I downloaded Ad Aware because my son uses Kazaa and I'm having programs either trying or downloading on the computer.

I scanned the C drive and removed everything but was not able to remove: Toolbar/babeIE.dll, CNbarIE.dll, dowloadware\dw.ex (this has been trying to download on my c/p forever). So I've scanned "My Computer" and all the files and found:

Suspicious modules found:1
Suspicious keys found : 84
Suspicious folders found:3
Suspicious files found:3

#:16 : dw.exe
Warning! DOWNLOADWARE module loaded: dw.exe (C:\Program Files\DownloadWare\dw.exe)

"dw.exe" unload successfull!

Ok, my question is...Do I just delete everything? Will everything including Toolbar/babeIE.dll (What Is THis??) be removed? Thanks in advance.


:confused: :confused: :confused:

I'm not sure whether AdAware will get it all. I don't think you should just delete those files yourself. They are probably currently in use by your pc. My suggestion is to try Spybot. They update their spyware definitions frequently and I've had better results with Spybot catching small hidden components of spyware. Download it from this link and then have it check for updates before you run it. Then, have it scan for spyware and get rid of everything that has a red listing in the list.

http://spybot.eon.net.au/index.php?lang=en&page=download

Good luck!

You could search the registry for where the stuff is being run and delete those entries, reboot and then delete them. Or, reboot into safe mode and delete from there. Unlikely to be there but take a look at add/remove programs.

This page has info on dw.exe anyway:

http://cexx.org/adware.htm

dw.exe, Movie Network.exe (Downloadware / Mediacharger / Movienetworks) - Displays lots of popup ads as you surf; Mediacharger may also function as a dialer for 1-900 #s for billing of adult movie downloads. Check for removal entries in Add/Remove Programs. Some removal instructions (may or may not work?) are here. I have had reports that the program will try to deter uninstallation by telling you that doing so will mess up your browser. It is, however, bluffing.

I don't use any of that kind of stuff so can't say where to get it, but I believe there's a product called "Kazaa Lite" out there that comes without all the hostile stuff that Kazaa does.

The CN stuff is spyware called Common name toolbar, which came from downloading Kazaa.

http://www.oit.duke.edu/ats/support/spyware/kazaa.html

According to spyware sites, you should *not* try to remove it with Ad-Aware.

http://www.spywareinfo.com/newsletter/archives/december-2002/12032002.php


Try downloading Spybot from the following link and removing it.
http://security.kolla.de/index.php?lang=en&page=download

Good Luck!
-Star

Thanks everyone. I haven't done anything yet, but I'll try. I'm just really slow because I'm afraid I'll do something wrong. I had a history of crashing my other computer and had to take it in to get fixed AND I brought down the entire system where I use to work. Boss wasn't too happy. Darn kid, I knew he switched to Kazaa after using Napster, and I asked him about Cnet and other items I saw, but of course he had no idea where they came from.

I have more questions. I ran spybot and it found close to 200 offenders. Should my son not use Kazaa anymore?

Also, why are the following highlighted in red:

MS Works: autorun settings and MS Works: program file ?

Internet Explorer: Data Source object exploit ?

Is it really necessary to delete these?

Hey, I even found a gator or two lurking...:(

Originally posted by kricket
I have more questions. I ran spybot and it found close to 200 offenders. Should my son not use Kazaa anymore?

Also, why are the following highlighted in red:
MS Works: autorun settings and MS Works: program file ?
Internet Explorer: Data Source object exploit ?
Is it really necessary to delete these?
Hey, I even found a gator or two lurking...:(

While many many people use programs like Kazaa to share files, remember that not all files that are being passed around are legal. Also, depending on what types of files are being shared, the use of Kazaa may leave your pc vulnerable to viruses or malicious stuff like spyware. You should probably weigh the risks and rewards with your son to see if it's a program you want running on your home pc.

Those other two red highlighted warnings that Spybot found are vulnerabilities that could be used to hack your pc. The chances of them really being a problem are slim though. I don't use MS Works, so I'm not sure if removing that problem will affect your program. You can probably leave that one unchecked. The Internet Explorer exploit is safe to remove without losing any functionality of Explorer.

I have another question. This morning I stated up my computer. I was not able to remove several items through spybot and was going to rerun it on restart, well I believe it was the backweb lite error that came up, (this is one of the directorys I couldn't remove entirely). And then I automatically went to a "Windows Online Crash Analysis" screen about a device driver causing this problem.

Why is this happening after I deleted most of the offenders. Did I mess up something, as usual? :(

That's odd. Did it tell you which device or which driver was affected?

I don't remember. I know Kazaa kept trying to load on startup and the "backweb lite" popped up, I don't remember what it said because I was starting to panic, and it kept asking me to send an error report. I don't usually, but I had to click yes because it kept popping up. I guess I'll have to wait and restart it again and pay attention? I'm don't know if I should try again to purge the remaining highlited items in spybot?

Ohhhh
It's probably because of Kazaa then. I didn't realize it was loading for you at startup. Looks like when spybot removed the backweb stuff (which was attached to kazaa) it disabled part of the kazaa program. If you remove Kazaa from your startup menu it should help. You could just uninstall Kazaa and see if that takes care of the problem. Or, try this to get rid of Kazaa at startup without uninstalling it:

go to Start
Programs
Accessories
System Tools
and select System Information

You should have a help/support screen up at this point
there will be a dropdown menu called "tools".
Go to Tools, then select system configuration Utility.
Now select the checkbox next to "selective startup"
Then click on the tab that says "Startup" and uncheck the boxes next to anything named Kazaa or backweb. Hit apply then ok.

Now you can close the help/support screen and restart. That should get rid at least part of the problem. I would try this procedure before running spybot again.

Thank you for your help. My son wasn't happy with me for messing with his kazaa and downloaded it again and said "why don't you just leave everything alone". hmmmmm. Apparently when I went through ad aware and cleaned up, he had to download kazaa again. Same thing with spybot. I was just trying to help.

We disabled it on start up and I'll restart a little later and see what happens. ;)

I just restarted and everything is back to normal except I still get the "invalid Backweb application ID 137903" notification."

i have winmx and i don't have a problem with it i have heard there is alot of people complaning about the other one

What I did was delete everything that was highlighted in red, which is what I shouldn't have. Some files were related to my son's kazaa, which he had to reinstall, and some were related to my HP that was installed on my computer when I bought it, thus the backweb error. I also think it did something to my firewall. I can't restore the backup because I uninstalled the spybot program, darn. So I really hope I can live with the changes I made. Sometimes I'm just a dummy and do things without thinking. :(

:(

No, you're not a dummy Hon.
Spyware is just a pain in the butt.

The HP software could be reinstalled. HP provides downloads of nearly all their stuff at the website.
http://welcome.hp.com/country/us/eng/support.html

Do you know if it's a driver for your HP or was it that crummy home delivery software they won't support anymore?

I find that adaware is safe to delete everything it finds, spybot requires careful review of what it finds. If you are unsure, do not delete it. Don't blame yourself, this stuff is complex.

Laura, I have no idea. On start up I would get the backweb shadow (which is under my startup file as hp center UI). It was a thin black toolbar at the top and I never used it. I have XP. I always closed it. Now on start up I get the error box pop up about 4 times, but I just close it. It's not a big pain at all, just a reminder I screwed something up again.

But I do have a question. I have McAfee virus scan and when I check the security status it says:

system scan: active
download and email scan: active
internet filter: disabled
HAWK for outlook: disabled

And it says virus definitions created: 1/29/03. The same day I ran spybot. Maybe I'm being paranoid, but does this look okay to you? Should the filter be disabled? Thanks for any imput.

If you use Outlook for your email then you should definately enable that option. I personally don't use the "internet filters" available with most of the antivirus programs available- I find that they slow my connection considerably. But, if you were using that option previously, you should definately re-enable that option as well. I wouldn't worry too much about the date of the virus definitions if you're using the autoupdate feature.

I did a little search for the backweb application. Take a look at this support thread:

http://bizforums.itrc.hp.com/cm/QuestionAnswer/0,,0xf9cc35067c18d6118ff40090279cd0f9,00.html

It really sounds as if this is an ongoing problem for many people. From the info I've seen on other sites, the only thing the "HP center UI" affects is HP auto updates (though some have reported problems with windows update after removing backweb).

You can remove the "HP center UI" from startup to prevent the startup problem. It just annoys the hell out of me that companies like this include embedded spyware in there systems! Logitech also has some questionable stuff bundled with the wireless keyboard and mouse many of us won. It's my policy that if a company can only give vague and veiled explanations of what a programs purpose is then I probably don't want or need it anyway.

One more suggestion. If the Spybot folder is still on your pc (it would probably be in the "program files" directory) you may be able to reinstall it and restore the old backup. Take a look for that folder!

I'm really sorry you're having so much trouble :(

Thanks for the link. I don't know if I did this right but yesterday I reinstalled spybot thinking maybe the info was still on my computer. I did a search and found a folder before I reinstalled. But when I went to spybot, nothing was there to recover...? I too thought I could still access it and recover. Maybe I should do something different.

That probably explains why I tried to find my updater on my computer and couldn't. I downloaded updates but I'm not sure they took this time. This is something I'll check out later.

To remove the hp center UI, it is here. Start > my programs > startup > hp center UI

Do I just right click and delete? Isn't there another way?
:smile3:

Why any parent would knowingly allow their child to use Kaaza is beyond me. Kaaza is used to illegally obtain copyrighted pictures, movies, music and software and this most certianly is not a victimless crime.

Originally posted by kricket
Thanks for the link. I don't know if I did this right but yesterday I reinstalled spybot thinking maybe the info was still on my computer. I did a search and found a folder before I reinstalled. But when I went to spybot, nothing was there to recover...? I too thought I could still access it and recover. Maybe I should do something different.

To remove the hp center UI, it is here. Start > my programs > startup > hp center UI

Do I just right click and delete? Isn't there another way?
:smile3:

Darn. I guess the new install isn't recognizing the old backups :(
I'll check over at their site to see if there's any way to load the old ones after reinstall. Get back with ya later today about that.

You can right click and delete hp center to delete it from startup, or you could follow the instructions in that old post of mine to change it manually in MSConfig... In this case, it's probably easier to just right click and delete :)

First of all Kazaa is one of the WORST:nay: programs with spyware you can have. Even if you uninstall it it may disrupt your computer. I had Kazaa for about 2 hours when I ran Adaware and noticed how bad Kazaa really is. I did some checking and Kazaa is bad. Adaware works great and it did a great job deleting the unwanted files.... but I would first do this.

Uninstall Kazaa and never use it again ever.
Then run Adaware and delete all.

If your son wants to use a non spyware transfer program have him try Win MX. I have that and it runs perfect with absolutely NO spyware.:cheer:

Good luck sweeping

I will talk with my son about it. I've never heard of win mx. Thank you so much everyone for all your suggestions! :D

Kricket, I did a little test on my home system and uninstalling SpyBot does indeed remove all old backup files. The only thing left after an uninstall was the main spybot folder. So there would be no way to restore your old files after uninstalling.

I do have an option for you though :)

Why not try a system restore to a point about 2 days ago?
If you do it and find that there's still a problem you can always cancel the restore and go right back to where you are right now.
Here's a link to a step by step guide on system restore in XP:

http://www.windowsreinstall.com/install/winxp/howto3/lauchsystemrestore.htm

Let me know if this helps!

Kricket, I know what it's like having teens in the house using your computer....this has been a constant problem for me for several years.

Gomez obviously thinks it's a simple matter of "laying down the law", but I know better. Other than providing our children with their own computers (which many of us cannot afford to do), there are kids who will insist on doing what they want to do (downloading music files), and it's not easy stopping them...especially when they are 15 and older.

I discovered AdAware a year ago. I routinely do a scan after my boys have been on the computer awhile. I delete everything that says Gator or Kazaa, and leave the other things alone....except the ones that say "sex-tracker", or something like that. What is that, anyway?

Thank you tjgorilla...I've never heard of Win MX either, but I'll have a talk with my boys about it.