Results 1 to 6 of 6

Thread: Google invasion

  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Fremont
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Downloaded Google search as Microsoft is clumsy and misses. When I realized it was doing an inventory of my desktop and would only provide searches on Email and some downloads, I attempted to delete it. Despite using Control Panel, reboot and Task manager, I still have a pop up window that displays C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL and asks me to accept or cancel. I don't want the thing so I cancel, I now get a severe warning that tells me that this setting is in a key location for my operating system and not to remove it. I click on YES and then my anti-spyware program comes up and asks if I want to block. I say yes and everything is fine for about 30 seconds and the intrusion repeats.
    I gone into active programs and startup programs and deleted this entry. I t does not delete.
    How do I get rid of this thing?
    The address looks like a hidden one in C.

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Good morning Dave, welcome to the Lounge.

    I often have to stop start up programs at the registry level as many start from there.

    Several keys to look in: (Be sure to back up your registry before doing this) If you screw this up you might cause your PC to become unstable or even un-bootable so be careful and only choose the keys specified. You can look around all you want but be careful on what you modify or delete!

    Type regedit in the search box or Run command. This opens the registry editor.



    HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Run Click on Run and see if the startup for the offending Google Search is listed on the right side of the double window. If so right click the key in the right side of the window and choose delete.

    HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run Click on Run and see if the startup for the offending Google Search is listed on the right side of the double window. If so right click the key in the right side of the window and choose delete.

    HKEY_LOCAL_MACHINE/Software/Wow 6432Node/Current Version/Run Click on Run and see if the startup for the offending Google Search is listed on the right side of the double window. If so right click the key in the right side of the window and choose delete. (Note: this key is only in the 64 Bit version)

    Many apps load their startup info in these keys of your registry.

    Also check under Start/All Programss/Startup. You might find the offending app here. I might tend to check this first before delving into the registry.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Fremont
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thank you. There are no entries in those locations in the Registry. I am going to run a couple of rootkit scans and see if they bring up anything.

  4. #4
    New Lounger
    Join Date
    Jul 2010
    Location
    Brisbane, Qld, Australia
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Dave

    As the previous reply warned changes you make particularly to your registry can have the effect of making your Windows unbootable or severely unstable so making a backup of your registry before you start is highly recommended.

    If the Folder exists in Program Files but you can't delete it due to the folder/file being used/locked “Cannot delete file: It is being used by another person or program. Close any programs that might be using the file and try again” or something similar, then you can use a free tool to unlock the file so you can delete it. The tool is called Unlocker....WARNING This program will list the process/es using the file. You may find Windows becomes unstable after unlocking the file. When you restart Windows after deleting the file you may get a warning about a failure to load that file, you can proceed into windows and then you may have to use Runalyzer (see the second paragraph below) or a similar tool to find the entry and delete it.

    If you have taken note of the full file name before deleting it you can also use Regedit to search for the file name...to do so start up regedit then click on "Edit" on toolbar menu then click on "Find" then enter the file name (you shouldn't need to enter the ".dll" part of the name then click "Find Next" (you will notice 3 boxes with ticks under where you enter the file name...you can safely leave them ticked.), Regedit will start to search the registry. When it finds a match it will stop at that spot and you will need to delete or modify the entry to cut the offending data out (be very careful in doing this...if at all unsure about what you are doing get advice before proceeding) once you have cleaned that entry press F3 button and Regedit will continue to search for that name again and will stop at the next entry if it exists at which point you clean that entry....just keep repeating with F3 etc until regedit advises it has searched the entire registry.

    I use a couple of different tools to locate stubborn entries. Firstly I use Safer Networks Spybot Search and Destroy in Advanced Mode and click on the System Startup icon in the tools section (only see this entry when you use Advanced Mode). It has many of the entries that the first reply included and also a few others eg from the System.ini file. I also look under the BHO and Activex area of the Tools section to see if an entry resides there. If that doesn't work you can try another tool from Safer Networks called Runalyzer. It is much more in-depth and needs to be used extremely carefully. It has all the services, processes, BHO's etc that run on your machine in various tabs. Using Runalyzer look for the entry after it does its initial startup search...you will need to go through each section looking for the errant entry from Google. If you locate it's entry/entries delete them but make sure you are deleting the right stuff. There are other tools out there that will do a similar job to Runalyzer and I am sure you could do a search for them on the web if you don't wish to use Runaylzer.

    Hope this helps you out

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Fremont
    Posts
    8
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thank you I may still use this. For now I do not have the pop up. First I ran CC Cleaner and cleaned out my Temp Internet. Next I ran the Registry section and 'fixed' all those entries. These actions did not fix my problem. I removed a program from my Start Up by Billip using Msconfig (haven't used this program in years). When I rebooted, I got a msg saying I was running an alternate config. I unchecked the box for implementing Start Up and rebooted. I got same msg and canceled, now everything is running great. I am not sure what got infected and still need to run a rootkit revealer.
    Thanks for your time and great advice.

  6. #6
    Lounger
    Join Date
    Jun 2010
    Location
    A Texas State of Mind
    Posts
    44
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you might want to try the free REVO uninstaller it is a really good helpful product
    http://www.revouninstaller.com/revo_..._download.html
    registered Linux user:476595

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •