Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
How To Clean the Spies In Your Computer? > NetSparsh - Viral Content you Love & Share

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpace

BookedSpace is an Internet Explorer Browser Helper Object used to show advertising.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Variants
BookedSpace/Remanent : early variant (around July 2003) with filename rem00001.dll, controlling server 66.225.192.199.

BookedSpace/BS2 and BookedSpace/BS3 : newer revisions (August 2003) with filename bs2.dll or bs3.dll, controlling server www.bookedspace.com.

Distribution
BookedSpace/Remanent is silently installed by MThree MP3 to WAV converter. BookedSpace/BS2 is silently installed by FreeWire's FreeMP3Player. The origin of BookedSpace/BS3 is currently unknown.

Advertising
Yes. BookedSpace can contact its controlling server when a new page is visited, which may direct it to open pop-up ads.

Privacy violation
Yes. When the controlling server is contacted, the URL of the current page is passed along with a user ID for tracking purposes.

Security issues
Yes. May download and install third-party software as directed by its controlling server. BookedSpace/BS2 has been seen to install the BargainBuddy , nCase and eBates parasites.

Stability problems
Seems to stop IE address bar searches from working.

Removal
Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands, for the Remanent variant:

cd "%WinDir%System"
regsvr32 /u ".. em00001.dll"
Or, for the BS2 variant:

cd "%WinDir%System"
regsvr32 /u "..s2.dll"
Or, for the BS3 variant:

cd "%WinDir%System"
regsvr32 /u "..s3.dll"

Next, for BS2 and BS3, open the registry (click 'Start', choose 'Run', enter 'regedit'), find the key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun, and delete the entry 'BookedSpace' (BS2 variant) or 'Bsx3' (BS3 variant).

Restart the computer and you should be able to delete the 'rem00001.dll', 'bs2.dll' or 'bs3.dll' file in the Windows folder. You can also open the registry and delete the key HKEY_LOCAL_MACHINESoftwareRemanent or HKEY_LOCAL_MACHINE_SoftwareBookedSpace to clean up, if you like.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

MS Media Player GUID

Overview
MS Media Player GUID is a warning that the Window Media player may transmits an anonymous Global Uniquie IDentifier (GUID) to the streaming servers when you download content.

The following is the information given at Microsoft Security Bulletin MS01-029: "... a potential privacy vulnerability that was recently identified. This issue could be exploited by a malicious set of web sites to distinguish a user. While this issue would not by itself enable a web site to identify the user, it could enable the correlation of user information to potentially build a composite description of the user." Source

The existance of this GUID on your system may also indicated that your system does not have all critical updates and service packs installed.

Detection
Bazooka Adware and Spyware Scanner detects MS Media Player GUID. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

How to remove the GUID

Go to www.windowsupdate.com and install all critical updates and service packs. Go on with the following steps if Bazooka still reports MS Media Player GUID.

Windows Media Player 6.4 users: the privacy setting is selected via a new option, which can be reached by going to the menu item View / Options then selecting the player tab and de-selecting "Allow Internet sites to uniquely identify your player".

Windows Media Player 7.1 users: the privacy setting is toggled via the existing option under the tools menu, on the player tab and deselect the option "Allow Internet sites to uniquely identify your player". Windows Media Player 9.0 users: Click Tools -> Options -> Privacy, uncheck "Send unique Player ID to content providers."

If Bazooka still reports MS Media Player GUID, go on with the following steps.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Delete 'HKEY_CURRENT_USER Software Microsoft MediaPlayer Player Settings Client ID'.

Exit the registry editor.

Problems uninstalling? Click here.

Please support me
Thank you for using my site. Please help me to keep this site and software up-to-date.

Contact information for MS Media Player GUID's vendor In order to provide correct, accurate and updated information about MS Media Player GUID I encourage the vendor to contact me if any part of this write-up needs a revision.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

W32.Backdoor.Nibu

Overview
W32.Backdoor.Nibu is a trojan horse, with many variants. You can read more at Symantec.

Classification
Trojan Horse

Files
load32.exe, Dllreg.exe, Vxdmgr32.exe, Rundllw.exe, patch.exe, netda.exe, swchost.exe

Log references
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]

Detection
Bazooka Adware and Spyware Scanner detects W32.Backdoor.Nibu. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall procedure
Please go to the anti-virus recommendation page. You can find both free products or use one of the trials to remove the virus.

Manual removal
Please follow the instructions below if you would like to remove W32.Backdoor.Nibu manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If W32.Backdoor.Nibu remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:

'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'load32', if it exists.
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
%SystemDir%swchost.exe
%SystemDir% etda.exe
%SystemDir%load32.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

FavoriteMan has many variants:

FavoriteMan/Lwz installs lwz.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/F1 installs F1.dll. Data file is SysLdr.dll. Controlling server is www.prize4all.com.
FavoriteMan/FOne
FavoriteMan/FOne is a replacement for the Lwz variant. Filename is FOne.dll, data file is SysLdr.dll. Controlling server is www.f1organizer.com.
FavoriteMan/Ofrg's program file is called ofrg.dll. It stores its data in a file called favboot.dll. Its controlling server is www.yourspecialoffers.com. FavoriteMan/Favorite installs favorite.dll. Data file is FavMan.dll. Controlling server is also www.yourspecialoffers.com.

FavoriteMan/SpyAssault
FavoriteMan sometimes causes IE to lock up for a variable period of time, occasionally indefinitely, when a new browser process is started. This may be something to do with its trying to contact its servers on startup. Also crashes may occur when very long URLs are used.

How to Remove FavoriteMan?

FavoriteMan/F1 and FavoriteMan/ZZ offer a removal feature: Click Start >Settings > Control Panel > Add/Remove programs, choose 'F1' or 'ZZ' and click 'Remove'.

To manually remove other variants of FavoriteMan:

Unregister FavoriteMan. Open a DOS command prompt window (Click Start > Run, type 'command'(for Windows 98/Me) or 'cmd' (for Windows 2000/XP) and enter the following commands: cd "%WinDir%System" regsvr32 /u favorite.dll

Note: Change the filename 'favorite.dll' to match the variant you have. This can be ofrg.dll, favorite.dll, lwz.dll, F1.dll, ZZ.dll, mpz300.dll, trk.dll, Gr02.dll, Aess.dll, Ss32.dll or emesx.dll; in in the case of the IMZ variant it will have a random eleven-letter filename. (eg. troallystbr.dll). You can usually find the culprit by opening the System folder choosing View->Arrange icons by->Modified, then looking near the bottom of the window.

Restarting the computer.

Delete the program file. The software can be found in the System folder. On Windows 95/98/Me this is the folder called 'System' in the Windows folder; on Windows NT, 2000 and XP it is called 'System32'. Look for one of the filenames listed above.

Delete the data file favboot.dll, FavMan.dll, SysLdr.dll, mbr32.dll, im64.dll or dlh0st.dll in the same folder (it isn't a DLL at all). Open the registry editor ( Start > Run, type regedit) , locate the key 'HKEY_CURRENT_USERSoftwareMicrosoftWindows',find and delete the entries 'Counter', 'Server' and 'Object' in it.

Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!

Online Trojan

Overview
Online Trojan changes your Internet Explorer settings.

Classification
Trojan Horse

Files
svchost.exe, msto32.dll, svchostc.exe, svchosts.exe

Log references
Log 89

Vendor
Unknown

Privacy policy
No privacy policy available.

Detection
Bazooka Adware and Spyware Scanner detects Online Trojan. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Manual removal
Please follow the instructions below if you would like to remove Online Trojan manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Online Trojan remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Start your computer in safe mode.

Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)

Browse to the key:
'HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run'
In the right pane, delete the value called 'Online Service', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%WinDir%svchost.exe
%WinDir%msto32.dll
%SystemDir%svchostc.exe
%SystemDir%svchosts.exe
Note: %SystemDir% is a variable (?). By default, this is C:WindowsSystem (Windows 95/98/Me), C:WINNTSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).

Note: %WinDir% is a variable (?). By default, this is C:Windows (Windows 95/98/Me/XP) or C:WINNT (Windows NT/2000).

Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.

Nabaza.com specializes in building, designing, implementing, managing and maintaining corporate website to boost sales of your company. Email william@nabaza.com for information on functional, dynamic webpage designing with affordable packages. Subscribe for free: http://www.nabaza.com/subscribe.htm

Rebrandable ebooks, software for free
Free Advertising Space
Put Nabaza.com In your desktop

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

The Hill

Russian Defense Ministry says it's ready to boost security cooperation with US
The Hill
"The Russian Defense Ministry is ready for practical implementation of the agreements in the sphere of international security reached by Russian and U.S. Presidents, Vladimir Putin and Donald Trump, at their Monday's summit in Helsinki," Igor ...
Rubio, Warner Stress Election Security After Trump-Putin SummitWIRED
Russian Defense Ministry 'Ready' to Implement Putin-Trump Security AgreementsNewsweek
Trump stresses Israel's security in talks with PutinReuters
The Register -Just Security -TPM
all 3,827 news articles »

Petoskey News-Review

New security measures begin next week at Emmet county building
Petoskey News-Review
... of acts of violence resulting in deaths and personal injuries,” in public buildings throughout the United States and sought to “provide an enhanced level of safety and security in the Emmet County Building by restricting the entry of weapons into ...


Washington Post

'Morally repugnant': Homeland Security advisory council members resign over immigration policies
Washington Post
Four members of a Homeland Security advisory council have resigned in protest over the Trump administration's immigration policies, citing the “morally repugnant” practice of separating immigrant families at the border. Richard Danzig, former secretary ...
Homeland Security advisory council members resign over family separations: reportThe Hill

all 4 news articles »

Aljazeera.com

Unprecedented security at Kashmir's annual Hindu pilgrimage | Asia ...
Aljazeera.com
Last year, fighters targeted a tourist bus, killing eight people who were performing the gruelling Amaranth Yatra.

and more »

USA TODAY

Denver airport's massive transformation: new gates, smoother security
USA TODAY
Hundreds of flyers wait in TSA security lines in Denver International Airport's Great Hall. Airport managers have launched a major renovation of the hall, hoping to speed up security screenings and improve the passenger experience. (Photo: Trevor ...

and more »

Military Times

MAVNI troops falsified records, were security risk, DoD says
Military Times
Mattis, “provide context for you regarding the true national security issues at stake,” said Pentagon spokeswoman Air Force Maj. Carla Gleason. The U.S. District Court Western District of Washington is considering the lawsuit, which was filed on behalf ...


Bloomberg

Coinbase Wins Nod on Deals as It Seeks to Add Security Coins ...
Bloomberg
Coinbase Inc., one of the most popular cryptocurrency platforms, said it got the green light from U.S. watchdogs to move forward with a trio of acquisitions that ...
Coinbase Says It Now Has Regulatory Approval to List Security TokensCoinDesk
Coinbase Gains SEC Approval to List Security TokensBitcoinist
Coinbase Gains Approval to List Security TokensCryptoSlate
CCN -Bloomberg -The Coinbase Blog
all 41 news articles »

Xconomy

Security Firm ObserveIT Grabs $33M to Get Ahead of Insider Threats
Xconomy
Cyber breaches caused by people within businesses and organizations, both accidental and malicious leaks, continue to multiply. Now, a Boston security startup is arming itself with more cash and enhanced technology to try and stop these insider threats.

and more »

Mashable

Get the Ring spotlight security cam for 30% off on Amazon Prime Day
Mashable
The motion-censored security camera allows you to view what's going on at your home at all times, straight from your phone or computer using the free Ring App. You can create and customize your own motion zones so you can focus in on whatever areas ...
This Best-selling Home Security Camera With Over 13K Rave Reviews Is on Sale for Amazon Prime DayTravel+Leisure

all 2,959 news articles »

MSNBC

McFaul: Trump with Putin shows US 'national security crisis'
MSNBC
Michael McFaul, former U.S. ambassador to Russia, talks with Rachel Maddow about the public reaction to Donald Trump's deference to Vladimir Putin at their Helsinki press conference, and what the appropriate public response is to the realization that ...

Google News

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom ---------------------------------------- As a network... Read More

Don?t Become An Identity Fraud Statistic!

"You've just won a fabulous vacation or prize package! Now,... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

Firewall Protection - Does Your Firewall Do This?

The first thing people think about when defending their computers... Read More

Internet Privacy

Over the past few years as the internet has become... Read More

Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

Watching the Watchers: Detection and Removal of Spyware

If spyware were a person and he set himself up... Read More

What is Hacking? Are You a Hacker?

WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More

40 Million People Hacked - YOU as Identity Theft Victim

Saturday, MasterCard blamed a vendor of ALL credit card providers... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually... Read More

Dont be a Dork ? Protect Yourself

There are folks out there who use their powers for... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

What to Look for before You Purchase Spyware Software

Huge number of spyware software applications are available in the... Read More

Why Malicious Programs Spread So Quickly?

It seems that nowadays cybercriminals prefer cash to fun. That... Read More

Online Shoppers, Beware of a New Scam

Beware of a New Scam Aimed at Bargain-HuntersTrying to buy... Read More