat, however I need to try and wipe the rest of it off my system because the more these things fester, the deeper in shit you'll stand. It is the 'iminent virus', also known as the iminent toolbar virus. It's a browser highjacker and quite a nusance, certainly haven't heard anything encouraging with respect to it's temper.

Anyhow, and here lies my question. I'm taken it out of my start-up programs, deleted it from the registry and several underlying sub-directories. I've blocked it from my browsers, deleted it as an add-on/browser extension and wiped all the cookies clean, it does however still exist in the title bar of internet explore but the page doesn't load becauuse of the block. I also got an unwanted pop up yesterday which shows it can still rear it's ugly head. But the fact that the link is present in the search bar makes it impossible to use the browser, this is the link: search[dot]iminent[dot]com / ? appId = E9809F5C-7C0A-485D-8559-0727196A76C5 It is no longer effecting Chrome or Firefox. Seamonkey, which is my main browser, never had any alterations or redirects, only cookies showed up originally which I've since blocked, it does not seem to have effected Seamonkey.

At any rate here is my question, I found a plausable last bit of clean up within' the registry but am a tad confused. I've included the screen shots 'CLSID', 'Elevated Policy', and 'TypeLib'. The instuctions are to remove 'random numbers' in those directories, well as you can see there are tons of random numbers, I certainly am unwilling to delete all of them at risk of really sinking the ship. I think it's safe to say the link is called from this string 'E9809F5C-7C0A-485D-8559-0727196A76C5', however I can't locate that within' the registry.

Just looking for some thoughts on the matter, I'm certain everyones gone through a trick bag like this at some point. Problem is finding on-line help is really hard, the majority of the fix's are scams to get you to buy removal tools that may or may not work. In the meantime, fuck Cnet, what a bullshit site.

[RawAlex]

Let me help you out:

http://lmgtfy.com/?q=search+iminent+virus

"end".

[housekeeper]

Quote:

Originally Posted by RawAlex

Let me help you out:

http://lmgtfy.com/?q=search+iminent+virus

"end".

Thank you RawAlex, of the ten listings I've already been to half of them on the results page. The teesupport is where I got the current info I posted here, I don't feel too impacted by the mess that still present on my machine but feel certain if I could just pin point the remaining dirt on my registry I'd be cool. Those google search results 9 times out of 10 lead you to sites that are simply trying to sell you removal tools, which may or may not work.

I'll continue to search with more specific registry related results, thanks again for your response. I'll look at those links that I didn't check yet from my many google searches that I've already done.

[helix]

You could roll back to a previous restore point.

[RawAlex]

I would also say that your anti-virus company should have specific details about the virus, if not when you first spotted it, then shortly thereafter.

Most of the ways to remove the most stubborn of infections is to boot from CD or memory key rather than hard drive, using boot software provided by the AV companies. At that point, the programs and "re-inject" methods are not running, and the hard drive can be much more easily cleared.

[housekeeper]

[quot=helix]You could roll back to a previous restore point.[/quote]
Tried that early on and got the popular 'Access is denied. (0x80070005)', searched that one to death and couldn't find an appropriate fix

Quote:

Originally Posted by RawAlex

Most of the ways to remove the most stubborn of infections is to boot from CD or memory key rather than hard drive, using boot software provided by the AV companies. At that point, the programs and "re-inject" methods are not running, and the hard drive can be much more easily cleared.

Not certain how to do that, I ran several antivirus tools but none detected it. Iminent seems to be a popular one based on the search results and the amount of people that have been infected by it. But if you antivirus companies had all the cures they wouldn't have anything extra to charge ya for.

At any rate, I went in and found a folder by way of 'AllUsersProfiles', deleted the DAT file, I at least have a sense that it's gone. I can't find anything resembling it in any of the places that I've dug up, and I've dug up them all. I'm also not getting any pop ups or other inconsistency from my overall system, there wasn't a lot to begin with and that could be attributed to the fact that Seamonkey is my primary browser. I'll certainly be willing to try more tests or dig a little deeper for a greater piece of mind. But again I'd like to say, "fuck Cnet!" That's where I got this shit, and they could give a rats ass about who gets infected and with what, fuck 'em.