Agent M wrote:Had an interesting problem recently with searching on Yahoo and Google, found other people that had the same problem in other forums but not any real solutions. Eventually solved the problem and thought I would just post the solution here.
Problem:
The problem is descibed and even shown using an image here: http://www.nerdhelp.com/forums/showthread.php?t=4826
Basically no matter what the search is your doing it will inject false results in the top 3 or 4 positions.
Solution:
Its basically some form of adware, and was able to hunt down the source of the problem using spybot-search&destroy. It probably was caused by blazefind, either the toolbar or website, not sure how I ended up with it, but it is installed as a browser helper object.
To remove the problem you need to delete some keys from the registry as well as one or more files.
Deleting ANYTHING from the registry is not recommended if you don't know what your doing, for example if you don't even know what the registry is , then probably best you don't mess with it, as doing so could cause data loss or even render your operating system non-functional, instead get someone who does know what they are doing ( for example an I.T professional ).
ok, here we go...first open up the registry, the key you are looking for is {83DE62E0-5805-11D8-9B25-00E04C60FAF2} .
This will probably be found in the following places:
HKEY_CLASSES_ROOT\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2}
In the left hand pane delete those keys. I also did a search using edit>find in the menu bar....then just simply copying and pasting the key {83DE62E0-5805-11D8-9B25-00E04C60FAF2} into the box and click find...just to ensure there are no other instances of it.
Once you have done this you will need to delete one or more files. The files are listed below, if you can't delete any of them, then it just means that you need to reboot your system after deleting the keys from the registry. Once you have rebooted then try deleting them again.
The files are as follows ( assuming your windows dir is c:\windows ):
C:\Windows\2_0_1browserhelper2.dll
C:\Windows\UnstSA2.exe
C:\Windows\key2.txt
C:\Windows\installer2.exe ( this may or may not be the location of this file )
And finally just to be safe it is worth searching your PC for all of these files in case it places them in different locations for different operating systems, I was using XP and so the locations should be correct for that version of windows.
Any problems or questions, please feel free to ask
M
jlt123 wrote:Hi,
Thank you for the information posted above. Thank you !
On further inspection, I found that the name Kalptaru Infotech Ltd. was encoded in the .exe file.
On making a further investigation on Kalptaru Infotech Ltd. I found out that they make software like:
Hide your windows from the prying eyes, in an instant!!!
Create super selling sales pages in minutes.
The close circuit camera for your PC. The ultimate PC Spy.
Find leads, Verify Emails, Send Bulk Mails... Swiss Knife for your e-marketing needs.
Pretty much one of the 'sicko' companies we find online. Further investigation led me to see that these guys are:
User Profile, Invite User. Username: smartcoder. Name/Company: Kalptaru Infotech Ltd. Area of Expertise: XML; Windows; Website Security; ...
Can these guys be sued ? Since they do not have a removal program at all?
jlt123 wrote:Can these guys be sued ? Since they do not have a removal program at all?
Honestly I don't know???
I suppose that would depend on whether they have broken any laws or whether you can prove they are responsible for some sort of damages, but as I said, I don't know.
If your keen on that course of action it would probably be best to get legal advice, as its probably not something anyone here would be able to comment on with any sort of authority.
Glad the info helped you though
M
Fooman wrote:Thanks for posting the solutio! seems to fix the problem for me...
Agent M wrote:Fooman wrote:Thanks for posting the solutio! seems to fix the problem for me...
Your Welcome Fooman
Feel free to post any other probs you may have here
M
kalptaru wrote:Hi folks,
I am from Kalptaru Infotech Ltd and here is what I have to say...
First of all let me clarify that we are an outsourced software/product development company based in India.
We make software and products that we sell to our customers along with the source code.
Because of this our customers have complete freedom to modify the code and add features that they consider fit for their requirements.
We DO NOT PROMOTE OR DISTRIBUTE these kind of software. Perhaps if you contact Blazefind, they will confirm it too.
Secondly, since we have been getting so much heat, we have prepared a step by step instruction and precaution list for removing this and similar software.
Kindly visit http://www.a2zhelp.com/forum/forummessages.asp?id=17 and you will get detailed instructions to clean your pc and things to take care in future.
Regarding the issue of sueing us, let me inform you that we are a Public Limited Company, registered with the Govt of India and have export license for our software.
All our software is reviewed by proper audit authorities and we have a legal team that ensures that whatever we do is not illegal.
But unfortunately, we cannot control the deeds of our customers and that is what is causing this problem.
I just wanted to make our stand clear point the affected people to the proper removal procedure.
Regards
Kalptaru Infotech Ltd. Team
Agent M wrote:Thanks for the post kalptara