I'm hoping this matter is OK to bring up in this forum.

ClamWin found the following:

C:\Documents and Settings\Tracy\Local Settings\Temp\NERO14399\Toolbar.exe: Adware.Search-2 FOUND

C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL: Adware.Search-2 FOUND

They were both described as infected files.

The first one, along with its enclosing folder, NERO14399, I trashed. I'd had a trial version of NERO 8 the last traces of which I thought I'd scoured from my machine.

The second one however, I returned to its "1.bin" folder because It wasn't permitted to trash it. How can I deal with it? Is it really an important file that can't be moved?

Here's a link to some info on A-Squared referencing filename 1.bin: https://www.emsisoft.com/en/malware/?Adware.Win32.MyWebSearch+Toolbar . It appears to be malware. The name just doesn't look like a legit file to me, and according to A-Squared, it is some kind of toolbar, and it is associated with many other files--like much of the trojan ad/spyware is today. You cold upload the file to Jotti for a free scan there with multiple AVs--my rule is if four or more AVs find malware, it probably is. If so, delete it manually.

You can do a search on Google for any unknown filenames. It and Jotti are good tools for virus hunting.

Regards,

Thanks for the heads up, GB. How do I delete it manually? I tried putting it in the Recycle Bin, but my attempt was denied.

And are you saying that it's the "1.bin" thing that's the culprit? I had assumed, without any expertise in these matters, that it was the "ASKTBAR.DLL" that needed dealing with. If I should delete the "1.bin" thing then I'll concentrate on that, once I've tried the free online scans you mention.

Try booting in safe mode (pressing F8 on Windows startup) and delete it there. It probably has some process running that prevents you from deleting the folder.

You probably do, but make sure you have Administrator rights when trying to delete the files.

I'll try that, budtse. Is it the "1.bin" that I delete or just the "ASKTBAR.DLL"?

Here is a link to complete self-removal of MyWebSearch toolbar and an explanation of what it does:

https://www.bleepingcomputer.com/forums/topic69886.html . Run another ClamWin scan afterwards to be sure. You might also install a specific anti-spyware program if you don't use one already. Spyware Blaster is a good fee one that doesn't use any memory, and Windows Defender is a decent real-time anti-spyware scanner--it's unintrusive. They should work well together because they go about it different ways.

Regards,

I followed your link, GB, and everything went fine, until I found I couldn't use my keyboard in Safe Mode. I have a new iMac with the thin aluminium keyboard and it's a USB connection. No dice.

The result of the scan I did originally, namely:

C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL: Adware.Search-2 FOUND

... the Program Files folder is locked. Assuming I can get at it in Safe Mode, should I trash the 'AskTBar' folder that contains the '1.bin' folder etc?

Slowly making progress, but it's all uphill for me.

It looks like I didn't give you the link I intended to. I've put the information you need below. If it doesn't work, try dowloading a trial version of Prevyx antimalware and/or one of the good antispyware programs--like CounterSpy or SuperAntiSpyware. I would prefer to use them instead of Spybot S&D/Ad-aware. Regards/Good luck!

First, uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way
4) Reboot your Computer and run HijackThis

5) With HijackThis, scan for and fix any of the entries shown above that may be remaining.

6) Next, open My Computer, Drive C, and double-click on the Program Files folder

7) Right-click and delete the folders for:

FunWebProducts

MyWebSearch

8) MyWebSearch should now be completely uninstalled from your computer.

9) There will be some minor registry entries left behind by the uninstall, however these can be cleaned up by running SpyBot Search and Destroy or Ad-Aware SE or left alone.