Help. My wife installed this Whitesmoke toolbar. How do I get it the hell off my computer?

I can't seem to find it in the list of programs in the install/uninstall/change menu. How do I drop a freaking nuke on this sh1t?

Kapersky TDSS killer seems to be the way to go. From what I can tell, it's tied into that somehow or other, but I didn't do a very through read of what's out there.

It may not be your wife; apparently that's usually installed by malware authors to make money. You might have been nailed by the recent Java exploit, for instance. (see the Java thread here in the forum; it's a very bad compromise.)

The only way to be absolutely certain that a compromised computer is clean is to back it up, reformat and reinstall, install a good virus checker, and then restore your data. If you're willing to settle for less than certainty, you can probably clean it with the instructions here, but I make absolutely no promises that they will actually work, nor that you'll successfully remove whatever malware installed that toolbar.

TDSSKiller is a good idea, followed by scans from MalwareBytes and SuperAntiSpyware. I might also suggest ComboFix, though that's a bit more advanced. As Malor said, WhiteSmoke itself is not spyware (though it is a scummy program) but something else probably installed it. If those all do their thing, you're likely fine but there is no way to be 100% certain. In my experience, those utilities are enough to knock out the majority of things but no one can guarantee that. If you continue to see any behaviour outside the norm when using the machine after running those, a reload should be in order for sure.

You could also try the forums at http://www.lavasoftsupport.com/index...

I have had success with them before cleaning out something my wife got infected with. They do have specific formats for posting and whatnot, so read all the stickies before you do anything.

mudbunny wrote:

before cleaning out something my wife got infected with.

0_0

fleabagmatt wrote:
mudbunny wrote:

before cleaning out something my wife got infected with.

0_0

Your comment coupled with your avatar made me literally laugh out loud.

If it appears to be stuck in the profile, rename the profile (\paleo to \paleo.old)
Then copy and rename the \default user to \paleo
Then reboot and login and you should have a new blank profile sans whitesmoke
Then copy the documents, desktop, pictures, music, videos from \paleo.old to \paleo

Then run tdsskiller and malware or other virus software you have.

Assuming that it was delivered by underlying malware, it will likely just reinstall Whitesmoke into the new profile.