Help! I've been infected with VisualBee!

Started Mar 14, 2013 | Discussions
Isabel Cutler
Forum ProPosts: 14,778
Like?
Help! I've been infected with VisualBee!
Mar 14, 2013

made the mistake of downloading Snapseed from Softonic and all sorts of things were added to my computer, like the Visual Bee Toolbar in Chrome and Firefox.

I've tried to uninstall as much as possible but realize I have to get rid of all references to VisualBee.

There are many sites on the web offering ways to get rid of the invasion but now I don't know which one to trust.l

Anyone have a good place for me to start?

Isabel

-- hide signature --
Jim Cockfield
Forum ProPosts: 14,890
Like?
Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

Isabel Cutler wrote:

made the mistake of downloading Snapseed from Softonic and all sorts of things were added to my computer, like the Visual Bee Toolbar in Chrome and Firefox.

I've tried to uninstall as much as possible but realize I have to get rid of all references to VisualBee.

There are many sites on the web offering ways to get rid of the invasion but now I don't know which one to trust.l

Anyone have a good place for me to start?

Isabel

Always "opt out" of any extras being installed.

I just download and test ran that download when I saw your post, and Softonic is using a custom installer that adds extras like an adware related toolbar based on Conduit (which is what you're seeing with VisualBee), as well as some kind of PC Performer package (and I haven't researched what it does yet, but it's probably not something you want running on your PC).

That's clearly shown when using their installer. With the Express box checked, it tells you it's installs those extras.

If you check the "Custom" (versus "Express" box), it's still going to install those extras by default. So, you'd have to make sure to uncheck the box related to those extra programs (again, clearly shown once you check the Custom install option).

Most users just don't pay attention to those kinds of things. But, download sites are doing it all the time (installing adware related toolbars and programs by default).

Softnoic is not the only download site adding that kind of thing. A number of other download sites do the same thing (for example, Cnet's download.com has used those tactics).

So, I'd suggest being more careful when installing software going forward, and *always* opt out of any extras being tacked on by default, especially any toolbars.

Otherwise, you'd just going to end up with a lot of adware and related toolbars on your system.

As for getting rid of it, try adwcleaner, as I found one forum post saying ti worked for that particular adware toolbar:

http://www.bleepingcomputer.com/download/adwcleaner/

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: Always opt out of any extras
In reply to Jim Cockfield, Mar 15, 2013

thanks for the feedback.

I always opt out of any extras - guess I didn't catch them this time.

The link you suggested uses the Ask Toolbar which I hate and has been installed by other things I downloaded, so I think I'll steer clear of that.

I'd like to install Malwarebytes, which might get rid of it, but now an shaky about downloading that, figuring I might get some other stuff I don't want.

Do you know of a safe site from which to get Malwarebytes?

isabel

-- hide signature --
Reply   Reply with quote   Complain
Bouldergramp
Regular MemberPosts: 194Gear list
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

If you are using a MS Windows operating system a system restore should get your computer back to state it was in prior to the unwanted downloads.

Start/All Programs/Accessories/System Tools/System Restore

Pick a restore point prior to the downloads and click restore.

I never thought much of Malwarebytes...I don't think your downloads are considered malware.

-- hide signature --

Bouldergramp

 Bouldergramp's gear list:Bouldergramp's gear list
Samsung EX2F
Reply   Reply with quote   Complain
Rodolfo
Contributing MemberPosts: 640
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

The malwarebyte site directs you to cnet. That's where I got my copy the last time I downloaded it. You may want to save the install file to your download (or any) folder and then you can always just run it from your own computer next time you need it. You'll always be prompted to update when you run the program. Good luck and do watch for any extras the download sites and even the free programs themselves want to load. Most are harmless, but they can be a nuisance.

Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,890
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

Isabel Cutler wrote:

thanks for the feedback.

I always opt out of any extras - guess I didn't catch them this time.

The link you suggested uses the Ask Toolbar which I hate and has been installed by other things I downloaded, so I think I'll steer clear of that.

What are you talking about?

What page did you go to?

Did you use the "Download Now"button on the page I linked to? This page:

http://www.bleepingcomputer.com/download/adwcleaner/

When I use it, I get this download.

http://download.bleepingcomputer.com/dl/b889d020bef8bfc48880532c872900fd/514269a1/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe

The downloaded adwcleaner program doees not try to install the Ask toolbar (it's a link to the actual program, not a custom installer).

I suggested using AdwCleaer, because I found a thread where someone said it worked to remove the toolbar you have now. This thread:

http://www.bleepingcomputer.com/forums/t/481288/vb-or-visual-bee-malicious-tool-bar-how-to-remove-safely/

That's what I'd try first (adwcleaner).

I'd like to install Malwarebytes, which might get rid of it, but now an shaky about downloading that, figuring I might get some other stuff I don't want.

If you use the default link for the free version of Malwarebytes from this page, it's probably going to send you to Cnet's download.com:

http://www.malwarebytes.org/products/malwarebytes_free/

IOW, you'll probably end up here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Now, the download I just tried gave me the actual malwarebytes program.

But, sometimes Cnet's download.com will try to give you a customer installer that includes adware related toolbars, too.  They've been guilty of that in the past, even when the software developers of the software they're hosting complained about that practice.

So, PAY ATTENTION, AND OPT OUT of any extras like toolbars when using custom installers.

You will almost never see those kinds of extras being installed unless you give the installer permission to include them.

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: thank you for reminding me about System Restore, BUT....
In reply to Bouldergramp, Mar 15, 2013

for some reason it will not work for me - I checked online for a solution and one suggestion was to turn off your antivirus, so I did that and it still didn't work.

Here is a screen grab of the error message I get:

I wish I knew where to go after this!


Isabel

Bouldergramp wrote:

If you are using a MS Windows operating system a system restore should get your computer back to state it was in prior to the unwanted downloads.

Start/All Programs/Accessories/System Tools/System Restore

Pick a restore point prior to the downloads and click restore.

I never thought much of Malwarebytes...I don't think your downloads are considered malware.

-- hide signature --

Bouldergramp

-- hide signature --
Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: Always opt out of any extras
In reply to Jim Cockfield, Mar 15, 2013

I did finally download Malwarebytes from the Malwarebyte's website from one of their trusted partner sites and ran it.  It found a couple of things with names unrelated to VisualBee.

I'd like to try a system restore before I do anything else but I've got to get system restore to work.

My computer is only about a month old and I hate to have it so messed up so soon!

I had a problem when I was first installing plug-ins for Photoshop and tried to do a system restore at that point and it wouldn't work, but I did get rid of the plug-in so I never investigated by Windows System Restore didn't work.

That's something I'lm going to have to work out.

This is the error message I got then and I get now:

Isabel

Jim Cockfield wrote:

Isabel Cutler wrote:

thanks for the feedback.

I always opt out of any extras - guess I didn't catch them this time.

The link you suggested uses the Ask Toolbar which I hate and has been installed by other things I downloaded, so I think I'll steer clear of that.

What are you talking about?

What page did you go to?

Did you use the "Download Now"button on the page I linked to? This page:

http://www.bleepingcomputer.com/download/adwcleaner/

When I use it, I get this download.

http://download.bleepingcomputer.com/dl/b889d020bef8bfc48880532c872900fd/514269a1/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe

The downloaded adwcleaner program doees not try to install the Ask toolbar (it's a link to the actual program, not a custom installer).

I suggested using AdwCleaer, because I found a thread where someone said it worked to remove the toolbar you have now. This thread:

http://www.bleepingcomputer.com/forums/t/481288/vb-or-visual-bee-malicious-tool-bar-how-to-remove-safely/

That's what I'd try first (adwcleaner).

I'd like to install Malwarebytes, which might get rid of it, but now an shaky about downloading that, figuring I might get some other stuff I don't want.

If you use the default link for the free version of Malwarebytes from this page, it's probably going to send you to Cnet's download.com:

http://www.malwarebytes.org/products/malwarebytes_free/

IOW, you'll probably end up here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Now, the download I just tried gave me the actual malwarebytes program.

But, sometimes Cnet's download.com will try to give you a customer installer that includes adware related toolbars, too. They've been guilty of that in the past, even when the software developers of the software they're hosting complained about that practice.

So, PAY ATTENTION, AND OPT OUT of any extras like toolbars when using custom installers.

You will almost never see those kinds of extras being installed unless you give the installer permission to include them.

-- hide signature --

JimC
------

-- hide signature --
Reply   Reply with quote   Complain
Bouldergramp
Regular MemberPosts: 194Gear list
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

Well, I would skip system restore and go to Start/Control Panel/Programs and Features (assuming your Control Panel icons look like mine on Vista) and uninstall the programs  you don't want.

-- hide signature --

Bouldergramp

 Bouldergramp's gear list:Bouldergramp's gear list
Samsung EX2F
Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: Problem Solved!...
In reply to Isabel Cutler, Mar 15, 2013

Did a little more web surfing and found MANY people were having problems with System Restore not working and the suggestion was to book in Safe Mode -

Of course, there was a problem there as well, since the normal F8 to go into Safe Mode did not work with my ultrafast loading SSD C Drive.

Further search on "I can't get into SafeMode" gave me the instructions to go into MSCONFIG and Chose to Book in Safe Mode.

That worked for System Restore.

I hope by sharing my experiences others will be warned to be extra careful when the download from sites other than the originators of a product and also, how to do a System Restore when it just won't work.

Thank you all for your inputs.

Isabel

-- hide signature --
Reply   Reply with quote   Complain
Bouldergramp
Regular MemberPosts: 194Gear list
Like?
Re: Problem Solved!...
In reply to Isabel Cutler, Mar 15, 2013

Isabel Cutler wrote:

Did a little more web surfing and found MANY people were having problems with System Restore not working and the suggestion was to book in Safe Mode -

Of course, there was a problem there as well, since the normal F8 to go into Safe Mode did not work with my ultrafast loading SSD C Drive.

Further search on "I can't get into SafeMode" gave me the instructions to go into MSCONFIG and Chose to Book in Safe Mode.

That worked for System Restore.

I hope by sharing my experiences others will be warned to be extra careful when the download from sites other than the originators of a product and also, how to do a System Restore when it just won't work.

Thank you all for your inputs.

Isabel

-- hide signature --

I am glad you stuck with the system restore.  I think Microsoft incorporated it for all of us that occasionally wish we could go back to where we were before the problem started.

-- hide signature --

Bouldergramp

 Bouldergramp's gear list:Bouldergramp's gear list
Samsung EX2F
Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: Thank you, Bouldergramp! (nt)
In reply to Bouldergramp, Mar 15, 2013
-- hide signature --
Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
Re: From what I read about this VisualBee Toolbar and other things it installs..
In reply to Bouldergramp, Mar 15, 2013

It can really mess up your computer, so although I did a simple install it didn't remove everything.

System Restore was the safest way to go.

Isabel

-- hide signature --
Reply   Reply with quote   Complain
drj3
Senior MemberPosts: 1,490Gear list
Like?
Re: From what I read about this VisualBee Toolbar and other things it installs..
In reply to Isabel Cutler, Mar 15, 2013

You should always create a system image for your computer.  For a new computer (assuming Windows 8) you can still create a Windows 7 system image and System Repair Disk, so that you can always restore your computer to that known good state.  On Windows 8 - Control Panel - System and Security - File History - Windows 7 file recovery - Create a system image and Create a System Repair Disk.  On a Windows 7 it is a little more direct Control Panel - System and Security - Backup and Restore - Backup or Restore  and then Create a system image and Create a System Repair Disk.  Works on almost all computers, but strangely enough, not on the Windows Surface Pro - I had to use Macrium Reflect to image it's hard drive.  Microsoft created a partition that causes a problem with imaging their own computer system disk.

-- hide signature --

drj3

 drj3's gear list:drj3's gear list
Olympus E-510 Olympus E-5 Olympus E-M1 Olympus OM-D E-M10 Olympus Zuiko Digital ED 12-60mm 1:2.8-4.0 SWD +5 more
Reply   Reply with quote   Complain
Isabel Cutler
Forum ProPosts: 14,778
Like?
thanks for the reminder...
In reply to drj3, Mar 15, 2013

I do have set my computer (Windows 7) to do a backup once a week.

Isabel

-- hide signature --
Reply   Reply with quote   Complain
Dinegbatty
Regular MemberPosts: 205
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

It's all about deception these days they are all at it. no different from drug pushing

Reply   Reply with quote   Complain
Ho72
Senior MemberPosts: 1,573
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 15, 2013

Isabel Cutler wrote:

The link you suggested uses the Ask Toolbar...

No it doesn't. Had you read the link more closely you would have known that. Adwcleaner is a valuable tool -- too bad you blew it off.

Reply   Reply with quote   Complain
ericN2
Forum ProPosts: 14,989Gear list
Like?
Re: thanks for the reminder...
In reply to Isabel Cutler, Mar 15, 2013

Isabel Cutler wrote:

I do have set my computer (Windows 7) to do a backup once a week.

Isabel

Isabel -

see above highlight...   and where's it making the Backup ???????
If on your computer..you'll not be able to get to it in the case of something that stops your whole computer...  !!
Backups of course should never be on your computer itself....

-- hide signature --

/eric
Staffordshire, UK

Reply   Reply with quote   Complain
Jim Cockfield
Forum ProPosts: 14,890
Like?
Yep, it's not trying to install that toolbar...
In reply to Ho72, Mar 15, 2013

Ho72 wrote:

Isabel Cutler wrote:

The link you suggested uses the Ask Toolbar...

No it doesn't. Had you read the link more closely you would have known that. Adwcleaner is a valuable tool -- too bad you blew it off.

Yep.

AdwCleaner will remove the Ask Toolbar by default, *not* install it.

I can only assume that the OP saw the references to disabling it's removal (since the free version of AntiVir now uses it) and became confused about it how AdwCleaner works.

I would not have suggested using it if the posts about using it to remove the specific toolbar the OP installed were not from a reputable source (as you do see a lot of malicious software around anymore that claims to be designed to remove malware and adware).

Like it or not, download sites (and sometimes, software developers) are often trying to install toolbars and adware along with software you want to use by default. They make extra money by adding on those extras to software you want to install.

But, most reputable download sites give you the ability to "opt out" of those types of extras.

That was the case in the download the OP got from softtonic. The Softtonic installer for the snapeed application the OP downloaded will try to install adware toolbars by default.

But, if you pay attention, the installer *tells* you that it's going to do that. So, you just need to select the Custom (versus Express) install instead, then uncheck the box to include those programs.

I tested it myself before responding to this thread, and that's definitely the way it works (it tells you it's installing those extras and gives you a way to opt out, by using a custom install and unchecking the box to include them).

Unfortunately, most AV programs don't consider those types of installers to be malicious, because users are giving their permission to install those types of toolbars, and giving the user the ability to install the desired software without those toolbars being included.

For example, this is what over 40 AV products reported when I uploaded the installer the OP would have downloaded:

https://www.virustotal.com/en/file/8fb8cc8e1775bee1bf6d38dc2728a55313a0d5c820f412d7a63e6a2b6ec940ae/analysis/

Only two of the AV products flagged the Softtonic custom installer for Snapseed that the OP would have used.

Again, if the users are giving the installer permission to add those types of toolbars, then most AV products are not going to consider it to be malicious, especially since the installer tells you it's going to do that, and gives you the ability to "opt out".

So, as mentioned to the OP in my first post, you have to pay attention and opt out of those types of extras. Otherwise, you're just going to end up with a lot of adware related toolbars on your system.

In this case, using AdwCleaner would have been the easiest way to get rid of it, whereas trying to do something like use a Windows' Restore Point may not get rid of everything installed.

But, apparently, the OP misunderstood what the download page meant, since it gives you the option to disable detection and deletion of the Ask Toolbars that are already installed if you want to keep them for some reason, as mentioned on the download page I linked to in my first post here:

http://www.bleepingcomputer.com/download/adwcleaner/

It's certainly not trying to install the Ask toolbar; as it's specifically designed to remove it (and the same applies to similar toolbars and adware programs like the ones the OP installed by using the Softtonic custom installer for snapseed).

-- hide signature --

JimC
------

Reply   Reply with quote   Complain
malch
Forum ProPosts: 10,757
Like?
Re: Always opt out of any extras
In reply to Isabel Cutler, Mar 16, 2013

Isabel Cutler wrote:

I'd like to install Malwarebytes, which might get rid of it, but now an shaky about downloading that, figuring I might get some other stuff I don't want.

Do you know of a safe site from which to get Malwarebytes?

This is a wonderful source of freeware:

http://www.freewarefiles.com/

Here's their policy for all software submitted:

http://www.freewarefiles.com/userlogin.php

I've been using the site constantly for years and never had a problem with malware or other crapola. Highly recommended.

Reply   Reply with quote   Complain
Keyboard shortcuts:
FForum MMy threads