Thursday, June 23, 2011

What is spigot, inc – searchsettings.exe?

Spigot, inc is a software company offering free extension applications for Mozilla Firefox browser called iObit Toolbar and Widgi Toolbar Platform. The extensions are considered malicious because it manipulated the browser to use Yahoo search even if the user is changing the search engines on manually to Google or Bing. Apart from that the Toolbar also provide dubious applications such as system scan and security scan options which serve for the benefits of iObit. Amazon and eBay search also included in the Toolbar


How the toolbar got install into Firefox browser is via iObit software like Advanced SystemCare Free 4, Game Booster 2, IObit Uninstaller, IObit Toolbox, Random Password Generator, Smart Defrag 2, IObit Malware Fighter Free. When setup any of the software, a window popup at the final stage of the installation to remind users whether to decline or accept the complimentary iObit Toolbar. Users who are not careful in selecting the option to decline will fall into the trap of Spigot,Inc spyware trap.

Based on the investigation, the Yahoo search is probably has been manipulated to collect information from users’ search activities. The Yahoo search box is located at www.mybrowserbar.com and if you click on the company “Terms of Use” it clearly stated the spying list they do when people are using the browser toolbar. The company information claimed it is a supported by affiliate partners like Yahoo, Yandex, Baidu, Internet Explorer, Firefox, and Chrome. However I doubt those support are based on legitimate agreement because Spigoat obviously trying to use them to legalize its spying activity.




What happen to the System when iObit Toolbar is installed on your Windows OS?

1. Installed iObit Toolbar to Firefox and also Widgi Toolbar Platform in Firefox add-ons extension
2. Create folder c:/program files/common files/spigot/
3. Running at Windows Startup using its file searchsettings.exe
4. Run searchsetting.exe automatically when Firefox start
5. It uses Yahoo search engines located www.mybrowserbar.com

How to uninstall iObit Toolbar?

1. Open Firefox browser look for iObit Toolbar→Options→Uninstall
2. Once uninstall re-start Firefox, this should remove the iObit toolbar and Widgi Toolbar Platform extension. Also searchsettings.exe will not be triggered again when running Firefox.


Un-install the Toolbar will not remove the searchsettings.exe from running on Windows Start up. How to prevent it from running at Windows Startup

1. In Windows go to Start→Run→“msconfig” click on Startup Windows tab and uncheck searchsettings.exe


To completely remove all the left over files require registry file removal.

1. In Windows go to Start→Run→Type “regedit”
2. In Regedit→Edit→Find
3. Search for searchsettings.exe and delete.
4. Keep searching by pressing F3 and delete every registry that contents searchsettings.exe until finish

18 comments:

  1. Spigot, inc file and folders

    c:\program files\common files\spigot

    Folders:
    1. Search Settings
    *subfolder = Res
    *config.ini
    *searchsettings.exe
    *yahoo_ff.xml
    *yahoo_ie.xml

    2. wtxpcom
    *Subfolder = components
    *IFBHOHelperWidgiToolbar.xpt
    *IFBHOWidgiToolbar.xpt
    *WidgiToolbarFF.dll
    *chrome.manifest
    *install.rdf

    ReplyDelete
    Replies
    1. Should we also look for these files/folders and delete them as well to rid ourselves of any more of Spigot ?

      Delete
    2. You don't have to look for this file. This is just the content of the spigot.exe file. If you delete the file that meant it delete this content too.

      Delete
  2. Version:

    Length Of Struc: 030Ch
    Length Of Value: 0034h
    Type Of Struc: 0000h
    Info: VS_VERSION_INFO
    Signature: FEEF04BDh
    Struc Version: 1.0
    File Version: 4.4.0.2
    Product Version: 4.4.0.2
    File Flags Mask: 0.63
    File Flags:
    File OS: WINDOWS32
    File Type: APP
    File SubType: UNKNOWN
    File Date: 00:00:00 00/00/0000

    Struc has Child(ren). Size: 688 bytes.

    Child Type: StringFileInfo
    Language/Code Page: 1033/1200
    CompanyName: Spigot, Inc.
    FileDescription: Search Settings
    FileVersion: 4, 4, 0, 2
    InternalName: SearchSettings
    LegalCopyright: Copyright © 2005-2011 Spigot, Inc.
    OriginalFilename: SearchSettings.exe
    ProductName: Widgi Toolbar
    ProductVersion: 4, 4, 0, 2

    Child Type: VarFileInfo
    Translation: 1033/1200

    ReplyDelete
  3. Hi, my name is Cristi and I work for Spigot.

    I am here to provide information about how to uninstall the Spigot Toolbars and turn off mybrowserbar redirection, please take a look at the links below:

    http://www.spigot.com/uninstall.html
    http://www.spigot.com/network_error_assistant.html

    Please contact me from our website if you need more help.
    Thank you.

    ReplyDelete
    Replies
    1. which one of your handicapped co-workers thought it was a good idea to hide a file in with your garbage toolbar that changes our search engine to yahoo and is very complicated to uninstall..............

      Delete
  4. Thanks for the help from cristi, now everyone can uninstall/disable their spigot toolbar using cristi's instruction

    ReplyDelete
  5. HAhahahahahahaha, yes, anonymous, we will pretend that we did not realize that you are Cristi.
    F*cking virus.

    ReplyDelete
  6. The thing is with removing these kid of stuff Widgi toolbar or what ever from Spigot like iobit toolbar. What is a safe way for people who are NOT tech savvy, and just understands the basic of it. Some sites have said Widgi toolbar is a spyware and that Spigot is bad. For computer users and web surfers that are NOT tech savvy, they don't want other problems to happen after following any websites's steps on how to remove it. Like say maybe the makers of Widgi toolbar embeded something in the program. So after removing it and a restart could have problems come about, like very slow Windows start up that looks like it will not start Windows at all. It could maybe be that after the Windows welcome that it very slow to load any desktop icons the start icon and icons and bottom right corners. But as one wait how ever long it will look like it will not even load up at all. The cursor will be there, but it not stalling or have freezed up. It just that it still did not have that busy circle have so many times yet. Last of who knows what else could happen to each ones computer, after following the steps from a website. That would be a case by case, and not eveyone would have 100% the same problem. Another thing is unistalling iobit toolbar from control panle. Would that cause any any unwanted problems doing a restart.

    The thing is there got to be a few safe ways to remove them for good, that is for those that are not tech savvy. No one really likes computer problems of any kind from malware, spyware and viruses.

    ReplyDelete
    Replies
    1. You are right syndicate2..there got to be a few safe ways to remove it for good but unfortunately even antivirus software can't really help much in doing it. So hopefully the steps provided is hopefully giving the general idea of it. I can understand that every computers are 100% the same and you are exactly right.

      Delete
  7. Thanks a lot for the info!! Usually I have no problems with iObits and I never install the crap that comes with it. This one must've slipped by me when I installed the latest update. I panicked and thought I had a virus! Again, thanks!

    ReplyDelete
  8. Neither my AV nor spyware programs see it, even when I did a search on that folder specifically, grrr. Also using your steps above, nothing came up in msconfig nor regedit searches to remove those fields. Yet the folder for spigot is still there in my program files directory. Can I safely deleted the folder?

    ReplyDelete
    Replies
    1. Yes you can safely delete the folder...if all the regedit info of the file has been removed you can safely delete the folder from program file manually.

      Delete
  9. Spigot was installed surreptitiously when I updated smart defrag, thanks for the info. The removal steps worked perfectly.

    ReplyDelete
  10. Thank you for this blog, I found it very helpful. This process went unnoticed on my computer for a week and I believe it was responsible for a BSOD somehow. I'm usually pretty vigilant about what processes can run on my computer so for this to slip past me was a surprise!

    ReplyDelete
  11. Spigot SearchProtection was silently installed on my computer at 5am this morning by uTorrent.

    Be aware that uTorrent is now installing Spigot Search Protection without user consent.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  12. Thanks so much for this post. I got Spigot by accidentally clicking okay to a software add-on, thought I'd gotten rid of everything (good grief it implanted itself in all kinds of things!) and then found Spigot when I tried to do an address bar search and came up with the very same search engine I thought I'd removed 2 weeks ago. This was very helpful.

    ReplyDelete