AntiSpyware Beta 1 – Removing stlbdist.dll

Big courtesy to Andy Manchesta for this:

And yes, its a whole lot of information, but very valuable:

This File comes from Cash Toolbar’s Company (browseraid.com), Most seemed to be stealth installed (letssearch.com) will install a variant if your IE security settings are not set high enough

 

There’s many Variants coming from this company but if it’s just the StlbDist file then it’s a Simple toolbar but does have a search & homepage hijacking function.

 

First check for these:

 

Open the Control Panel’s ‘Add/Remove Programs’ function.

Check and remove any entries called

‘BrowserAid’

‘CashToolbar’

‘Web Toolbar’

‘BrowserPal’ 

 

There are loads of variants and possible entries but I will just list the values for stlbdist for now, unless you find the above names in add/remove then I can give you them also.

 

Open the registry (click ‘Start’, choose ‘Run’ and Enter ‘regedit’), and find the key

 

If you haven’t used regedit before then just take your time First go to HKEY_LOCAL_MACHINE click the plus(+) next to it then find SOFTWARE and click the plus + next to it Then to Microsoft and the + and so on until you get to the Run Folder then in the right pane check for this entry

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘{2CF0B992-5EEB-4143-99C0-5297EF71F444}’ entry.

 

Open a DOS command prompt window (from Start->Programs->Accessories) and enter:

 

First copy and paste this first line into the command prompt

 

cd "%WinDir%\System"

 

Then press enter and then copy and paste this second line in.

 

regsvr32 /u stlbdist.dll

 

Restart the machine and then delete the files stlbdist.dll and stlbdist.xml in the System folder

(which is inside the Windows folder, and called ‘System32’ under Windows NT, 2000 and XP).

 

That will be gone then.

 

While I am posting on this I wanted to add this about this company and the tactics they are using to trick users.

 _____________________

Note***  This is a bogus warning sent to users to visit a site to get Microsoft Patches ***

 

WINDOWS SECURITY WARNING!!

 

A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. IN ORDER FOR YOUR COMPUTER NOT

TO CRASH YOU WILL NEED TO GO TO:

 

http://WWW.WINDOWSUPDATENOW.COM

 

AND IT WILL AUTOMATICALLY UPDATE YOUR COMPUTERS SECURITY PATCHES.

 

SIMPLY TYPE IN HTTP://WWW.WINDOWSUPDATENOW.COM INTO YOUR BROWSER. OTHERWISE YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY.

 

And they got sued by Microsoft for this scam

 

Daniel Khoshnood from California ran a pair of spam campaigns to coax consumers into running a toolbar which claimed to automatically download Microsoft’s latest security patches from a site called "Windowsupdatenow.com".

 

In reality, the toolbar loaded a utility called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads.

 

The scam came to light after MSN users complained about the bogus emails. Redmond in turn sent its lawyers after Khoshnood and two companies he ran (Pointcom and Joshua-than Investments).

 

Again, a big thanks to Andy

Leave a comment

Filed under Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s