NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Dotcomtoolbar. Description and removal instructions

 
Title: Dotcomtoolbar
Type: Spyware
Severity scale:Dotcomtoolbar severity is 39  (39 / 100)
 
Dotcomtoolbar is a spyware parasite that tracks user Internet activity by recording addresses of all web sites the user visits. The threat also logs an IP address of a compromised computer and changes Internet Explorer default home and search pages as well as its other essential settings. Dotcomtoolbar silently transfers gathered data to predefined remote servers. The parasite can get into the system while visiting some insecure web sites. It can also be manually installed. Dotcomtoolbar runs on every Windows startup.

FORUM:
Discuss Dotcomtoolbar in
spyware removal forum

Dotcomtoolbar properties:
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Dotcomtoolbar removal:

remover for Dotcomtoolbar

Dotcomtoolbar manual removal:

Kill processes:
redirect[XVS].exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\redirect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant=explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant=[site address]
HKEY_CLASSES_ROOT\GoRSDN.ContextItem
HKEY_CLASSES_ROOT\GoRSDN.ContextItem.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\ToolBand.hits
HKEY_CLASSES_ROOT\ToolBand.hits.1
HKEY_CLASSES_ROOT\CLSID\{29DD1EA6-1FDA-44A4-B083-C9900547BC48}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95C27C}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{7C479D09-1280-41D2-945F-2377736B8CF7}
HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5F1ABCDB-A875-46C1-8345-B72A4567E486}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&RSDN Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5F1ABCDB-A875-46C1-8345-B72A4567E486}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F1ABCDB-A875-46C1-8345-B72A4567E483}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\%Windir%/Downloaded Program Files/toolbar_nieuw14.dll
HKEY_CURRENT_USER\Software\DotComToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DotComToolbar
HELP:
how to remove registry entries

Unregister DLLs:
toolbar_nieuw14.dll
HELP:
how to unregister malicious DLLs

Delete files:
redirect[XVS].exe, toolbar_nieuw14.dll
HELP:
how to remove harmful files

Misc:
[XVS] is the version number.

The toolbar_nieuw14.dll file can be found in C:\Windows\Downloaded Program Files or C:\Winnt\Downloaded Program Files folder.

Other programs to remove Dotcomtoolbar:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 22/09/05

Additional resources related to Dotcomtoolbar:

Attention: If you know or you have a website or page about Dotcomtoolbar removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Dotcomtoolbar parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. Dotcomtoolbar - nl toolbar by Knight. 2005-02-28 03:02:18
sorry, but there was no registry key or entry of that name. its still in the add/remove programs list. very frustrating. xp service pack 2, antivir xp, ad-aware, spybot search and destroyand spyware blaster are no defense against it. I agree with the above "guests" 110%. grrrrrrrrrrrrrr

2. by Guest. 2004-05-29 19:05:40
It's like an insect that never goes away. The criminals responsible for this spyware should be executed by firing squad on television worldwide

3. by Tommy. 2004-03-02 10:00:49
It does following:

Adds the value:
'redirect'='' on the registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

If a user accesses a Web site, it hooks the URL and changes it to:

www.dotcomtoolbar.com/redirect/url.asp?url=

Which allows www.dotcomtoolbar.com to log your IP address and visiting URL.

4. by Dave Spafford. 2004-03-23 21:03:28
This spyware did not get rid of the dotcomtoolbar

5. by Guest. 2004-03-17 20:03:35
pain in the ass
Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.