Surferbar Removal
Instructions and Help

What is SurferBar?
Surferbar is an Internet Explorer toolbar that might be associated with a new version of a trojan horse program called AFlooder. It appears to be an ActiveX drive-by download.  The SurferBar is also known as AdPlus/AdBar, it sets your homepage to their website along with displaying popup ads.

Today (September 3rd, 2003) Symantec and TrendMicro have both reported discovering this trojan, TrendMicro is calling it the JunkSurf.A trojan.

Based upon visitors comments, I have added information about a 2nd variation of surferbar and instructions on removing it today - September 9, 2003.

This worm exploits another security hole in Internet Explorer that needs to be patched. Two vulnerabilities, the most serious of which could enable an attacker to run arbitrary code on a user’s system if the user either browsed to a hostile Web site or opened a specially crafted HTML-based email message are patched by this update. You can download the update at the following location:

Information about the security hole in Internet Explorer
http://www.microsoft.com/security/security_bulletins/ms03-032.asp

Download the patch for this security hole
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp

According to a post in SpywareInfo.com:

The new AFlooder is an irc trojan/spybot that uses worm techniques to spread to machines via web pages. It is apparently coded to have qualities of remote access trojans, IRC bots, keyloggers, and even seems to have the capability to carry out DDoS attacks if the owner orders it to. I just a few moments ago heard from a fellow at BOclean that it's a spambot too. It uses an exploit to write and execute its' injector program to machines without the user's acceptance or knowledge, then it uses NTFS's alternate file streams to hide itself where there's very little chance of finding it -- in the actual windows folder system32. On my system, the injector was made up of two files stored in Windows/system32, ezluu.exe and ezluu.dll. This may be randomly selected -- unfortunately I dumped them before I realized I was really infected. If anyone can clarify this, please let me know, and if you have copies of this, definitely let me know as I am collecting "evidence" of this worm at work.

You can determine whether your system is infected by either running Hijack This or by using regedit and navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

If you see an key with similar content to the below, you should also have one in RunOnce. Mind you, the letters can be any seven letter combination -- it's randomly selected upon infection and stays constant throughout.

BoClean seems to already be updated to remove this trojan file.

How do I Remove SurferBar?

Follow these steps in removing the Surferbar toolbar. To complete these steps you may have to Start in Safe Mode, however by terminating the running program you should be able to complete the steps normally.

1) Terminate the running program

  • Open the Windows Task Manager by either pressing CTRL+ALT+DEL on Win9x machines or CTL+Shift+Tab and clicking on the Processes tab on WinNT/2000/XP machines.
  • Locate the following program, click on it and End Task or End Process

winsrv32.exe
or
wins32.exe (2nd variation)

  • Close Task Manager

2) Remove the Registry entries

  • Click on Start, Run, Regedit
  • In the left panel go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

  • In the right panel, right-click and delete the following entry

    c:\program files\winsrv32.exe
    or
    c:\program files\wins32.exe

  • Close the Registry Editor

3) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well).

  • Click Start, point to Find or Search, and then click Files or Folders.
  • Make sure that "Look in" is set to (C:\WINDOWS).
  • In the "Named" or "Search for..." box, type, or copy and paste, the file names:
    win32.dll (in the Program Files directory)

    winsrv32.exe (in the Program Files directory)
    drg.exe (in the root directory)


    or

    win32.dll (in the Program Files directory)
    wins32.exe (in the Program Files directory)
    sfbar.exe (in the root directory)

  • Click Find Now or Search Now.
  • Delete the displayed files.

4) Change your default Internet home page in Internet Explorer:

  • Open Internet Explorer
  • Click on Tools
  • Click on Internet Options
  • Click in the Homepage section and reset your homepage to whatever page you would like
  • Click OK

5) Open Regedit and search for registry keys containing "surferbar", "adplus", and "adbar", and delete these keys.

This should remove SurferBar from your computer.

 


Printer Friendly Version of This Page






Bookmark and Share this Article on PCHELL with these Social Networks:


Removal Instructions for Other Programs

Spyware Removal and Other Resources

Essential Tools for Removing Spyware, Adware, and Malware

Rootkit Removal Tools and Help

How to Delete Undeleteable Files

Review of Free Registry Cleaner

How to Manually Run the Microsoft Malicious Software Removal Tool

Review of WinsockFix

How to Remove Windows Diagnostic or Windows Restore malware

Review of SuperAntiSpyware

How to Remove SurferBar

How to Remove Starware

Bargain Buddy Removal Instructions and Help

Bonzi Buddy Removal

Click2FindNow and I-Lookup Removal

Comet Cursor Removal

Electronic Greeting Card Virus - MSDATAACCESS.EXE Removal Instructions and Help

Date Manager Removal

Powered by Zedo Popup Ad Removal Instructions and Help

Search and Destroy Removal Instructions and Help

Spyaxe, Spy Trooper, Spy Sheriff, Brave Sentry and Similar Removal Instructions and Help

TheSpyBot Removal Instructions and Help

Spam Blocker Utility Removal Instructions and Help

DriveCleaner Removal Instructions and Help

Alfacleaner Removal Instructions and Help

Spylocked Removal Instructions and Help

AntivirusGolden Removal Instructions and Help

VirusProtectPro Removal Instructions and Help

UltimateDefender and UltimateCleaner 2007 Removal Instructions and Help

VirusRescue Removal Instructions and Help

PestCapture Removal Instructions and Help

SystemDoctor 2006 Removal Instructions and Help

How to Fix Task Manager disabled by your Administrator

How to Fix Problem Changing Desktop Wallpaper

How to Remove SmitFraud Variants like WinAntivirus Pro 2007 and PestCapture

SurfSideKick Removal Instructions and Help

How to Remove Zango Search Assistant and Toolbar

How to Remove Alot Toolbar

About:Blank Homepage Hijacker Removal Instructions and Help

Kazaa Removal Instructions and Help

How to Disable Windows XP Security Alert Balloons and Notifications

res://random.dll Homepage Hijacker Removal Instructions and Help

IBIS Web Search (websearch.com) Removal Instructions and Help

Open Search Web (Lop.com) Removal Instructions and Help

UPDMGR.EXE Removal Instructions and Help

FCADVICE.EXE Removal Instructions and Help

U3 Smart Drives - What are they and how to remove U3

Dubolom.com Homepage Hijacker Removal Instructions and Help

DSO Exploit Removal Instructions and Help

FastSearch.cc Homepage Hijacker Removal Instructions and Help

My Web Search Removal Instructions and Help

Cursor Mania Removal Instructions and Help

Fun Buddy Icons Removal Instructions and Help

Smiley Central Removal Instructions and Help

My Mail Stamps Removal Instructions and Help

My Mail Stationery Removal Instructions and Help

My Mail Signatures Removal Instructions and Help

Fun Web Products Popular Screensavers Removal Instructions and Help

Webfetti Removal Instructions and Help

What is PDF Spam and Does it Contain Viruses

Gator Software Removal

Hugesearch.net Homepage Hijacker Removal Instructions and Help

Search-Space.com and Start-Space.com Homepage Hijacker Removal Instructions and Help

How to Remove Global-Finder.com Homepage Hijacker

Globaltoolbar Removal

GoHip Software Removal

HotBar Toolbar Removal

Huntbar and Search Toolbar Info and Removal

Look2Me Removal Instructions and Help

Lookfor.cc (res://mshp.dll/index.html) Homepage Hijacker Removal Instructions and Help

MaximumSearch.net Homepage Hijacker Removal Instructions and Help

Ncase Removal Instructions and Help

People OnPage Toolbar Info and Removal

Precision Time Removal

Prolivation.com Removal

SaveNow and NewDotNet Removal

SearchMyRequest.com Homepage Hijacker Removal Instructions and Help

Smartsearch.ws Homepage Hijacker Removal Instructions and Help

SysUpd.exe (TSCash) Removal Instructions and Help

Ezula TopText (yellow underlined links) Removal Instructions and Help

How to Remove SpeedBlaster and MemoryMeter

TopRebates and WebRebates Removal Instructions and Help

Twaintec.dll Removal Instructions and Help

Viewpoint Removal Instructions and Help

WeatherBug Removal

WildTangent Removal Instructions and Help

WinTools Removal Instructions and Help

Xupiter Removal

Xzoomy.com Removal

ZY Web Search (db105.com) Removal

space.gif (58 bytes)

 

Search PCHell.com



 




Tools for Removing Spyware, Adware, and Malware


PC HELL
Other Pages

Spyware/Adware Removal Help

MSBlast.exe Worm Removal

Welchia (Dllhost.exe and SVCHost.exe) Worm Removal

Uninstall McAfee Instructions

Uninstall Norton Instructions

Uninstall Avast Instructions

Uninstall AVG Instructions

Uninstall Antivir Instructions

Uninstall Panda Instructions

How to Manually Run the Microsoft Malicious Software Removal Tool

Bloodhound.Exploit.6 Virus Removal

MyDoom Virus Removal

MiMail.C Virus Removal

Swen Worm Virus Removal

SoBig.F Worm Removal

Dumaru Virus Removal

BugBear.B Worm Removal

SoBig.E Worm Removal

Pop Up Ad Removal Info

KAK Worm Removal

MiMail.A Worm Removal

W95.MTX Virus Removal

Snow White Virus Removal

BadTrans Trojan Removal

Wininit Virus (Bymer Trojan)

Happy99 Worm Removal

VBS Netlog Worm Removal

Pretty Park Worm Removal

Sasser Worm Virus Removal

Backdoor SDBot.H Trojan Removal

VBS.Loveletter Help

Computer Security Information

Back Orifice Information

PC HELL Main Page

 






iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad



Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.



Written by Mark Hasting

Recommended Software for PC Hell Visitors
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
iolo System Mechanic® - Fix, Speed Up Your PC
iolo System Mechanic®
Emsisoft Anti Malware
Emsisoft Anti Malware
space.gif (58 bytes)

Search PCHELL.COM

Return to PC Hell
Return to PC Hell

Google