Slashdot Mirror

← Back to Stories (view on slashdot.org)

Removing Burstabit Spyware?

Posted by Cliff on from the getting-rid-of-pesky-programs dept.

Webbsurfer asks: "I recently returned home from school from winter break, and discovered a good chunk of spyware on my parent's computer. I've ran ad-aware and cleared out the obvious P2P programs, but there's one I can't seem to get rid of. It generates pop-up ads, which come from the burstabit.com domain. Any ideas who these guys are and how to get rid of their junk?"

14 of 40 comments (clear)

  1. What OS? by TC+(WC) · · Score: 2

    You can just point the offending domain name to localhost so that it can't actually grab any of the banner ads. How you go about this depends on what OS you're running.

    1. Re:What OS? by GimmeFuel · · Score: 5, Informative
      Given that the question talks about parents who don't sound very computer literate and P2P programs, I'd assume it's some flavor of Windows. Try to find a "hosts" file (no extension) in C:\WINDOWS\ or a subdirectory (I also found it in C:\WINDOWS\SYSTEM32\DRIVERS\etc). Open it with notepad and add on a new line:

      127.0.0.1 burstabit.com

      This means that whenever the system tries to connect to burstabit.com, it'll skip the DNS lookup and connect to 127.0.0.1, which is your computer. This'll hopefully stop the spyware.

      --
      live(free) || die;
  2. Browser Help Object by TheSHAD0W · · Score: 5, Informative

    Aside from the program folder, a lot of spyware hides in the list of Browser Help Objects. Do a net search for "BHO Cop". (That utility, by PC Magazine, was withdrawn from general distribution, but can be found here and there, and there are other utilities that do the same thing.)

    1. Re:Browser Help Object by TheSHAD0W · · Score: 4, Informative

      Here's a page at spywareinfo.com with a number of utilities for cleaning up Browser Help Objects and other forms of spyware. I recommend it.

  3. Too bad... by sporty · · Score: 2

    Too bad you didn't make the offending domain a hyperlink. I'm sure they would have loved the slashdotting. Think of the irony of it. You can't use your parent's computer because of burstabit, but burstabit couldn't use their own servers because of you :)

    Yes, might doesn't make right.. blah blah blah, but three lefts do. :P

    --

    -
    ping -f 255.255.255.255 # if only

  4. Get Spybot by Anonymous Coward · · Score: 2, Informative

    Ad-Aware hasn't updated their reference files since late September. Do yourself a favor and grab Spybot [http://security.kolla.de/].

  5. Check the registry by Ziktar · · Score: 3, Informative

    I'd use BHO Cop as suggested in a previous post, but more than likely it's just in one of the Run keys in the registry. You can either launch regedit and browse to the run keys, or use msconfig's startup tab to delete all the unneccessary crap.

  6. Tsk-tsk by MacAndrew · · Score: 3, Funny

    Is this really how your parents are making you spend your vacation? ;-)

    Curiosity: Did your parents sign off on the installation of all of the spyware? If so, why, if not, how did it arrive?

    Happy Hunting -- and Holidays.

    1. Re:Tsk-tsk by MacAndrew · · Score: 2

      No, not "just as"; and for the Mac OS spy curious.

  7. Re:The one that annoyed me by einTier · · Score: 3, Informative
    I've used a computer 'infected' with lop.com. One of the worst things I've ever seen. I couldn't figure out how to get rid of it either, I had to eventually just format the thing and just start over.


    Tons of pop-ups, a lot of mis-redirection back to lop.com (like trying to go to google.com), and all kinds of "helper" lop.com applications. I'd love to know how to get rid of it if I ever run across it again.

    --
    -------------------------------------------------- $665.95 -- retail price of the beast.
  8. Re:The one that annoyed me by babbage · · Score: 3, Informative
    Unfortunately, considering the ways these spyware programs are written, their "official" uninstall instructions are unlikely to be enough. What to do? Google to the rescue! Their new webquotes beta service -- which shows you [a] the URL it thinks you're looking for, and [b] *what other pages say about that URL* -- is exactly what you need here. Follow that link and you'll find several explanations of how Lop works & how to remove it, and you don't have to take their "official" word for it.

    Google rules. Well, usually -- they're not turning up any hits for Burstabit yet, though I'm sure this article will itself become part of their index before too long. Not that that Google reference helps the person who submitted this story in the first place...

    --
    DO NOT LEAVE IT IS NOT REAL
  9. Careful clicking on that link by Moses+Lawn · · Score: 2

    God DAMN that's nasty. I'd forgotten I'd enabled popups. That hit me with 8 or 9 copies before I could hit escape.

    What do they do - put newWindow(this) in the onLoad handler? (Note: preceeding was not necessarily valid, or even, reasonable, Javascript)

    --

    What if life is just a side effect of some other process and God has no idea we exist?

  10. regedit by Gothmolly · · Score: 2

    It's easy on a Win box. Run regedit (or equivalent) and look for the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu rr entVersion\Run

    and see what gets kicked off when the system starts. Delete the entries you don't want. Done.

    Moderation Totals: +3, Obvious

    --
    I want to delete my account but Slashdot doesn't allow it.
  11. the quickest surest way by /dev/trash · · Score: 2

    Backup. Fdisk. Reinstall.