Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Removing Burstabit Spyware? 40

Webbsurfer asks: "I recently returned home from school from winter break, and discovered a good chunk of spyware on my parent's computer. I've ran ad-aware and cleared out the obvious P2P programs, but there's one I can't seem to get rid of. It generates pop-up ads, which come from the domain. Any ideas who these guys are and how to get rid of their junk?"
This discussion has been archived. No new comments can be posted.

Removing Burstabit Spyware?

Comments Filter:
  • You can just point the offending domain name to localhost so that it can't actually grab any of the banner ads. How you go about this depends on what OS you're running.
    • Re:What OS? (Score:5, Informative)

      by GimmeFuel ( 589906 ) on Tuesday December 24, 2002 @08:42PM (#4955169) Homepage
      Given that the question talks about parents who don't sound very computer literate and P2P programs, I'd assume it's some flavor of Windows. Try to find a "hosts" file (no extension) in C:\WINDOWS\ or a subdirectory (I also found it in C:\WINDOWS\SYSTEM32\DRIVERS\etc). Open it with notepad and add on a new line:

      This means that whenever the system tries to connect to, it'll skip the DNS lookup and connect to, which is your computer. This'll hopefully stop the spyware.

      • This could very well be a virus which utilized one of the many zillions of ways to exploit internet explorer. My parents had a rogue web page install another javascript time triggered web page into the registry to start at boot, and bring up ads at random intervals.
  • Browser Help Object (Score:5, Informative)

    by TheSHAD0W ( 258774 ) on Tuesday December 24, 2002 @08:20PM (#4955107) Homepage
    Aside from the program folder, a lot of spyware hides in the list of Browser Help Objects. Do a net search for "BHO Cop". (That utility, by PC Magazine, was withdrawn from general distribution, but can be found here and there, and there are other utilities that do the same thing.)
  • Assuming you're running Windows, I'd just run regedit and search for burstabit. Delete everything that comes up, unless you can find a compelling reason not to.
  • Too bad you didn't make the offending domain a hyperlink. I'm sure they would have loved the slashdotting. Think of the irony of it. You can't use your parent's computer because of burstabit, but burstabit couldn't use their own servers because of you :)

    Yes, might doesn't make right.. blah blah blah, but three lefts do. :P
  • Try adding the domain to the HOSTS file, do a search and you will find it. Add something like this:
  • Get Spybot (Score:2, Informative)

    by Anonymous Coward
    Ad-Aware hasn't updated their reference files since late September. Do yourself a favor and grab Spybot [].
  • Check the registry (Score:3, Informative)

    by Ziktar ( 196669 ) on Tuesday December 24, 2002 @09:09PM (#4955244)
    I'd use BHO Cop as suggested in a previous post, but more than likely it's just in one of the Run keys in the registry. You can either launch regedit and browse to the run keys, or use msconfig's startup tab to delete all the unneccessary crap.
  • Tsk-tsk (Score:3, Funny)

    by MacAndrew ( 463832 ) on Tuesday December 24, 2002 @09:28PM (#4955295) Homepage
    Is this really how your parents are making you spend your vacation? ;-)

    Curiosity: Did your parents sign off on the installation of all of the spyware? If so, why, if not, how did it arrive?

    Happy Hunting -- and Holidays.
  • Then they won't have that problem.
    • "Sooonny! What's a segfault? And what's a root?"
    • Then they won't have that problem.

      and they wont have a computer usable by them either. are *you* gonna take thier calls day in and day out? when your trying to work/study/mac on a chick?

      Linux is not for parents or your grandma. Apples or windows are more suited for them. Linux is for you (not for me; i'll stick with BSD).

      when will you people learn this? and the REAL statistics of TCO/TCA that occompanies OSS (ANY flavour)
  • It's easy on a Win box. Run regedit (or equivalent) and look for the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu rr entVersion\Run

    and see what gets kicked off when the system starts. Delete the entries you don't want. Done.

    Moderation Totals: +3, Obvious
  • Backup. Fdisk. Reinstall.

"This is lemma 1.1. We start a new chapter so the numbers all go back to one." -- Prof. Seager, C&O 351