How to manually remove Xupiter
Found this at doxdesk.com, and wanted to store it for posterity...Xupiter consists of an Internet Explorer toolbar containing link buttons to one of Xupiter's search engines and a task run at Windows startup which downloads updates to the software and may launch pop-ups. It also contains functionality to hijack your home page and address bar searches, and add Xupiter links to your bookmarks.
Variants
Xupiter/Xupiter uses the site xupiter.com for all functions; Xupiter/Xjupiter is the same but uses xjupiter.com instead. Xupiter/2003 is the same as the Xupiter variant, but puts its DLL directly in its Program Files folder instead of in an 'Updates' folder.
Xupiter/BrowserWise points to browserwise.com but is still otherwise identical to Xupiter. Xupiter/Browser is a newer variant which still points to browserwise.com, but stores its program files in a folder called 'Browser' instead of 'Xupiter'.
Xupiter/Sqwire is a newer variant pointing at sqwire.com. Its program files are stored in a 'Sqwire' folder, in a different layout to previous versions, and an installer DLL is left in Downloaded Program Files.
Xupiter/OrbitExplorer is the latest variant, pointing at orbitexplorer.com. Some of its program files are stored in an 'Orbit' folder in Program Files, the rest in an 'OE' folder in Common Files. It also has the installer DLL.
Also known as
XupiterToolbar (program name).
Distribution
Installed by ActiveX drive-by-download in affiliate pages. Known sources include the site www.freewebupgrades.com (which is advertised by junk e-mail) and pop-up adverts on sites such as FortuneCity and cjb.net subdomains.
More recently also bundled with Grokster.
One of Xupiter/Sqwire's ActiveX drive-by-download pages has been advertised by junk e-mail (spam) offering a 'Free Christian Toolbar'. Another pretends to be a program to disable Windows Messenger service pop-ups.
What it does
Advertising
Yes. Apart from the hijacking and added links, the software periodically opens pop-under advertisements as directed by its controlling servers. (These may appear in windows with only an 'exit' menu.)
Privacy violation
The privacy policy states that the software may track all web usage. However this behaviour has not been observed.
Security issues
Yes. The software contacts its servers to ask for update code, which is executed without checks. It has also been known to download third-party software (for instance a casino loader app).
Stability problems
In the initial variants, the update-checking task tries to connect to xupiter.com to download updates whether or not you are connected. If it fails it may cause a crash in 'RunDownload.exe'. Some versions of Xupiter can cause the Windows Explorer to crash when opened under Windows XP.
Removal
The OrbitExplorer variant may have an uninstall available. Go to Add/Remove Programs in the Control Panel, choose 'Orbit' and click 'Remove'.
Other variants have no built-in uninstall. An uninstaller is available through ActiveX drive-by-download from Xupiter sites; reports suggest this works for some but not all variants, and may leave a message on bootup that Xupiter must be reinstalled.
The latest updates of Spybot S&D and Ad-Aware can remove all Xupiter variants.
Manual removal
Open the registry (from the Start menu, click Run and enter regedit) and find the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
Delete the entries 'XupiterStartup' and 'XupiterCfgLoader' (earlier variants), 'SQUpdatesChecker' and 'SQConfigChecker' (Sqwire variant) or 'OrbitUpdate' and 'OrbitView' (OrbitExplorer variant).
Open a DOS command prompt window (Start->Programs->Accessories) and enter the following commands to deregister the toolbar (Xupiter and BrowserWise variants):
cd "%WinDir%\System" regsvr32 /u "\Program Files\Xupiter\Updates\XupiterToolbar.dll" regsvr32 /u "\Program Files\Xupiter\Updates\XTUpdate.dll" regsvr32 /u "\Program Files\Xupiter\Updates\XTSearch.dll"
(The earliest variants of Xupiter didn't have the XTSearch.dll file, so don't worry if this last command gives an error.)
For the 2003 variant, use:
cd "%WinDir%\System" regsvr32 /u "\Program Files\Xupiter\XupiterToolbar.dll" regsvr32 /u "\Program Files\Xupiter\XTUpdate.dll" regsvr32 /u "\Program Files\Xupiter\XTSearch.dll"
For the Browser variant, use:
cd "%WinDir%\System" regsvr32 /u "\Program Files\Browser\Updates\BrowserToolbar.dll" regsvr32 /u "\Program Files\Browser\Updates\BWUpdate.dll" regsvr32 /u "\Program Files\Browser\Updates\BWSearch.dll"
For the Sqwire variant, use:
cd "%WinDir%\System" regsvr32 /u "\Program Files\Sqwire\t.dll" regsvr32 /u "\Program Files\Sqwire\u.dll" regsvr32 /u "\Program Files\Sqwire\s.dll"
For the OrbitExplorer variant, use:
cd "%WinDir%\System" regsvr32 /u "\Program Files\Common Files\OE\toolbar.dll" regsvr32 /u "\Program Files\Common Files\OE\redirector.dll" regsvr32 /u "\Program Files\Common Files\OE\search.dll"
(On non-English versions of Windows, 'Program Files' and 'Common Files' may be called something different. In that case you will have to change these commands to match the name of these folders.)
Restart the computer and open the Program Files folder. Delete the 'Xupiter', 'Browser', 'Sqwire' or 'Orbit' folders, and in the OrbitExplorer variant also the 'OE' folder inside Common Files. For the Sqwire and OrbitExplorer variants, you should also open 'Downloaded Program Files' in the Windows folder and remove the 'Loader class' entry if it is there.
You can now restore your home page (Internet Options->General->Home page) and your search settings (Internet Options->Programs->Reset web settings). You can also delete the settings to clean up if you like: open the registry and delete the key HKEY_CURRENT_USER\Software\Xupiter, HKEY_CURRENT_USER\Software\SQ (Sqwire variant) or HKEY_CURRENT_USER\CLSID\{0FDA4D2B-7975-405d-8D7C-F5E2247EAE80} (OrbitExplorer variant).
posted by The LoneStranger rides again! @ 9:03 PM
0 Comments:
Post a Comment
<< Home