Spyware and Adware Threats

You are here: HOME > COMPUTER > ANTIVIRUS

Spyware.ISearch Reported: May 24, 2007

Description: Spyware.ISearch is a Browser Helper Object (BHO) that installs as a toolbar. It monitors users web browsing habit and sends data on the remote server. Threat Level: High Type: Spyware Systems Affected: Windows All

HOW TO REMOVE Spyware.ISearch:

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]

4. Unregister the .dll file
- Click Start > Run.
- Type, or copy and paste, the following text: regsvr32 /u "%System%\toolbar.dll"
- then click OK.
- If a dialog box confirming this action appears, click OK.

5. Uninstall the security risk
This security risk includes an uninstallation applet. In order to uninstall this security risk, complete the following instructions:

- Click Start > Settings > Control Panel or Start > Control Panel (this varies with the operating system).
- In the Control Panel window, double-click Add/Remove Programs.
- Click iSearch Toolbar 1.0.
- Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

6. Open AntiVirus software and run a full system scan and clean/delete all infected files

7. Find and delete the following files:

%Windir%\unins000.exe
%Windir%\unins000.dat
%System%\toolbar.dll
%System%\version.txt
%UserProfile%\Local Settings\Temp\idcs50202.exe

8. Delete/Modify any values added to the registry. [how to edit registry]

Navigate to and delete the following subkeys if they exist:
HKEY_CLASSES_ROOT\CLSID\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects
\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_CLASSES_ROOT\iSearch.Object
HKEY_CLASSES_ROOT\iSearch.Object.1
HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects
\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\Software\In3rd
HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Uninstall
\iSearch Toolbar_is1
HKEY_CURRENT_USER\Software\iSearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
\WebBrowser\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
\URLSearchHooks\{1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
\&iSearch The Web

Navigate to the subkey and restore the value if necessary:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

From:
"Btn_Search" = "2"
"NoDriveTypeAutoRun" = "91"
"SpecifyDefaultButtons" = "1"

To:
"Btn_Search" = "0"
"NoDriveTypeAutoRun" = "0"
"SpecifyDefaultButtons" = "0"

9. Exit registry editor and restart the computer.

10. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

FREE ON-LINE VIRUS SCANNER:

Click here to proceed

SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware