[froggymorning]

[quote=jaguarsfan]The XXXToolbar has appeared in my Add/Remove Programs List. I have uninstalled the IHatePops and Pest Control from my computer. I have tried to remove the XXXToolbar and it won't let me. I am frustrated.


[quote=jaguarsfan]The XXXToolbar has appeared in my Add/Remove Programs List. I have uninstalled the IHatePops and Pest Control from my computer. I have tried to remove the XXXToolbar and it won't let me. [unquote]

I successfully got rid of an XXXToolbar that came in with Istbar browser Hijack. Adaware didn't locate it on my system, Spybot S&D didn't either, though it did find Backweb which I got from the same website. I downloaded SpyHunter and paid for it, because SpyHunter found all the problems, and stopped running them. However, Spyhunter did not find the hidden executable that reinstalled XXXtoolbar at every start up. I tried Symantec's removal tool, but it only takes care of a different type of XXXtoolbar attack. After getting rid of any unfamiliar process I didn't recognize with Hijackthis, uninstalling every unneccessary program and .dll and manually picking through my registry for a few hours, I was still stumped, and XXXToolbar was still reinstalling at every reboot!

Finally I found out how the Toolbar had come in, by searching through all changes to my computer in the last 24 hours. It had come in on an 'update' to Windows Media Player. This was particularly troublesome because while browsing, I received an icon in my system tray that was very similar to the Microsoft automatic updates icon, and a message that said updates were available, that was almost identical to Microsoft's automatic updates message! Like me, many people have set their preferences to receive microsoft's many necessary security patches automatically. Making this type of attack particularly effective. And thus I myself installed this phony, hostile update to Windows Media player that brought in XXXToolbar. The only fix was to uninstall Windows Media Player. It may be possible to rollback to the original Windows Media Player version, but I did a total uninstall and reinstalled direct from MSN. XXXToolbar free.

I know longer trust any auto notices for 'updates' but cancel any notices of updates. Then I check for updates myself. SpyHunter, Adaware and SpybotS&D are a little behind on this new attack.

I've seen several responses to XXXToolbar attacks that work as they were designed, but it looks like they are single type of attack specific. XXXToolbar is very effective at attacking through many different means and it looks like they have developers who are continually being creative with new means of attack. Try Symantec's removal tool and every other means of removal you can search for to see if those address your specific type of attack. Uninstall Windows Media player from Control Panel/Add and remove programs and hopefully you don't have something new from XXXtoolbar that hasn't been found yet.