How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpace

BookedSpace is an Internet Explorer Browser Helper Object used to show advertising.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Variants
BookedSpace/Remanent : early variant (around July 2003) with filename rem00001.dll, controlling server 66.225.192.199.

BookedSpace/BS2 and BookedSpace/BS3 : newer revisions (August 2003) with filename bs2.dll or bs3.dll, controlling server www.bookedspace.com.

Distribution
BookedSpace/Remanent is silently installed by MThree MP3 to WAV converter. BookedSpace/BS2 is silently installed by FreeWire's FreeMP3Player. The origin of BookedSpace/BS3 is currently unknown.

Advertising
Yes. BookedSpace can contact its controlling server when a new page is visited, which may direct it to open pop-up ads.

Privacy violation
Yes. When the controlling server is contacted, the URL of the current page is passed along with a user ID for tracking purposes.

Security issues
Yes. May download and install third-party software as directed by its controlling server. BookedSpace/BS2 has been seen to install the BargainBuddy , nCase and eBates parasites.

Stability problems
Seems to stop IE address bar searches from working.

Removal
Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands, for the Remanent variant:

cd "%WinDir%System"
regsvr32 /u ".. em00001.dll"
Or, for the BS2 variant:

cd "%WinDir%System"
regsvr32 /u "..s2.dll"
Or, for the BS3 variant:

cd "%WinDir%System"
regsvr32 /u "..s3.dll"

Next, for BS2 and BS3, open the registry (click 'Start', choose 'Run', enter 'regedit'), find the key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun, and delete the entry 'BookedSpace' (BS2 variant) or 'Bsx3' (BS3 variant).

Restart the computer and you should be able to delete the 'rem00001.dll', 'bs2.dll' or 'bs3.dll' file in the Windows folder. You can also open the registry and delete the key HKEY_LOCAL_MACHINESoftwareRemanent or HKEY_LOCAL_MACHINE_SoftwareBookedSpace to clean up, if you like.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

MS Media Player GUID

Overview
MS Media Player GUID is a warning that the Window Media player may transmits an anonymous Global Uniquie IDentifier (GUID) to the streaming servers when you download content.

The following is the information given at Microsoft Security Bulletin MS01-029: "... a potential privacy vulnerability that was recently identified. This issue could be exploited by a malicious set of web sites to distinguish a user. While this issue would not by itself enable a web site to identify the user, it could enable the correlation of user information to potentially build a composite description of the user." Source

The existance of this GUID on your system may also indicated that your system does not have all critical updates and service packs installed.

Detection
Bazooka Adware and Spyware Scanner detects MS Media Player GUID. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

How to remove the GUID

Go to www.windowsupdate.com and install all critical updates and service packs. Go on with the following steps if Bazooka still reports MS Media Player GUID.

Windows Media Player 6.4 users: the privacy setting is selected via a new option, which can be reached by going to the menu item View / Options then selecting the player tab and de-selecting "Allow Internet sites to uniquely identify your player".

Windows Media Player 7.1 users: the privacy setting is toggled via the existing option under the tools menu, on the player tab and deselect the option "Allow Internet sites to uniquely identify your player". Windows Media Player 9.0 users: Click Tools -> Options -> Privacy, uncheck "Send unique Player ID to content providers."

If Bazooka still reports MS Media Player GUID, go on with the following steps.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Delete 'HKEY_CURRENT_USER Software Microsoft MediaPlayer Player Settings Client ID'.

Exit the registry editor.

Problems uninstalling? Click here.

Please support me
Thank you for using my site. Please help me to keep this site and software up-to-date.

Contact information for MS Media Player GUID's vendor In order to provide correct, accurate and updated information about MS Media Player GUID I encourage the vendor to contact me if any part of this write-up needs a revision.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

W32.Backdoor.Nibu

Overview
W32.Backdoor.Nibu is a trojan horse, with many variants. You can read more at Symantec.

Classification
Trojan Horse

Files
load32.exe, Dllreg.exe, Vxdmgr32.exe, Rundllw.exe, patch.exe, netda.exe, swchost.exe

Log references
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

Detection
Bazooka Adware and Spyware Scanner detects W32.Backdoor.Nibu. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall procedure
Please go to the anti-virus recommendation page. You can find both free products or use one of the trials to remove the virus.

Manual removal
Please follow the instructions below if you would like to remove W32.Backdoor.Nibu manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If W32.Backdoor.Nibu remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:

'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'load32', if it exists.
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
%SystemDir%swchost.exe
%SystemDir% etda.exe
%SystemDir%load32.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

FavoriteMan has many variants:

FavoriteMan/Lwz installs lwz.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/F1 installs F1.dll. Data file is SysLdr.dll. Controlling server is www.prize4all.com.
FavoriteMan/FOne
FavoriteMan/FOne is a replacement for the Lwz variant. Filename is FOne.dll, data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/Ofrg's program file is called ofrg.dll. It stores its data in a file called favboot.dll. Its controlling server is www.yourspecialoffers.com. FavoriteMan/Favorite installs favorite.dll. Data file is FavMan.dll. Controlling server is also www.yourspecialoffers.com.

FavoriteMan/SpyAssault
FavoriteMan sometimes causes IE to lock up for a variable period of time, occasionally indefinitely, when a new browser process is started. This may be something to do with its trying to contact its servers on startup. Also crashes may occur when very long URLs are used.

How to Remove FavoriteMan?

FavoriteMan/F1 and FavoriteMan/ZZ offer a removal feature: Click Start >Settings > Control Panel > Add/Remove programs, choose 'F1' or 'ZZ' and click 'Remove'.

To manually remove other variants of FavoriteMan:

Unregister FavoriteMan. Open a DOS command prompt window (Click Start > Run, type 'command'(for Windows 98/Me) or 'cmd' (for Windows 2000/XP) and enter the following commands: cd "%WinDir%System" regsvr32 /u favorite.dll

Note: Change the filename 'favorite.dll' to match the variant you have. This can be ofrg.dll, favorite.dll, lwz.dll, F1.dll, ZZ.dll, mpz300.dll, trk.dll, Gr02.dll, Aess.dll, Ss32.dll or emesx.dll; in in the case of the IMZ variant it will have a random eleven-letter filename. (eg. troallystbr.dll). You can usually find the culprit by opening the System folder choosing View->Arrange icons by->Modified, then looking near the bottom of the window.

Restarting the computer.

Delete the program file. The software can be found in the System folder. On Windows 95/98/Me this is the folder called 'System' in the Windows folder; on Windows NT, 2000 and XP it is called 'System32'. Look for one of the filenames listed above.

Delete the data file favboot.dll, FavMan.dll, SysLdr.dll, mbr32.dll, im64.dll or dlh0st.dll in the same folder (it isn't a DLL at all). Open the registry editor ( Start > Run, type regedit) , locate the key 'HKEY_CURRENT_USERSoftwareMicrosoftWindows',find and delete the entries 'Counter', 'Server' and 'Object' in it.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Online Trojan

Overview
Online Trojan changes your Internet Explorer settings.

Classification
Trojan Horse

Files
svchost.exe, msto32.dll, svchostc.exe, svchosts.exe

Log references
Log 89

Vendor
Unknown

Privacy policy
No privacy policy available.

Detection
Bazooka Adware and Spyware Scanner detects Online Trojan. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Manual removal
Please follow the instructions below if you would like to remove Online Trojan manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Online Trojan remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:
'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'Online Service', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%WinDir%svchost.exe
%WinDir%msto32.dll
%SystemDir%svchostc.exe
%SystemDir%svchosts.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Note: %WinDir% is a variable (?). By default, this is C:Windows (Windows 95/98/Me/XP) or C:WINNT (Windows NT/2000).

Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.

Nabaza.com specializes in building, designing, implementing, managing and maintaining corporate website to boost sales of your company. Email william@nabaza.com for information on functional, dynamic webpage designing with affordable packages. Subscribe for free: http://www.nabaza.com/subscribe.htm

Rebrandable ebooks, software for free
Free Advertising Space
Put Nabaza.com In your desktop

In The News:

pen paper and inkwell


cat break through


Mail Forwarding - Why Would You Do It?

First of all we need to get some terms stated.... Read More

With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions

High-tech private investigators are becoming the answer for many Internet... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

Spyware, This Time Its Personal!

First the basic definition of Spyware: It is a type... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

SCAMS ? Be Aware ? And Report When Necessary

The Internet is a vast International Network of people and... Read More

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

How to Prevent Online Identity Theft

Identity theft rates one of the fastest growing crimes in... Read More

Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

The Risk Of Electronic Fraud & Identity Theft

Electronic Fraud and Identity Theft Human beings are pretty... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Avoid Internet Theft, Fraud and Phishing

Since its birth, the Internet has grown and expanded to... Read More

How to Protect Your Child from the Internet

When the Internet first came about, it was realized it... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More

Mall Protection

The Loss Prevention Manager should be receptive to the needs... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

Burning Bridges is Bad, But Firewalls are Good

When you signed up for that ultra-fast DSL or Cable... Read More

A New Era of Computer Security

Computer security for most can be described in 2 words,... Read More

Blogs as Safe Haven for Cybercriminals?

To blog or not to blog? Well, why not? Lots... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

Technology and Techniques Used in Industrial Espionage

Industrial Espionage. These methodologies are being used on a daily... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

Backup and Save your business!

There you are busily typing away on your PC or... Read More