Getting rid of ‘The Best Offers’ annoyance

The Best Offers is this annoying program that causes ‘context sensitive’ Pop-up advertisements to appear on your computer. Typically, it lies dormant until you actively do something with your browser. Once this happens, you’ll get scores of popup’s and not to mention an alarming reduction in your computer processing speed. The freakin thing is designed to be stealthy and robust.
I am really really careful about loading stuff onto my computer but this one somehow got past all my security measures. It is really a public nuisance (even though they swear they use legal methods to gain access into your computer).

After hours of struggle and tracing the problem, I finally got rid of it! Here’s how:

1. First of all: do not bother using the web based uninstall method they provide. If you use the control panel->add/remove programs, they will tell you to download an uninstaller that claims to remove the wretched program from your computer. It just does not work 😦

2. Type in ‘msconfig’ on your Start->Run dialog

3. Click on the ‘Startup’ tab and uncheck items that seem suspicious.. like ‘dinst’ or ‘lutowbb’ or ‘nail’

4. Go to the C:/windows directory (This ofcourse depends on the drive on which windows in installed) and delete application programs that seem suspicious.. I had a file named ‘gvbayxarrjq.exe’ that had an icon similar to the one that pop’s when ‘The Best Offer’ ad came on. Other files to delete are ‘gvbayxarrjq.ico’ ,‘dinst.exe’, ‘nail.exe’, dsr.exe, dsr.dll

5. Open internet explorer, click on Tools -> Manage Add-ons. Uncheck addons that you don’t easily recognize (like dsr.dll)

6. Now, open the system registry using ‘Regedit’.

  • Search for ‘Nail.exe’.. If your registry has been hijacked, you will find an occurrence under this folder:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
The Shell value should only have ‘Explorer.exe’
Delete everything following ‘Explorer.exe’

  • Search for ‘dinst

Get rid of registry values that have reference to this file

  • Search for ‘Aurora

Delete the entire registry folder that holds key values for ‘Aurora’. All values are generally garbled.. so you will see junk characters.

  • Search for ‘gvbayxarrjq.exe

Delete all references

  • Search for ‘bsto-1

Delete the entire folder. This contains information used by the ‘best offer’ program

7. Almost done.. Now, go to the lavasoft website and download and install a copy of ‘Adaware’.

8. Also, click on the ‘Add-ons’ link on their website and download the addon for ‘VX2 cleaner’

9. Run ‘Adaware’. Delete all files returned as security threats.

10. Reboot your computer.

11. Run Adaware again

Hopefully, you should have a clean computer.  

All the best !
    

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s