[Tracbutler]

Hi,
I had downloaded "BitDownload" and I don't want it any more. So I tryed to uninstall the program
but the next time I turned my computer it was still on there! No matter what I do the stupid program
won't leave. What do I do? Can you help me? I want a fast computer not a slow one.
Thank you for your time.
Tracbutler

[MysteryFCM]

I'm running the program's installer through the sandbox at the moment and should have removal instructions for you soon.

In the meantime, I'd strongly recommend running an anti-malware program such as AVGAS as BitDownload will infect your machine with Win32/Busky.C (ident: CounterSpy);

http://www.ewido.net

The following is from the BitDownload FAQ and does not inspire confidence;

Quote

How can I uninstall the sponsor program?
To uninstall the sponsor, simply go in the "Add/Remove Programs" window, select "Cidhelp" and follow the instructions.
If the sponsor was installed but damaged by a third party program, the uninstaller will inform you of the problem. In that case, the easiest procedure is generally to disable your anti-adware/spyware, reinstall BitDownload with its sponsor and launch the uninstaller again, this will ensure that nothing interferes with the proper uninstallation of the program. When launched, the sponsor´s uninstaller will simply ask you to confirm the number displayed on screen and will then proceed with the uninstallation. You can then re-enable your anti-adware/spyware product and contact them about the problem you experienced because of their improper removal of Cidhelp files.

Contrary to the information they provide, DO NOT disable your security software.

As an addendum, my friend Enigmax has a page on his site concerning another BitTorrent client that bundles this rubbish;

http://torrentfreak....stalls-malware/

This post has been edited by MysteryFCM: 05 May 2007 - 02:33 AM

[MysteryFCM]

From what I've found, the following need deleted as the uninstaller does not remove them;

[drive]\Program Files\BitDownload
[drive]\Documents and Settings\YOUR_PROFILE\Application Data\RDR time
[drive]\Documents and Settings\YOUR_PROFILE\Favorites\ Cool Stuff
[drive]\Documents and Settings\All Users\Start Menu\Programs\BitDownload

Tip: You can use a short cut to the profile folder by typing %userprofile% into Start > Run

This will need to be done in Safe Mode as the program has a stranglehold on them otherwise.

http://www.microsoft...t_failsafe.mspx

Note, this program also changes your HOSTS file so this will also need to be reset.

You can reset the HOSTS file by replacing it with the default Windows HOSTS file from;

http://support.it-ma...inDef_Hosts.zip

WinDef_Hosts.zip will need to be extracted to;

[drive]\Windows\System32\Drivers\etc

* [drive] indicated the default Windows drive (e.g. C:\)

Because of the mess it made, I'm not going to provide manual registry removal instructions.Instead I'd recommend both running a registry cleaner such as RegCleaner;

http://freeware.it-m..._Maintenance#84

... and posting a HiJack This and AVGAS report;

http://forum.securit...php?showtopic=4
http://forum.securit...php?showtopic=3

A report on what changes were made to my test system by this program is available at;

http://mysteryfcm.co...up-0001.exe.txt

[AndyAtHull]

Hello Tracbutler,

First I'd like to thank MysteryFCM for his contribution and fantastic information, the thoroughness of which shows how difficult this can be to remove.

Something like this is not recommended for the in-experienced to try and remove on their own. So with that in mind I would appriciate a HijackThis log for review so we can see if anything else is included with the problem in question and get your system back in your control.

Click on this link ---> http://forum.securit...php?showtopic=3 - And post a reply to this topic.

Andy

[AndyAtHull]

Hello, how are things? Do you still require help?

[Tracbutler]

HI,
Sad to say that I'm back.
If you do not remeber I'm the one
who can not get rid of "BitDownload"
I did everything I was suppoes to do.
But still, it won't go away. maybe
someone can try and help me again.
Thank you for your time.

Tracbutler

[AndyAtHull]

Please post a HJT log from the guide in the link below;

http://forum.securit...php?showtopic=3

Post it in a reply to here and I'll then analyze and help you.

Andy

[Tracbutler]

Hi Andy,
Can you please help me?
This stupid computer(or person
trying to use it) isn't working to
well. I've tried to get rid of this
BitDownload thing, no matter
what I do it comes right back.
Thank you for your time

Tracbutler

[AndyAtHull]

Hello again, I've merged your new topic with your old one. Please click Add Reply to this topic for any questions and answers.

Again click on this link - http://forum.securit...php?showtopic=3 - to produce a HJT log so I can then analyze it and propose a fix to remove bitdownload and anything else I may find that it bad.

Please post a HJT log to this topic using the Add Reply button

Andy

[AndyAtHull]

Hello, how are you getting on?

[AndyAtHull]

Whilst we appriciate you are busy it has been 10 days or more since we heard from you. Fresh fixes will now have to be given as malware can change during this period.

Please send an e-mail if you require this thread to be opened to: admin AT securitycadets DOT com. "AT" being "@" and "DOT" being replaced with "." - Make sure you include a valid link when doing so. Or just start a new thread.

If we helped you in any way, you can Donate and support this site. Donation is not a requirement.

You can also post a Feedback Message on the help you received.