How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpace

BookedSpace is an Internet Explorer Browser Helper Object used to show advertising.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Variants
BookedSpace/Remanent : early variant (around July 2003) with filename rem00001.dll, controlling server 66.225.192.199.

BookedSpace/BS2 and BookedSpace/BS3 : newer revisions (August 2003) with filename bs2.dll or bs3.dll, controlling server www.bookedspace.com.

Distribution
BookedSpace/Remanent is silently installed by MThree MP3 to WAV converter. BookedSpace/BS2 is silently installed by FreeWire's FreeMP3Player. The origin of BookedSpace/BS3 is currently unknown.

Advertising
Yes. BookedSpace can contact its controlling server when a new page is visited, which may direct it to open pop-up ads.

Privacy violation
Yes. When the controlling server is contacted, the URL of the current page is passed along with a user ID for tracking purposes.

Security issues
Yes. May download and install third-party software as directed by its controlling server. BookedSpace/BS2 has been seen to install the BargainBuddy , nCase and eBates parasites.

Stability problems
Seems to stop IE address bar searches from working.

Removal
Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands, for the Remanent variant:

cd "%WinDir%System"
regsvr32 /u ".. em00001.dll"
Or, for the BS2 variant:

cd "%WinDir%System"
regsvr32 /u "..s2.dll"
Or, for the BS3 variant:

cd "%WinDir%System"
regsvr32 /u "..s3.dll"

Next, for BS2 and BS3, open the registry (click 'Start', choose 'Run', enter 'regedit'), find the key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun, and delete the entry 'BookedSpace' (BS2 variant) or 'Bsx3' (BS3 variant).

Restart the computer and you should be able to delete the 'rem00001.dll', 'bs2.dll' or 'bs3.dll' file in the Windows folder. You can also open the registry and delete the key HKEY_LOCAL_MACHINESoftwareRemanent or HKEY_LOCAL_MACHINE_SoftwareBookedSpace to clean up, if you like.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

MS Media Player GUID

Overview
MS Media Player GUID is a warning that the Window Media player may transmits an anonymous Global Uniquie IDentifier (GUID) to the streaming servers when you download content.

The following is the information given at Microsoft Security Bulletin MS01-029: "... a potential privacy vulnerability that was recently identified. This issue could be exploited by a malicious set of web sites to distinguish a user. While this issue would not by itself enable a web site to identify the user, it could enable the correlation of user information to potentially build a composite description of the user." Source

The existance of this GUID on your system may also indicated that your system does not have all critical updates and service packs installed.

Detection
Bazooka Adware and Spyware Scanner detects MS Media Player GUID. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

How to remove the GUID

Go to www.windowsupdate.com and install all critical updates and service packs. Go on with the following steps if Bazooka still reports MS Media Player GUID.

Windows Media Player 6.4 users: the privacy setting is selected via a new option, which can be reached by going to the menu item View / Options then selecting the player tab and de-selecting "Allow Internet sites to uniquely identify your player".

Windows Media Player 7.1 users: the privacy setting is toggled via the existing option under the tools menu, on the player tab and deselect the option "Allow Internet sites to uniquely identify your player". Windows Media Player 9.0 users: Click Tools -> Options -> Privacy, uncheck "Send unique Player ID to content providers."

If Bazooka still reports MS Media Player GUID, go on with the following steps.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Delete 'HKEY_CURRENT_USER Software Microsoft MediaPlayer Player Settings Client ID'.

Exit the registry editor.

Problems uninstalling? Click here.

Please support me
Thank you for using my site. Please help me to keep this site and software up-to-date.

Contact information for MS Media Player GUID's vendor In order to provide correct, accurate and updated information about MS Media Player GUID I encourage the vendor to contact me if any part of this write-up needs a revision.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

W32.Backdoor.Nibu

Overview
W32.Backdoor.Nibu is a trojan horse, with many variants. You can read more at Symantec.

Classification
Trojan Horse

Files
load32.exe, Dllreg.exe, Vxdmgr32.exe, Rundllw.exe, patch.exe, netda.exe, swchost.exe

Log references
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

Detection
Bazooka Adware and Spyware Scanner detects W32.Backdoor.Nibu. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall procedure
Please go to the anti-virus recommendation page. You can find both free products or use one of the trials to remove the virus.

Manual removal
Please follow the instructions below if you would like to remove W32.Backdoor.Nibu manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If W32.Backdoor.Nibu remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:

'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'load32', if it exists.
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
%SystemDir%swchost.exe
%SystemDir% etda.exe
%SystemDir%load32.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

FavoriteMan has many variants:

FavoriteMan/Lwz installs lwz.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/F1 installs F1.dll. Data file is SysLdr.dll. Controlling server is www.prize4all.com.
FavoriteMan/FOne
FavoriteMan/FOne is a replacement for the Lwz variant. Filename is FOne.dll, data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/Ofrg's program file is called ofrg.dll. It stores its data in a file called favboot.dll. Its controlling server is www.yourspecialoffers.com. FavoriteMan/Favorite installs favorite.dll. Data file is FavMan.dll. Controlling server is also www.yourspecialoffers.com.

FavoriteMan/SpyAssault
FavoriteMan sometimes causes IE to lock up for a variable period of time, occasionally indefinitely, when a new browser process is started. This may be something to do with its trying to contact its servers on startup. Also crashes may occur when very long URLs are used.

How to Remove FavoriteMan?

FavoriteMan/F1 and FavoriteMan/ZZ offer a removal feature: Click Start >Settings > Control Panel > Add/Remove programs, choose 'F1' or 'ZZ' and click 'Remove'.

To manually remove other variants of FavoriteMan:

Unregister FavoriteMan. Open a DOS command prompt window (Click Start > Run, type 'command'(for Windows 98/Me) or 'cmd' (for Windows 2000/XP) and enter the following commands: cd "%WinDir%System" regsvr32 /u favorite.dll

Note: Change the filename 'favorite.dll' to match the variant you have. This can be ofrg.dll, favorite.dll, lwz.dll, F1.dll, ZZ.dll, mpz300.dll, trk.dll, Gr02.dll, Aess.dll, Ss32.dll or emesx.dll; in in the case of the IMZ variant it will have a random eleven-letter filename. (eg. troallystbr.dll). You can usually find the culprit by opening the System folder choosing View->Arrange icons by->Modified, then looking near the bottom of the window.

Restarting the computer.

Delete the program file. The software can be found in the System folder. On Windows 95/98/Me this is the folder called 'System' in the Windows folder; on Windows NT, 2000 and XP it is called 'System32'. Look for one of the filenames listed above.

Delete the data file favboot.dll, FavMan.dll, SysLdr.dll, mbr32.dll, im64.dll or dlh0st.dll in the same folder (it isn't a DLL at all). Open the registry editor ( Start > Run, type regedit) , locate the key 'HKEY_CURRENT_USERSoftwareMicrosoftWindows',find and delete the entries 'Counter', 'Server' and 'Object' in it.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Online Trojan

Overview
Online Trojan changes your Internet Explorer settings.

Classification
Trojan Horse

Files
svchost.exe, msto32.dll, svchostc.exe, svchosts.exe

Log references
Log 89

Vendor
Unknown

Privacy policy
No privacy policy available.

Detection
Bazooka Adware and Spyware Scanner detects Online Trojan. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Manual removal
Please follow the instructions below if you would like to remove Online Trojan manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Online Trojan remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:
'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'Online Service', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%WinDir%svchost.exe
%WinDir%msto32.dll
%SystemDir%svchostc.exe
%SystemDir%svchosts.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Note: %WinDir% is a variable (?). By default, this is C:Windows (Windows 95/98/Me/XP) or C:WINNT (Windows NT/2000).

Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.

Nabaza.com specializes in building, designing, implementing, managing and maintaining corporate website to boost sales of your company. Email [email protected] for information on functional, dynamic webpage designing with affordable packages. Subscribe for free: http://www.nabaza.com/subscribe.htm

Rebrandable ebooks, software for free
Free Advertising Space
Put Nabaza.com In your desktop

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Gallup

Security Issues Continue to Plague Central America
Gallup
Police crackdowns on anti-government protesters -- which have resulted in hundreds of deaths since the protests began in April -- likely did not help security perceptions. Currently, both measures mark new lows in Gallup's 12-year trend for Nicaragua.


Nature.com

Quantum computers put blockchain security at risk
Nature.com
Blockchain security relies on 'one-way' mathematical functions. These are straightforward to run on a conventional computer and difficult to calculate in reverse. For example, multiplying two large prime numbers is easy, but finding the prime factors ...

and more »

ZDNet

Security warning: UK critical infrastructure still at risk from devastating cyber attack
ZDNet
Describing this set up as "wholly inadequate" and "inappropriate in view of the Government's own assessment that major cyber attacks are a top-tier national security threat," the committee recommends that the government appoints a Cabinet Office ...
Parliament Tears Into National Cyber Security Programme, Calls for AuditComputer Business Review
UK power grid vulnerable as government failing on cyber securitySky News

all 76 news articles »

USA TODAY

Kanye West donates $150000 to family of security guard fatally shot by police
USA TODAY
Kanye West is doing his part to help the family of Jemel Roberson, the security guard who was fatally shot by a police officer in Chicago earlier this month while he was detaining a suspected gunman. West donated $150,000 to a GoFundMe page set up by ...
Kanye West donates $150000 for security guard killed by officer in suburban ChicagoCNN
Kanye West donates $150G to family of black security guard killed by white officerFox News
Kanye West donates $150K for security guard killed by officer in RobbinsWGN-TV
fox2now.com -14 News WFIE Evansville -GoFundMe -CNN
all 244 news articles »

The Verge

Abode's Iota is a security camera, motion sensor, and gateway all in one
The Verge
Smart home security company Abode is releasing an all-in-one security device that combines elements of three different products into one. The Iota home security system contains a 1080p security camera, a motion sensor, and a gateway (the hub of the ...


Complex

Fired WWE star hijacks 'Survivor Series,' gets slammed by security
New York Post
Fired WWE superstar Enzo Amore got bodyslammed by a security guard and booted out of the Staples Center on Sunday night after he tried to hijack the live taping of the company's popular PPV event “Survivor Series.” The hectic scene was caught on ...
Disgraced Wrestler Enzo Amore Storms WWE Event, Gets Tossed by SecurityComplex
Enzo Amore Kicked Out Of WWE Survivor Series By Security After Cutting PromoMandatory

all 1,808 news articles »

Foreign Policy (blog)

Security Brief: The Generals' Pentagon; Dispatch from Halifax
Foreign Policy (blog)
The Pentagon's civilian arm is struggling to maintain its influence as the military increasingly exerts its voice on key policy decisions. Foreign Policy's Robbie Gramer reports from the Halifax International Security Forum, where the United States ...

and more »

fox5sandiego.com

Lawsuit accuses MTS, security personnel of using excessive force
fox5sandiego.com
SAN DIEGO — Four men are suing the Metropolitan Transit System, one of its code compliance inspectors and a private security contractor over allegations that the trolley personnel assaulted them, used excessive force and violated their civil rights ...


Fox News

Dem governor's trips bust state's $2.6M security and travel budget
Fox News
In the past year, Inslee has made appearances in more than a dozen states – on official business and to campaign for Democratic candidates. The security detail that follows Inslee to-and-from events is akin to the Secret Service assigned to President ...


New York Times

Netanyahu, Citing Israel's Security, Tries to Salvage His Government
New York Times
JERUSALEM — Prime Minister Benjamin Netanyahu of Israel made an impassioned attempt on Sunday to salvage his crumbling government, warning his teetering coalition partners that toppling the government at such a complex time for national security ...
Invoking Security Situation, Netanyahu Warns of 'Irresponsible' Early Elections: 'I Have a Clear Plan'Haaretz
Netanyahu: Irresponsible to topple government at 'sensitive security time'The Jerusalem Post
Mr. Security or Mr. Politics? 8 things to know for November 19The Times of Israel

all 1,756 news articles »
Google News

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

Never before with Instant Messaging (IM) has a more vital... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

Message Board Security Problems

Security leaks can be a big problem for any site... Read More

Virus Nightmare..Lessons Learned

I got a virus the other day, Thursday I believe... Read More

Securing Your Accounts With Well-Crafted Passwords

In the past I've never really paid much attention to... Read More

File Sharing - What You Need to Know!

File sharing on p2p is soaring despite the music and... Read More

Internet Small Business and Fraud

Be careful of sites that promise to send you "instant... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

Top Ten Spyware and Adware Threats Identified

On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More

Website Security - Creating a Bulletproof Site in 5 Easy Steps

When it comes to a secure website and passwords it... Read More

5 Tips For An Unbreakable Password

Despite the current wave of identity theft and corporate security... Read More

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More

Eliminate Adware and Spyware

Everyone should eliminate spyware and adware from your hard drive... Read More

Avoid Internet Theft, Fraud and Phishing

Since its birth, the Internet has grown and expanded to... Read More

Is Spyware Watching You?

Imagine my surprise when I received a phone call from... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More

Protecting Your Identity On The Internet

Afraid that someone is monitoring your PC or installed a... Read More

Email Scams ? Ten Simple Steps To Avoiding Them

According to the Anti-Phishing Working Group (APWG) email scams also... Read More

Identity Theft ? Beware of Phishing Attacks!

"Dear Bank of the West customer", the message begins. I've... Read More

Dont be a Dork ? Protect Yourself

There are folks out there who use their powers for... Read More

Are You Surfing Safe?

Ok, you've got a computer, and you get online. You... Read More