Now, its time to help those computers which are struggling to remove another toolbar, called Chameleon. As mentioned in a previous post about removing SweetIM toolbar, now it is time to attack "ChameleonTom.toolbar".
The reason why you should remove this is really important! This toolbar automatically tries to get information like name and phone numbers of the user and forwards it to third party named Smiley media. So if you're infected by this, do make sure you remove it. It installs without informing you and installs another thing called FlvTube.Toolbar with it.
Now lets start with the removal process.
Use Windows Explorer to go to "<$PROGRAMFILES>\ChameleonTom". Now, delete the following files inside it:
about.gif
ct.htm
hoticon.ico
menu_en.htm
menu_ru.htm
UninstallChamTom.exe
wit4ie.dll
witapi.js
witmain.js
Chameleon Tom Web Site.url
Uninstall Chameleon Tom.lnk
Make sure you delete the "ChameleonTom" folder.
Now, run regedit.exe in Windows and remove all registry entries related to the toolbar. Delete the folliwing entries:
Finally, I would like to recommend a software called Spybot-S&D which is free, and helps you to keep your computer clean of such things. You can download it from their official page here.
The reason why you should remove this is really important! This toolbar automatically tries to get information like name and phone numbers of the user and forwards it to third party named Smiley media. So if you're infected by this, do make sure you remove it. It installs without informing you and installs another thing called FlvTube.Toolbar with it.
Now lets start with the removal process.
Use Windows Explorer to go to "<$PROGRAMFILES>\ChameleonTom". Now, delete the following files inside it:
about.gif
ct.htm
hoticon.ico
menu_en.htm
menu_ru.htm
UninstallChamTom.exe
wit4ie.dll
witapi.js
witmain.js
Chameleon Tom Web Site.url
Uninstall Chameleon Tom.lnk
Make sure you delete the "ChameleonTom" folder.
Now, run regedit.exe in Windows and remove all registry entries related to the toolbar. Delete the folliwing entries:
- HKEY_CLASSES_ROOT\ named "wit4ie.WitBHO.1", plus associated values.
- HKEY_CLASSES_ROOT\ named "wit4ie.WitBHO", plus associated values.
- "{14CD42DD-ABCD-3586-DCAB-40E3693E3737}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\"
- "{20EDC024-43C5-423E-B7F5-FD93523E0D9F}" at "HKEY_CLASSES_ROOT\AppID\"
- "{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}" at "HKEY_CLASSES_ROOT\CLSID\"
- "{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
- "{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}" at"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\"
- "{9732E648-5755-43ED-9003-9E835D22CFE7}" at "HKEY_CLASSES_ROOT\Interface\
- "{E7767193-0A2F-4AFE-BAF4-288366162E48}" at "HKEY_CLASSES_ROOT\TypeLib\"
- "wit" at "HKEY_CURRENT_USER\Software\"
- "wit4ie.DLL" at "HKEY_CLASSES_ROOT\AppID\"
Finally, I would like to recommend a software called Spybot-S&D which is free, and helps you to keep your computer clean of such things. You can download it from their official page here.
"{14CD42DD-ABCD-3586-DCAB-40E3693E3737}" was not found in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\"
ReplyDeleteHowever, "{14CD42DD-ABCD-3586-DCAB-40E3693E3737}" was found in "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping"
Do I still delete?
I will suggest you not to delete it as I am not sure what it can do.
DeleteI suggest you to use Spybot S&D.