Newbie dot Org HomePage
Visit one of our web buddies
how to uninstall eanthology
cruz

03/24/03
HOW DO I UNINSTALL eanthology
nobody special

04/11/03
do a google search for "how to uninstall eanthology " im pretty sure a page comes up you have to uninstall it from their site.. here i found this on google it might help http://www.freelists.org/archives/hackfix-virushelp/11-2002/msg00028.html
there is a way cuz ive had this problem before and you get about 50 million pop ups with it...very annoying..goodluck
Carlos Oliveira
caos.oliveira@sapo.pt
08/15/03
Help me to uninstall eanthology, because i think this a very serious problem to my pc.
snowman

08/15/03
To get rid of it download install update and run
Spybot search & destroy.

If you want background on it and have an hour or two read this massive thread:
http://www.dslreports.com/forum/remark,4498348~root=security,1~mode=flat

Sherry Baker

08/18/03
Uninstall eanthology
I WANT THIS PROGRAM DELETED FROM MY COMPUTER IMMEDIATELY AS I ALREADY HAVE SECURITY INFORMATION ON MY COMPUTER - THIS SITE IS ANNOYING TO ME AT THIS POINT BECAUSE I CAN'T SEEM TO GET RID OF THIS RIDICULOUS eanthology CRAP! FINAL NOTICE BEFORE I CONTACT AOL ABOUT THIS PROGRAM!
Frank

08/18/03
Are people with eanthology on their computers brain dead?

What the bleep makes you think threats posted on an independent forum will have any effect on the computer named.

Here's an idea, "HOW ABOUT GOING TO THE COMPANIES WEBSITE?"

I know it is frustrating having an unwanted piece of trash program on your computer. But don't let that strip you of your common sense. Go to their website.

http://www.eanthology.net/

neha
rehana_15@hotmail.com
08/19/03
i want to uninstall bonzibuddy software programme from my computer,but add/remove programme messaged when i tried to remove"could not open INSTALL.LOG file"tell me how can i remove it?
Shaifali
emailshaifali@yahoo.com
08/21/03
I want to uninstall eanthology...please help me!!!
iba

11/04/03
how to uninstall eanthology!!
THIS WORKS:
http://www.buttonware.net/pub/download/qa/AllUninst.com
cynthia taylor
cc1953@sbcglobal.net
11/15/03
I want to uninstall all of eanthology programs
muniguy

01/03/04
http://www.buttonware.net/pub/download/qa/AllUninst.com
Mark

01/07/04
eanthology... I know what you mean. I've been able to get rid of it. It took me hours (research and work). I posted something a few days ago here, in a thread named :"Removal of eanthology icon from systray". Check it out. Good luck, this one's a real bitch. http://www.newbie.org/help/messages/5549.html
Mark

01/07/04
By the way, I forgot to mention that if you use Win XP or ME, please disable "System Restore" before attempting removal (eanthology loads a trojan that can hide in "Restore"). Once you're done, go back (right-click "My Computer"> Properties) and enable "Restore" again.
Anna
annaleu@hotmail.com
01/22/04
I deleted all the acceleration programs, eanthology folders, oodiz, syspatch_install, email_update, ws_uninst,threatscan, regsvr32.exe from anthology, and StopSign folders that I could find (these are all part of StopSign's vicious program) but was unable to delete three items from acceleration folder so I looked at their properties and clicked on 'read only'. I haven't seen any more junk from them on this computer so far after two days. Wish I had read the post to turn off the system restore first!!!
Mark

01/22/04
Hey Anna. I don't know which method you used to remove eanthology, but I need to ask if you did the "search" for *eanth*.* and if you ran SpyBot after removal. You should be completely rid of that %*&%!! thing, because it's notorious for coming back... I posted a comprehensive removal technique (look 3 posts up, follow my link to the other thread).

I'll be around if you need anything. I want your machine to be clean from eanthology. Period!!!

MyName

01/26/04
After uninstalling with ADD/REMOVE and CLEANING TOOL from their web site, I have found 17 FILES and 2 FOLDER of their software in C:\Documents and Settings\MyName\Local Settings\Temp (oodlz_install.exe, eanth_setup.exe,StopSign_install-r.exe, etc.). ADVICE!Go to the www.pestpatrol.com and read everything about Stop-Sign,eanthology etc. Also,download FREE REMOVER "Ad-aware 6.0" from Lavasoft web page!
trunewbie

01/27/04
I tried the buttonware.net/blahblahblah and came up with a page that says the site no longer exists. Hitting refresh only takes me to a site where I can download all the crap I'm trying to get rid of. Now what?
Mark

01/27/04
Is there a question? What exactly is your problem? Which crap are you talking about... (my crystal ball is out today, sorry!)
fish

01/27/04
If all else fails and despite removal instructions you still do not know how to get this trash off your comp, download Ad-Aware 6.0 from downloads.com. It finds the eanthology files and gives you the option to quarantine them preventing them downloading more -- onto your comp
trunewbie

01/27/04
thanx fish will try Ad-Aware
Mark

01/27/04
If you are fully infected with eanthology (which you never mentionned), Ad-Aware will not remove it. There's a technique to follow; a short one if you're lucky.
TryThis

01/28/04
After running the Stop-Sign Uninstall, you will need to remove the following objects manually.


Stop Running Processes:

Kill these running processes with Task Manager:

programfilesdir+\acceleration software\anti-virus\defscangui.exe
programfilesdir+\acceleration software\anti-virus\email_update.exe
programfilesdir+\acceleration software\anti-virus\ws_uninst.exe
programfilesdir+\acceleration software\StopSign\regsvr32.exe
programfilesdir+\acceleration software\StopSign\ss_uninst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\dv_uninst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\inst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\lspmonitor.exe
programfilesdir+\acceleration software\StopSign\velozdefender\regsvr32.exe
programfilesdir+\acceleration software\StopSign\velozdefender\veloz.exe
programfilesdir+\acceleration software\StopSign\velozdefender\velozsys.exe
programfilesdir+\acceleration software\StopSign\velozdefender\webcel.exe
programfilesdir+\common files\eacceleration\+cs_def.exe
programfilesdir+\common files\eacceleration\cs_def.exe
programfilesdir+\common files\eacceleration\cs_t4c.exe
programfilesdir+\common files\eacceleration\eanthcomponents\defscan_install-r.exe
programfilesdir+\common files\eacceleration\eanthcomponents\StopSign_install-r.exe
programfilesdir+\common files\eacceleration\eanthology.exe
programfilesdir+\common files\eacceleration\eanthology_updater2.exe
programfilesdir+\common files\eacceleration\raven_defs.exe
programfilesdir+\common files\eacceleration\raven_sss.exe
programfilesdir+\common files\eacceleration\raven_t4cs.exe
programfilesdir+\common files\eacceleration\raven_vlzs.exe
programfilesdir+\common files\eacceleration\regsvr32.exe
programfilesdir+\the 4th coming\expand.exe
programfilesdir+\the 4th coming\t4c.exe
programfilesdir+\the 4th coming\thefourthcoming.exe
programfilesdir+\the 4th coming\webpatch.exe
programfilesdir+\the 4th coming\wrapper.exe
programfilesdir+\the 4th coming\wupdate.exeasicutil2.exe
cnry.exe
crafty.exe
defscan_install.exe
eanth_setup-b.exe
lserver.exe
nbmanager.exe
netbutler.exe
netbutler_install.exe
oodlz.exe
oodlz_install.exe
setup.exe
ss_uni~1.exe
threatscan_setup-b.exe
veloz_install-r.exe
wren.exe
wupdate.exe
zeus.exe
zeus_install.exe
zmanager.exe

Unregister DLLs:

Unregister these DLLs with Regsvr32, then reboot:

programfilesdir+\acceleration software\anti-virus\ dsshell.dll
programfilesdir+\acceleration software\anti-virus\ddsshell.dll
programfilesdir+\acceleration software\anti-virus\dfndr32.dll
programfilesdir+\acceleration software\anti-virus\eac_mindef.dll
programfilesdir+\acceleration software\anti-virus\ealook.dll
programfilesdir+\acceleration software\anti-virus\scancore.dll
programfilesdir+\acceleration software\anti-virus\vclnr.dll
programfilesdir+\acceleration software\StopSign\velozdefender\compat.dll
programfilesdir+\acceleration software\StopSign\velozdefender\defender.dll
programfilesdir+\acceleration software\StopSign\velozdefender\emailset.dll
programfilesdir+\acceleration software\StopSign\velozdefender\eudora.dll
programfilesdir+\acceleration software\StopSign\velozdefender\gen.dll
programfilesdir+\acceleration software\StopSign\velozdefender\netscape.dll
programfilesdir+\acceleration software\StopSign\velozdefender\outlook.dll
programfilesdir+\acceleration software\StopSign\velozdefender\outlooko.dll
programfilesdir+\acceleration software\StopSign\velozdefender\settings.dll
programfilesdir+\acceleration software\StopSign\velozdefender\spamfilter.dll
programfilesdir+\acceleration software\StopSign\velozdefender\spamprobe.dll
programfilesdir+\acceleration software\StopSign\velozdefender\sporder.dll
programfilesdir+\acceleration software\StopSign\velozdefender\strings.dll
programfilesdir+\acceleration software\StopSign\velozdefender\tlayer2.dll
programfilesdir+\acceleration software\StopSign\webcbrowse.dll
programfilesdir+\common files\eacceleration\eanthmngr.dll
programfilesdir+\the 4th coming\emsmtp.dll
programfilesdir+\the 4th coming\patchw32.dllasiclayer.dll
asiczres.dll
asiczshl.dll
dsshell.dll
gameai.dll
games.dll
installdll.dll
konx.dll
netbutlerlocal.dll
oodlz.dll
oodlzx.dll

Clean Registry:

Remove these registry items (if present) with RegEdit:

HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\StopSignrcs
HKEY_CLASSES_ROOT\clsid\{3e072ab7-3cda-4536-8afd-56b0fe6846b4}
HKEY_CLASSES_ROOT\clsid\{459729ac-727d-4d97-b18a-72ee224efec0}
HKEY_CLASSES_ROOT\clsid\{46d570d9-71c8-44e5-a76c-aadfe94442ca}
HKEY_CLASSES_ROOT\clsid\{615ad67a-25f6-4e0c-ad06-e29f4a90daba}
HKEY_CLASSES_ROOT\clsid\{6acd11bd-4ca0-4283-a8d8-872b9ba289b6}
HKEY_CLASSES_ROOT\clsid\{878c1976-66ab-4454-a9b1-40cd594ac223}
HKEY_CLASSES_ROOT\clsid\{963dd0ff-4836-4de4-9590-d7efe8f62f8d}
HKEY_CLASSES_ROOT\clsid\{b897be6a-0729-4d3b-bbda-377a296ae446}
HKEY_CLASSES_ROOT\clsid\{bb80b457-f3f6-4992-a0c3-a128d58c7fb2}
HKEY_CLASSES_ROOT\clsid\{d951b1f4-7399-426a-a925-d2c41fcf2002}
HKEY_CLASSES_ROOT\clsid\{e6a8ee26-1fad-431c-99d6-8dba1e25cd72}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6acd11bd-4ca0-4283-a8d8-872b9ba289b6}
HKEY_LOCAL_MACHINE\clsid\{6acd11bd-4ca0-4283-a8d8-872b9ba289b6}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\eanthologyapp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\StopSigneac

Remove Files:

Remove these files (if present) with Windows Explorer:

c:\documents and settings\all users\desktop\t4c manual.lnk
c:\documents and settings\all users\desktop\the 4th coming.lnk
desktopdir+\scan now for viruses and threats.lnk
programfilesdir+\acceleration software\anti-virus\ dsshell.dll
programfilesdir+\acceleration software\anti-virus\ddsshell.dll
programfilesdir+\acceleration software\anti-virus\defscangui.exe
programfilesdir+\acceleration software\anti-virus\dfndr32.dll
programfilesdir+\acceleration software\anti-virus\eac_mindef.dll
programfilesdir+\acceleration software\anti-virus\ealook.dll
programfilesdir+\acceleration software\anti-virus\email_update.exe
programfilesdir+\acceleration software\anti-virus\scancore.dll
programfilesdir+\acceleration software\anti-virus\vclnr.dll
programfilesdir+\acceleration software\anti-virus\ws_uninst.exe
programfilesdir+\acceleration software\oodlz\arcade.htm
programfilesdir+\acceleration software\StopSign\regsvr32.exe
programfilesdir+\acceleration software\StopSign\ss_uninst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\compat.dll
programfilesdir+\acceleration software\StopSign\velozdefender\defender.dll
programfilesdir+\acceleration software\StopSign\velozdefender\dv_uninst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\emailset.dll
programfilesdir+\acceleration software\StopSign\velozdefender\eudora.dll
programfilesdir+\acceleration software\StopSign\velozdefender\gen.dll
programfilesdir+\acceleration software\StopSign\velozdefender\inst.exe
programfilesdir+\acceleration software\StopSign\velozdefender\lspmonitor.exe
programfilesdir+\acceleration software\StopSign\velozdefender\netscape.dll
programfilesdir+\acceleration software\StopSign\velozdefender\outlook.dll
programfilesdir+\acceleration software\StopSign\velozdefender\outlooko.dll
programfilesdir+\acceleration software\StopSign\velozdefender\regsvr32.exe
programfilesdir+\acceleration software\StopSign\velozdefender\settings.dll
programfilesdir+\acceleration software\StopSign\velozdefender\spamfilter.dll
programfilesdir+\acceleration software\StopSign\velozdefender\spamprobe.dll
programfilesdir+\acceleration software\StopSign\velozdefender\sporder.dll
programfilesdir+\acceleration software\StopSign\velozdefender\strings.dll
programfilesdir+\acceleration software\StopSign\velozdefender\tlayer2.dll
programfilesdir+\acceleration software\StopSign\velozdefender\veloz.exe
programfilesdir+\acceleration software\StopSign\velozdefender\velozsys.exe
programfilesdir+\acceleration software\StopSign\velozdefender\webcel.exe
programfilesdir+\acceleration software\StopSign\webcbrowse.dll
programfilesdir+\common files\eacceleration\+cs_def.exe
programfilesdir+\common files\eacceleration\cs_def.exe
programfilesdir+\common files\eacceleration\cs_t4c.exe
programfilesdir+\common files\eacceleration\eanthcomponents\defscan_install-r.exe
programfilesdir+\common files\eacceleration\eanthcomponents\StopSign_install-r.exe
programfilesdir+\common files\eacceleration\eanthmngr.dll
programfilesdir+\common files\eacceleration\eanthology.exe
programfilesdir+\common files\eacceleration\eanthologyapp_update.exe.chk
programfilesdir+\common files\eacceleration\eanthology_updater2.exe
programfilesdir+\common files\eacceleration\license.txt
programfilesdir+\common files\eacceleration\raven_defs.exe
programfilesdir+\common files\eacceleration\raven_sss.exe
programfilesdir+\common files\eacceleration\raven_t4cs.exe
programfilesdir+\common files\eacceleration\raven_vlzs.exe
programfilesdir+\common files\eacceleration\regsvr32.exe
programfilesdir+\the 4th coming\emsmtp.dll
programfilesdir+\the 4th coming\expand.exe
programfilesdir+\the 4th coming\patchw32.dll
programfilesdir+\the 4th coming\t4c.exe
programfilesdir+\the 4th coming\thefourthcoming.exe
programfilesdir+\the 4th coming\webpatch.exe
programfilesdir+\the 4th coming\wrapper.exe
programfilesdir+\the 4th coming\wupdate.exeallowedpopupurls.txt
asiclayer.dll
asicutil2.exe
asiczres.dll
asiczshl.dll
aware.cnr
blockedpopupurls.txt
bonzibuddy.cnr
clnrchk.dat
cnry.exe
cometcursor.cnr
cookies.cnr
crafty.exe
defscan_install.exe
defscan_setup2.exe.chk
dsshell.dll
eac_clnrfset.dat
eanth_setup-b.exe
english.elng
ezula.cnr
fscan.dat
gameai.dll
games.dll
games.ini
glc2.tmp
gohip.cnr
installdll.dll
isp.pcx
konx.dll
lserver.exe
nbmanager.exe
netbutler.exe
netbutlerlocal.dll
netbutler_install.exe
oodlz.dll
oodlz.exe
oodlzx.dll
oodlz_install.exe
sdfc.tmp
setup.exe
spyware.cnr
ss_uni~1.exe
threatscan_setup-b.exe
vclnr.cnr
vclnr2.cnr
veloz_install-r.exe
words.db
wren.exe
wupdate.exe
zeus.exe
zeus_install.exe
zmanager.exe
~df1e4.tmp

Remove Directories:

Remove these directories (if present) with Windows Explorer:

programfilesdir+\the 4th coming

Mark

01/28/04
WOW! I thought I'd seen them all!! Where did you get that method?

I've got a much simpler one, perhaps not as thourough... but accessible to newbies!! I've posted it before, but I'll post it again if the need arises.

Folks who read your post will want to dump their box in the trash.

Help is always appreciated. If some users are comfy with your method, they can give it a whack.

TryThis

01/28/04
1. Uninstall eacceleration products with StopSign add/remover.
It will not remove everything, like OOdlz.exe. If you succeed to
remove it manualy, it will download itself from internet again.

2. Go to their web site and download cleaning tool.Run it.
It will not remove everything like some keys in registry,files and
folders in c:\pfogram files\document and settings\YourName\local settings\Temp
(folders:EACDownload,EanthComponents ;files: crny.exe, EANTHO~1.EXE , EANTHT~1.EXE
EACDownloadeanthtutor_install.exe ...). It will not delete ActiveX controls in
c:\windows\downloaded program files. Delete it manualy (all ActiveX are safe to
remove).

3. Go to Lavasoft web site and download Ad-aware 6.0. Update it. Run it.
Ad-aware will not remove all files.

5. Go to this web site http://www.safersite.com/PestInfo/s/StopSign.asp
and read that article about StopSign. There you will learn how to remove rest
or all of the StopSign manualy.

That´s it.

If that´s no good, erase hard disc and reinstall your operating system.

Mark

01/28/04
Well, eanthology has evolved since my battle with it. So have removal techniques, from what you're telling me. I will give this a close look, because any good weapons are great to have when/if you need them.

Thanks for the heads up !! I accept all help.

Mark

01/29/04
Ok. I looked at your link from Pest Patrol. I had visited that page when I was doing my research on eanthology. Those guys want to sell their spyware remover. They show you a horrible manual removal technique, to somewhat scare you into buying their software. I don't agree with that practice... Most of the lengthy "C: Program files..." entries disappear with one mouse click. Most .dlls go when you uninstall. It's not that complicated!! Ok, maybe I didn't do a complete registry clean-up, but the program was killed and never reappeared. A good reg cleaner would finalise the job. I'm sure the Pest Patrol manual technique works, but it's not worth the aggravation...
fish

01/29/04
Mark youre right Ad Aware will not remove eanthology off your comp but most new users do not even know how to access the registry to remove it, my suggestion was a simple one allowing inexperienced users (who do not want to mess with or delete files they have no comprehension of) the chance to quarantine this pest safely. Peace out.
Mark

01/29/04
Fish, I have to run out for a few hours, but I will post back to follow-up on your comments.

Later!

Mark

01/29/04
Ok, I'm back. You're right about newbies and difficult removal techniques. However, Ad-Aware or SpyBot will only cripple eanthology a little (quarantine or not), just enough to help in the more elaborate removal procedure. Following my removal steps is possible for people with moderate skills (like me!!). I strongly suggest to have a friend or whoever with decent skills to help out if needed. It takes about 10 to 20 minutes when you follow each step. I cleaned up my sister-in-law using XP's Remote Assistance feature (she lives 400 miles away), and it took hours because she's on dial-up (which slows down Assistance to a crawl...), and I was going by trial/error!! Once done, I wrote down the sequence and posted it here. Sorry for all Newbies who are stuck with this evil program... but it can be removed by regular people in a decent amount of time.
TryThis

01/29/04
Mark, of course they want to sell you their remover. But you don't have to buy it!

The removal technique is simple and it is common technique for removing unwanted or virus infected .exe and .dll files.
To remove unwanted .exe file you just open Task Manager with Ctrl+Alt+Del and on the Processes tab find that .exe file, click on it and click End Process. Now you just delete that file. To delete .dll that denying access, for example c:\ThisFolder\ThatFolder\wantedfile.dll , click Start ,select Run and enter this:

regsvr32 /u c:\thisfolder\thatfolder\wantedfile.dll

After that reboot and delete that wanted.dll file. And that's all. One minute job.

For a registry you're right. After removing .exe and .dll files you'll have no other problems. Norton WinDoctor won't delete keys and subkeys but will delete reg entries.

There's one thing more, that about ActiveX controls. I had Download.Trojan and I was always manage to delete it, but it download itself from web again and again. Problem is that I didn't delete it's ActiveX.
Interesting thing is that Norton AntiVirus two month ago didn't recognize D.Trojan. That's the problem with antivirus programs, you must wait for update. Similar thing is with Ad-aware. Ten days ago it did not recognise eAnth , gain_trickler3202.exe (gators adware installed with bundled DivX codec), Win32Pup (downloaded by D.Trojan), but now it does recognize some files and processes.

Pointing on PP and Ad-aware site I was just trying to help others. It helped me.

Mark

01/29/04
If you find Pest Patrol's method easy, then you have way more skills than most Newbie users. That method is not simple. Put yourself in newbie shoes. Newbies should not play in the registry, nor should they play with WinDoctor. Think back to your beginner years!! Yes, that type of clean-up is effecient and thourough, but WAY out of reach for most here at Newbie. Simpler methods give you back your computer and, yes, may leave a little mess in the registry, but why go crazy over it... I don't.

Thanks for posting, and making your method available to those who can use it.

m4id3n

01/31/04
heres an option no one thought of don't mess with it in the first place. research what your downloading and installing before you do it. a simple search on google will tell you all the horror stories you need to see. even a newbie can do that.
Mark

01/31/04
m4, it's been said MANY times... but we'll never say it enough!! You can spread that opinion as many times as you want ; more newbies read it the better.
pokey

02/06/04
5 pound hammer is alot cheeper than new hardDrive,,is THIS what these hackers want to see the internet coming to?WTF?!
notsodifficult

02/06/04
Not understaing the difficulty of removing Stop-Sign... I installed the program, ran a scan which only found spy-ware (of course),and
easily uninstalled it from the add/remove program list. Is it more difficult than this...? Or am I skipping over something here?
Mark

02/06/04
eanthology, under intense pressure, have modified their uninstaller. I've read posts, on security forums, where an eanthology spokesman has admitted the company stepped beyond the line, and admitted their uninstallers were crap. They later modified the program to allow smoother uninstalls.

Is your computer completely clean ? Well, only you can answer that... If you know how to do a file search, look for eanthology or eacceleration on your hard drive. If you find nothing, you're probably clean. And lucky.

notsodifficult

02/06/04
Wouldnt be suprised if entries are still in the sys registry as well..probably some empty files on the drive too...but what software really removes itself 100% when uninstalled..?

From the posts I have read about Stop-Sign, they seem to take a lot of heat... Is it as bad as its made out to be? Seems to be legitmate by going to the stop sign webpage,
then again looks can be deceiving...

Mark

02/06/04
Deceiving is the operative word here. I have called them "Masters of Deception" for a good reason. They treat people like suckers, literally. They suck you into a free virus scan, and install a trojan through Active-X. Next thing you know, you have popups constantly flashing you with bogus virii detected on your machine. Then, once comfortably installed on your box, making you feel so lucky that they can catch all those nasty pests, they reel you in for a V.I.P. subscription. Legitimate ? Sure...
snowman

02/07/04
Well this is from their uninstall instructions
on their website http://www.eanthology.com/
click support, scroll down to uninstall

or use this tiny link: http://tinyurl.com/3f87j
(Their url for uninstall has 339 characters, means it'll probably break in forum postings) :

using the uninstall provided with the program:

5. Click OK to apply your changes. You may be prompted to restart your computer to fully uninstall all eanthology files.

BUT:

Note: Using these directions to uninstall all eanthology features does not remove eanthology Manager itself. This allows you to conveniently reinstall eanthology features when needed. If you want to uninstall the eanthology Manager as well, or if you experience difficulty uninstalling features, follow the Alternate Uninstall Instructions below.

Alternate Uninstall Instructions

Certain types of malicious programs, collectively known as Attackware, attempt to disable legitimate software. If your installation of eanthology has been compromised by Attackware, program files may have been deleted and eanthology may not uninstall properly using the above instructions. In that case, follow these instructions.

1. Open the link below in your browser.
http://www.buttonware.net/pub/download/qa/AllUninst.com

2. Click Open to automatically run the uninstall program.

What they call malicious programs (attackware) most people call ad-aware or spybot search and destroy.

They do this for a simple reason. Stop-Sign also downloads ads and asorted crap onto ypur system. The longer its on your system the more the junk.

from pest patrol:
After uninstalling StopSign, if removal is incomplete, it will continue to quietly install software when an Internet connection is present.

If it's been on the system for awhile uninstall may not remove all the junk that has been downloaded.

For now to uninstall try their alternate removal instructions followed by ad-aware or spybot scan.

notsodifficult

02/10/04
What infections are installed through activex? Is there a common one or is it random? I ran a scan and all it picked up was Spyware, could it of skipped over finding the trojan or something?
snowman

02/10/04
activex
notsodificult:

I'm glad you've scanned your machine and have only detected spyware. Quite common after Stop-Sign.
The faster you got it off, the less the spyware.

ActiveX (sometimes called Hacktivex)

ActiveX controls can do anything on the machine the user can do, they have full access to the system.
They run natively on a local machine rather than in a protected environment (sandbox); they can be accepted or rejected, but they cannot be assigned specific restrictions; and they always run with the same privileges as the user. They are, in short, a security gamble.

The controls can be executed remotely via e-mail or a Web page. The user's only defence against malicious use is to reject all of them, or to gamble and accept only those from trusted sources. One can, of course, accept even unsigned controls if one wishes; and here we have to point out that an unsigned control is no more likely to be dangerous than a signed one is to be safe.

The above taken from:
http://www.theregister.co.uk/content/4/15796.html

Which contains a link to aCERT report on Activex security. Authors of tha t report include the National Security agency, and Dept of Defence,
interesting reading:
1. ActiveX controls have more capabilities than tools that run strictly in a sandbox.
Because ActiveX controls are native code that run directly on a physical machine,
they are capable of accessing services and resources that are not available to code
that runs in a restricted environment.
Download Concerns—importing and installing controls
1. Ideally the decision to install software should be based on the capability of the
software. Currently, there is no good way to do this with ActiveX controls. Instead,
the decision must be based on the (presumed) source of the control. This is
unsatisfactory for two reasons. First, the signer of the control may not be any more
capable of assessing the control’s safety than the end user is. Second, the end user
must trust the distribution chain from the original source to the signer.
The ultimate problem with any signature scheme is that safe controls can come from
untrusted sources, and unsafe controls can come from trusted sources.
2. Signatures on ActiveX controls persist. Once an ActiveX control has been signed
by a trustworthy party, the signed control is available to attackers. If a
vulnerability is discovered in a signed ActiveX control, attackers can use the trust
relationship between the victim and the signer to introduce the vulnerable control.
Thus, a signed vulnerable control provides attackers a means to install remotely
accessible software with known vulnerabilities onto a system if they can convince
the victim to trust a “trustworthy” party.

There's lots more.
the cert report is a primary source.
Another good site, with additional links:
http://www.staff.uiuc.edu/~ehowes/info10c.htm

Basically the problem is that they are very powerful web based, and can do anything the user can do, once you've accepted the control.

Would you grant eanthology full access to your system?

Peter
petermartinmarketing@yahoo.com
02/16/04
For anyone who feels that their computer has been compromised by downloading eanthology stop sign software, you may be interested to know that there is currently a lawsuit against the maker, owner of that software & website, e-acceleration, inc., in relation to its "virus alert!" banner ad and problems encountered by download of the software. The attorneys handling it have a website if you are interested in becoming a member of the class action lawsuit- http://www.thelaw.bz/eacceleration
Mark

02/16/04
Great news, Peter ! Thanks. BTW, there's probably a mistake in the link you provided (it takes me nowhere, fast). I even tried to add ".com" at the end. No go.
Mark

02/16/04
Here's the link (requires Java)...

http://www.thelaw.bz/eaccelerationcontact.htm

Frank

02/17/04
Ya know, since 99% of the spam I get traces back to .bz domains, I've developed a deep seated distrust for any website with .bz

Paranoid? Insane? Prejudiced? Yeah..
They've trained me well. Send me a few thousand emails a week with .bz for a domain and zero legitimate business with .bz and I start to wonder.. Maybe if this company is legit they should consider getting a mirror site with a .com or .net or even a .org

Mark

02/17/04
Oh my... Someone played a nasty joke on me ? I hate putting up links I don't know much about, and I did just that with that .bz class action thing. Frank, thanks for the warning. I didn't give them my e-mail address, so I'm fine.

How can we find out if this whole thing is real, or if "Peter Marketing" is just gunning for spammers..?

Mark

02/17/04
Oops... bad choice of words, please read :

"or if Peter Marketing is just WORKING FOR spammers.."

Frank

02/17/04
I've written the company. Will see how they respond. My guess is they are just another "class action legal machine" trolling for $$$.

You do know that the only people that make money in a class action are the lawyers. They get millions and millions from the deal. The main benefit the other participants receive is some small sense of "gotcha" when the scumbag eanthology has to fork up the mulla.

However, when all is said and one, five lawyers will split $10 million and 1,000,000 users will split $20 million. They each get $5 million a piece and we each get $20 at most. Of course you'll have to fill out a ream of paperwork to prove you deserve the cut.

At least we get to watch eanthology get racked over the coals. :-)

Mark

02/17/04
That sounds good to me...

Next : Coolweb...

Thanks for the heads up, Frank.

Jean

02/23/04
Oh my...A very new newbie here..I paid for eanthology after I said I had some infected files...Well then it wouldn't delete then and all I got back for answeres and instructions was more pop ups to buy..no help forthcoming of course...Well I may be a 57 yr old lady but 57 is not my IQ so then (don't nag,I had a blond moment) I went checking...Well, I immediately cancelled my subscription. And deleted from Add/Remove also checked in search box for eanthology and eacceleration. It comes up negative. Is there anything else I have to do...Have since run McAfee, Norton, and Trend housecall...They all say I am I clean..But now I am paranoid. You guys were god sends. Oh and by the way...I learn quick..Will research first now...DAH...Thank you again for any info..Jean
Jean

02/23/04
OOps sorry about typos but just learned to type at same time..still looking for spellcheck...Jean
Mark

02/23/04
Hey Jean ! Hopefully, you got the bulk of it through "Add/Remove" ; they've apparently improved their uninstaller. To make sure, check a few more things :

Look in "Add/Remove Programs" again for any suspicious entries. Post back here if you are unsure, we'll tell you what is what.

Do a "search" for: *eanth*.*
on your hard drive. Delete everything you find (if anything). Make sure you tick "Search in hidden files and folders" under "Advanced".

Of course there may be residuals in the registry, but that's another ball game. We won't worry about it.

I admire your approach. You were had (and you're not alone...) but you've clawed your way out. EXCELLENT !!!

snowman

02/23/04
Congratulations Jean.

Here is a link to a good free antivirus if you need one:
http://www.my-etrust.com/microsoft/index.cfm?

This is a useful free program to guard against spyware nuisances:
http://www.javacoolsoftware.com/spywareblaster.html

Jean
K.Jean@Shaw.ca
02/24/04
Oh dear..you are right..there are more in there..dang. Under *eanth**, but I don't know how to get them out.When I try to right click to delete..It says cannot delete EANTHT~1 because: the specific file is being used by windows. There is the icon in front of the word..so I know it is theirs. Should I open the file to delete..Was able to just "right click" and delete the others but not this one...It says it in C windows temp..Well i went back and deleted all cookies and all temp files...but it wont go away..Darn insidious bunch of **'s. Any other hints... Also there is something called eHelp in my add/remove programme..I just deleted it ok with no problems...OHH I am so mad at myself!!!
Mark

02/24/04
You're on your way Jean ! Stop hitting yourself over the head with this !!!

That thing does spread around and protect itself.

Try this : hit the following keys in sequence, holding them down as you move to the next one :
CTRL+Alt+Delete (release all keys when Task Manager comes up)
Now, look at the "Processes" tab : scroll through the processes and tell me if you have one named :
DEFSCANGUI.EXE

I would also know which version of Windows you are running (XP, ME, 98...).

Mark

02/24/04
Oopss... Make that : "I would also LIKE TO know which version of Windows..."
snowman

02/24/04
Mark:
They know it won't uninstall completely from add/remove.

But they now offer what they call alternate removal (more complete)
Their page:
http://tinyurl.com/3f87j

Their instructions:
1. Open the link below in your browser.
http://www.buttonware.net/pub/download/qa/AllUninst.com

2. Click Open to automatically run the uninstall program.

Don't know myself how complete that'll be.

Good Luck.

Mark

02/24/04
Hey... anything is better than chasing this crap all over the hard drive !!

Jean, hope you try Snowman's tip. Keep us informed. I know how to chase down this bugger if need be.

If you have Windows XP or ME, best to disable System Restore before (some of this pest may be hiding there, and is protected by Windows)

richard

02/26/04
No I do only want pro help for this, so you who are qualified to answer this question, please do:
I have a Mcafee antivirus program, which showed me that I was infected with a virus and 96 infected files, so I I inactivated that restore function and restarted my computer and then I was able to remove the infected files!
then I activated the restore function.
And then I visited Stop-Sign, and used there free scan to see if I had any viruses...and I had like three viruses and like over a hundred spyware cookies/applications...now I got the advice to uninstall e-Anthology...so I did!
Was the things that Stop-Sign showed me just bogus???
Mark

02/26/04
:-)
richard

02/26/04
Yes or no?
Mark

02/26/04
Arrogance would be your number one ennemy here.

NO.

s

02/26/04
Well here's what the PROS at symantec (Norton) say about it:

Adware.eanthology
Detected as:
Adware.eanthology

This threat is detected by the latest Virus Definitions.

Virus Name Infection Type Date added
-- -- --

Adware.eanthology File infector 02/11/04

Frank

02/26/04
eanthology, Stop-Sign, and whatever other name they use are all basically viruses or trojans depending on how you look at them.

In either case they are not useful and pose a threat to your computer.

The bummer is that they 1) disquise themselves as anti-virus programs. And 2) they seem to be better at getting themselves in the top of the search engines than all of the legitamate programs.

Mark

02/26/04
The fun part is : if you had an updated Norton prior to downloading Stop-Sign, great. If you try to install Norton while infected, it will be wrecked (that goes for most/all full-time AVs and firewalls).

Google and Lycos are both sporting ads for it. Very visible and catchy. $$$.

Jean
K.Jean@shaw.ca
02/26/04
Hi guys..was away for two days...still have that pest..I opened that button one and it is Stop sign... was too scared to run anything on there..Alos when i click ctr,alt,del...I do not have the defetc on mine..Also I do not know how to uninstall/disable my restore..Am scared of that one too...I right click on Restore and there were no instructions..Soo. I just have that one left in the search programme..A basic question here..Will it harm anything by being in there???..Other than I am irked at it being there. will it do damage??
Jean
K.Jean@shaw.ca
02/26/04
Hi guys..was away for two days...still have that pest..I opened that button one and it is Stop sign... was too scared to run anything on there..Alos when i click ctr,alt,del...I do not have the defetc on mine..Also I do not know how to uninstall/disable my restore..Am scared of that one too...I right click on Restore and there were no instructions..Soo. I just have that one left in the search programme..A basic question here..Will it harm anything by being in there???..Other than I am irked at it being there. will it do damage??
Jean

02/26/04
oops sorry about x2 Also forgot to say I am running the Melenium edition Thanks again Jean
Mark

02/26/04
Jean : this thing is really "sticky", and needs to be removed if you do not want it back... sorry. Deactivating System Restore is not dangerous ; it simply erases previous restore points made by Windows, and also flushes out virii hiding in there (good thing !!!). Here's a link that explains how to deactivate Sysyem Restore in ME :

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam

Once Restore is disabled, I'll get you to run SpyBot Search and Destroy. Once you have downloaded this tool, you must update it first, then run it and "fix" everything it finds. Once you have clicked on "Check for updates" and you get a list of updates to download, you must first change the server location (look up above the blank window) ; you should see "Unido (Europe)", select "Rootboxen.net(USA)" instead. You can now "download updates". Here's a link for it :

http://www.safer-networking.org/index.php?page=download
(scroll down to "Download", and get "SpyBot...1.2").

Once done with SpyBot, do another search for *eanth*.*

NOTE : look closely Jean, when you type *eanth*.*, don't forget the dot between the two asterisks...

Jean

02/26/04
Ohhh Gawwd..will do I want my mommy..You are right thought forgot the dot LOL
Mark

02/26/04
Hey Jean. Not to put any pressure on you, but I would really like to clean you up tonight, if possible, because I'm going away on holidays tomorrow, and won't be back for 9 days... and I would hate to leave you hanging that long (someone else would probably step in though... so this is more an ego thing for me !!!)
Jean
K.Jean@Shaw.ca
02/26/04
I did the other search with the dot and still only the one..Oh Mark..I am so sorry but I am too scared to do any more..Am going to leave it for now..cluck cluck cluck All that stuff about disabling is way over my head..i will be back when i find some nerve...Maybe later today
Mark

02/26/04
I understand, Jean. No pressure. If it'll put your mind at ease a little, disabling System Restore is really really benign stuff, easy as 1-2-3. You cannot crash your computer doing this. Ok then, we can put off the Restore thing, as it is not essential with clean up at this stage. But I would like you to download, update and run SpyBot though... easy as 1-2-3 !!! and will do a lot of good !!! If the tool asks you to restart your computer to complete the clean up, do it, absolutely. Small steps, Jean... 1-2-3.
Jean

02/26/04
Ok...I downloaded the spybot and ran it and it cam up with TONS of stuff..a lot of eaccelleration but also something called back web and Tangent games..so now what
snowman

02/26/04
you can ignore the backweb.
It comes with compaq or hewlett packard equipment. or logitech or other legitimate applications.
Don't worry about it.
Have spy bot ignore those entries for now.
There's probably lots.

Wild tangent now comes with aol messenger.
Have spybot dump Tangent.

Much of what spybot found are probably cookies. There's probably lots. Data miners I think it calls them. They can dumped as well.

All the eacceleration can go.

You can get a descrition by clicking on what spybot finds and have it back up what it gets rid of.

Jean

02/26/04
Too late I dumped everything..and then went back into search and IT IS GONE...whooo wheee...all gone..And i don't use the tanget games anyway..Oh Mark Is it really over??
Jean

02/26/04
oops Did I blow it with the backweb???
Mark

02/26/04
No, not at all !!! Backweb is borderline spyware, used in "updater" software by folks like HP, Compaq, Kodak, Logitech. You don't need those programs, really. Fixing it is just fine (or else SpyBot wouldn't even suggest it). Need a small favour : would you run SpyBot again, and look at the total number of files that is written (bottom left). It should be 12171. If you see this number, abort the scan and exit (you're up-to-date). If it shows 5000 (or close to that), then abort the scan and update SpyBot ; then run a new scan. I'm really picky about doing updated scans...
Mark

02/26/04
By the way Jean, it could be... over indeed !!!
Jean

02/26/04
Ok will do
Jean

02/26/04
Hi Mark re-ran and it was 5K something so updated and guess what.. it found 6 more at 10K mark..One of them was myway..I paid a guy to come in last week to remove myway cause of problems 128 dollars down drain...Ran the last check and came up with a congradualations...finally!!! at 12170 yipee..Oh my will have to send donations to you guys when I get my check..I am so happy!! Now one more thing what should I buy besides the virus scanner..should I also get a personal firewall...Probably will...more the merrier Again How can I thank you..am telling everyone about you!! You don't make fun of newbies...and that was the thing that made me use you..oh again am so happy
with deepest regards Jean
Mark

02/26/04
Fighting eAnthology has put a big drain on some "newbie" resources these past few months. It is a real pest to hunt down. Helping someone like you makes it all worthwhile !! It's all in the approach and the willingness to better yourself. It makes me want to help someone else (charges the old batteries, as they say...).

Concerning SpyBot : you should update it and run a few times a month, depending on your surfing habits. Virus scanners are only "on demand", and are not made to protect you full-time. What you need is a good antivirus program ; some cost money, some are free. There is a good offering from Computer Associates, called "eTrust EZ Armor" that you can get with a full year of free updates, and it comes with a firewall (free as well). After a year, if you like it (and you should), you can pay a small fee to renew for another year. There is a catch with this one : the firewall that you get with the free download is "Zone Alarm Pro", which is an excellent firewall BUT, you only get it free for 7 or 14 days !!! You will be asked to pay a little something if you want to keep it OR, pay nothing and still get to keep the free version of "Zone Alarm" (which is also excellent, with fewer bells and whistles...). If you have a high speed internet connection, then you should get a firewall. There is a free antivirus program available called AVG (excellent program), to which you could add a free firewall (like Zone Alarm or Sygate).

For spyware prevention, you should download a program called SpywareBlaster (freebee !!) It prevents spyware from installing on your computer (not all of them, but plenty...). You simply update the tool from time to time, and run it. Check back with us if you ever need instructions for these tools !!! If you do a lot of surfing, on multilple websites of different interests, you should consider using a new browser called Firefox (from Mozilla). You can keep Internet Explorer, and use both without conflicts. It's also a freebee !! and much safer against spyware than Internet Explorer. Ok, I need to stop now, or I'll be at it all night !!! I do have some packing to do... So here are links to the stuff I have suggested :

eTrust EZ Armor (antivirus + firewall, free for a year) :
http://www.my-etrust.com/microsoft/index.cfm?

AVG antivirus (free version) :
http://www.grisoft.com/us/us_dwnl_free.php

Zone Alarm firewall (free edition) :
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

Sygate firewall (free version) :
http://smb.sygate.com/products/spf_standard.htm

SpywareBlaster (free spyware protection) :
http://www.javacoolsoftware.com/spywareblaster.html

It has been a pleasure... Safe surfing, and stop by anytime if you have questions or comments.

Regards,

Mark.

Mark

02/26/04
Oopss... forgot the link for Firefox...

Firefox (free internet browser - safer than Internet Explorer) :

http://www.mozilla.org/products/firefox/
(look to the left, click on "Download Now!")

AND : be very careful about "FREE STUFF" on the internet !! Always research before you download anything (or come by and ask us...). The internet has become a hostile place, as well as being the greatest place to be !!!

Think I'm done...

Mike

02/27/04
Response from eAnthology:

To automatically uninstall Stop-Sign/eAnthology, you can use the following URL address.
http://www.buttonware.net/pub/download/qa/AllUninst.com

We apologize for any inconvenience you may have encountered with an eAnthology or Stop-Sign product; it is completely unintentional. TO SOLVE ANY RELATED PROBLEMS, AT NO COST TO YOU, please call us at 1-800-754-1204 ext. 2 and we will provide unlimited technical support until it is resolved.

On occasion, partial installations of our product, improper uninstall techniques, or third-party software may make it difficult to remove our product. We have determined that several programs that are marketed by other companies for removal of adware or spyware may specifically target and attempt to disable our software. Our software is not adware and it is certainly not spyware.

Because Stop-Sign is designed to resist attacks from viruses that try to remove anti-virus software, these removal attempts are usually unsuccessful, and these other programs may damage Stop-Sign to the point that it can no longer be uninstalled properly through the normal Control Panel Add or Remove Program process. If you encounter this problem, you can use the Uninstaller link below or call our help number, 1-800-754-1204 ext. 2, for assistance.

To automatically uninstall Stop-Sign/eAnthology, you can use the following URL address. This program will work regardless of how much our software may have been damaged by an incorrect uninstall procedure.
http://www.buttonware.net/pub/download/qa/AllUninst.com

Our free trial software is provided as shareware - a service for consumers to determine if their computers are infected. This trial version is provided free, in hopes that people will like it enough to become a paid customer and to keep their computer free from additional threats.

eAnthology and Stop-Sign may have received a bad reputation because some time ago, we were bundled in opt-out form with other software. We stopped doing this almost one year ago. eacceleration is currently in the process of becoming a vendor level member of COAST (Consortium Of Anti-Spyware Technology vendors). You can read more about COAST at this location: http://www.coast-info.org.

There are also claims that our software delivers popups. WE DELIVER NO THIRD PARTY ADVERTISING POPUPS. We do provide a page that shows the results of the virus scans and they are shown after each scan, followed by a shareware offer page. IF THE SCANNING FUNCTION IS TURNED OFF IN THE SCANNER SETTINGS, THESE PAGES DO NOT APPEAR.

During install, there is a dialog that is shown that allows the user to turn off the automatic scan. After install, you can access the settings panel of the scanner and either reduce the frequency of the scan or turn off the “Automatic Scan” altogether. However, because 20-50 new viruses are created every day, we do not recommend that people turn off the automatic scan altogether.

In free trial “shareware” mode, our eAnthology “Software Station” interface will show up every few days, primarily to inform our users of the many helpful features that come with eAnthology. This is not a Popup; it is just a dialog box that can easily be closed. It is standard practice for shareware programs to display something similar to encourage subscription or purchase.

If you have any other questions, we are available 7 days a week: 1-800-754-1204

Stop-Sign/eAnthology Tech Support, accessible at http://www.Stop-Sign.com
Call: 1-800-754-1204 ext 2, or email: Support@eAnthology.com

Dave

03/01/04
how to uninstall eAnthology
Have read through the links here and suddenly don't feel so alone. I tried to follow the really long manual deletion on the pest patrol wesbite and now my PC doesn't start up properly. Window ME does work, restoring to the last second chance doesn't work and neither does it if I try to restore to factory settings.

Is my computer beyond repair or is there hope? Also, after reading some of the security issues, should I now be changing my online banking passwords?

Any words of wisdom would be great to hear. Thanks

Anti-SpyWare: spybot
Anti-Virus: pc cillin
Firewall: zone alram
OS: ME


© Copyright 1998-2004 Newbie dot Org -- All rights reserved --



This site maintained by Galaxy Website Design


--|--