Off topic a bit but just so all of you know. My daughter downloaded some emoticons free from the internet (Yes, I know... DUMB). I ended up with an insidious little s--tbag program called hotbar. It is total spyware and NOW I find that much has been written about it on the internet.

If you get it on your machine... do a search and remove it safely... don't just remove it like I did. It attaches valuable system files on your machine and pulls them right along with it when you clean it wrong. As I sit, rebuilding my Media PC from scratch I can't help but wish that the originator of this crap were sitting before me bound naked to a chair with duct tape so I could repeatedly beat the son of a bitch with a baseball bat.

I guess my anger should be directed inward... we all know how stupid it is to allow this stuff on your machine... especially since mine has full virus protection and sits behind a VPN firewall. The point is how easy it is to have a machine compeletely disabled in almost no time with one bad move. Now that computers are becoming such a gigantic part of our business I can't help wonder how much of our time will be spent fixing stuff like this for our clients. Good case in point for I-told-ya-so's from those of you who still believe firmly that IP based automation systems have a long way to go. I'm sure feeling that way. If this machine were the control center for a whole house for a client we would have been putting every project on hold and been out there all night.

The last warning is that Media Center PCs at present come with no recovery CDs as you can't buy just the operating system separately. I would advise that if you put one in a system... get these CDs ahead of time for your client(I have to wait three days for mine... then the real rebuilding begins).

Hijack This!
[Link: siena.edu]

Run it, Save the log (The automated version above wil autogenerate the log) and post it on one of the various HijackThis! log sites. (I like GeekstoGo [Link: geekstogo.com])

THis program identifies any changes to the Host file, and IE that could be dangerous.

DO NOT JUST START CLEANING RANDOMLY with this program as tehre are several things that it picks up that ARE legitamate, let a pro analize your log.

i think spybot search and destroy can get rid of hotbar too. buy norton ghost to make ststem recovery disks

Spybot can get rid of some of the Hotbar corruption, but cannot fix your host file.

Spybot and ad-aware are the reasons I created this problem. They "cleaned" hotbar for me and took some real vital stuff with it.

Again... no one to blame but myself... just hoping to alleviate problems some of you might run into by sharing my "experience".

I feel the pain!

A quick Yahoo search:

[Link: pchell.com]

I'm sure you have already thought about this, but if you are running ME, can you not do a back date system restore? first save any data files that you have created such as word documents and other data files.. Then restore your system to the time before you downloaded the hotbar.

Symantec has a good, easy to understand set of removal directions for this POS program.

It does require that you mess around in the registry, so it's not a job that most people should be fooling with. Yes, you can do some MAJOR damage messing around in the registry.

I just cleaned my MIL's computer of hotbar recently. It took the better part of an evening to get through it all. Very nasty piece of work!

I'll agree, people who write virus programs, things like Hotbar and the like, should be very publicly treated to some extreme punishment. Flogging would be too kind.

Some little snot nosed brat thinks this is fun? And the system lets him off with a slap on the wrist?

Nope, it shouldn't happen. You do a virus and we do some "Salem Witch Trial" things to you.....

I couldn't backdate because the files that allow you to do that were GONE!!!

The machine was completely crippled.

HP sent the recovery discs priority overnight for no charge so kudos to them. I loaded everything this morning and now get a basically brand new machine to reload software on and spend hours transferring files back from my laptop (20 Gigs of music alone).

I like the burned at the stake thing... I wonder what the little bastards nuts would smell like roasting away?

I'm sorry to see that others have had this infection too but glad to see that some of you who are smart haven't suffered as much.

Just spent a couple hours going through the same thing. What a pain in the arse. I did manage to clean it 100%...i think.

I would like to find out where those servers are!

People who create those items to be exposed to machines on the internet should have their picture and address posted on the internet. Let's see how well they can run from a million or more people. I think we could find them faster that AMW.

When do you run spybot? Every time you boot? Once a week? It doesn't watch for spyware to arrive, does it?

When it finds spyware in its scans, do you automatically delete everything, or a little at a time?

I did run SpyBot and it found about 50 entries.

Should I run AdAware as well?

Tom,

Spybot will run in the background all the time, and warn you have a possible attack. Adaware is also good to have, although the free version will not continually monitor. Make sure if you download adaware, that you do it directly from lavasoft.com, as I have seen some variations on the name adaware, that looks like it might be an attempt to deceive someone into downloading something other than the Lavasoft Adaware. Possibly a virus?

Mark

So, do I put SpyBot in the startup folder? It's not in my system tray on boot up. I can run it but then it is on the taskbar. Doesn't sound right.

Tom,

Put Spybot into advanced mode, and go to tools. There click on resident, and make sure both boxes are checked. This should make Spybot monitor continuously, and begin at startup.

Mark