by nick_danger_3rd_eye on Feb-25-03 at 13:30
I think just about every single program you download, with few exceptions, wants to become your best buddy and take over things, and you just have to tell them 'no' by setting the proper preferences. I think most of a Netscape download gives you an opportunity to keep it in the background, by way of selecting options in various popup windows.

The Pacs Portal page has been great in helping me keep out as much as possible from my startup menu, where most of those downloads want to live. I also downloaded Startup Monitor to let me know when programs try to sneak into the startup menu. It's very useful to have when doing downloads.

How did I get the parasite?

SPYBOT features advantages over the free version of Ad-aware, too. Unlike Ad-aware, which doesn't give you any information about what it finds on your PC, Spybot provides you with a clear list of everything it's discovered. Simply mouse-over any item on the list, and you can find out where it came from, what it does, and what Spybot recommends you do--keep it or destroy it.

I like Spybot because, although it can be only a tiny bit aggressive, you control what to remove.. it has a spyware update capablilty like the better anti-virus programs have. Of course both spybot and avg are needed to provide good protection. And perhaps a firewall.
It also does search and find xupiter. I can't determine if it would find all of it..due to the hidden file xupiter puts on the drive.. but I would bet it does. IT seems to find stuff the ad-aware misses.
I am not willing to reinfect my machine to find out if it does get all of xupiter... so the manual removal tool is a good reference to check up on it because ad-aware only kills the program and its file folder not the plugin, registry reference, or hidden file.. Spybot does search out the registry.

jcksrobbins 3:06pm December 12, 02
Xupiter is a search engine, but is very parasitic. It basically takes control of your browser and its settings. It is not dangerous to your computer, but as you already know, it is very annoying.
Here is some good information on how to remove it:
http://allentech.net/parasite/Xupiter.html

Next, do a start> find (check your "advance" find settings to make sure it is set for "all files and folder" and in the find box, the Include subfolders box is checked) put in xupiter and search each HDD, one at a time.
IF you find anything in the find list you can Right click & Delete... (NOTE: any webpages with that in the title will also appear in the list, don't worry about that, we want files)... Then go to Recycle bin and clear it out.

Here is the next step:
Right click on the IE icon (on the desktop) and select "properties" IE properties
In the first window, of Internet properties... (don't mess with the home page setting yet...) Click on the settings button.. then "view objects"... this will open the folder.. Downloaded internet files..

Okay.. after you have opened IE properties, then click on the settings button to open (note: the "view files" button, we will use it later) and clicked on the "view objects" button, You will get Downloaded program files
You need to highlight (click once) the activeX plugin {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} and then right click and remove it.
(This is the only place that windows will allow you to remove plugins!) Then Edit menu, "select all", Right click on any of the highlighted items select properties...and one at a time (in slide show fashion) the properties of each plugin will come up. Check to see if it is from a "known" source like microsoft, shockwave, housecall, etc....

(If you're online, and you open your "downloaded program files" folder, when you right click on a plugin, the option to update it appears also (only when online). And the reason I open internet properties from the Icon and not the IE tool menu, is the Browser window that you open it from will be disabled until you close ie properties making it hard to type a reply to instuctions but if opened from the icon, doesn't affect the browser's currently open.)

When you right click and check the properties of a plugin.. it will say, for example, http://active.macromedia.com/flash2/cabs/swflash or micosoft.. or other helpful places like your web cam..IF you have one.. a ms plugin ..and these are okay.. But if you have one marked Xupiter or from an unknown web site.. remove it...

The thing about plugins is that if you remove them with the exception of MS ones or installed program plugins, like say, the one for housecall, the next time you vist that site it will ask to reinstall the plugin.

For now, only remove the one that you're sure don't belong; you can come back and remove any others later.. The plugins allow the program to connect with your machine. Since I don't know all the programs on you machine, for now I have to stick with the Xupiter tool bar.... (However, IF you have a plugin named BUDDY I have to ask: DO you have AOL ?? Buddy is a bundled software program that many AOL users try out, stop using, and then find out it's spyware.)

As the properties of a plugin come up, it may have web site listed. You can use a blank browser window to check out the home page of the site.. and see if it belongs.. Stuff that says MS activex or shockwave should stay.

Okay, close if your done. Close the download program folder and we will move onto the next step.
The Next step after closing the IE properties (BTW> we will be back..) IS to start, run winfile ... an old file management program..

by cegs on Nov-18-02 at 11:07
OK, I'm back, just when you think you're at the end there's more. So I gotz to get rid of the registry now?

by PWW
We're not up to the registry step yet... we have to get rid of the hidden Xupiter.INI files that windows cannot see or detect...
Start, run , winfile
When you have winfile open ... View menu.. select by file type... checkmark all the boxes, including show hidden system files and click ok.
Top row text labels should say: File disk tree view options window help - - Under View, Enable all the boxes ESP. the one to view all hidden files

Now under the file menu, 3rd item from the bottom, select search and in the search box type:
Xupiter.* with the search starting at the begining of the c: drive and searching all subdirectories...
The search will reveal 1 or 2 hidden files (hidden from even windows explorer) in this directory:
C:\WINDOWS\DOWNLO~1 called xupiter.ini or something similar.. use the delete key to carefully delete only that file... you should only get a match for that.. and not one for c:\progra~1\xupiter

Each search will open a new window, under the window menu it best to keep them down to just the one, by closing the little x under the big X in the upper right corner... I am sure a .ini file for xupiter will be found on your system unless adaware removed it...
You could also point and click your way down to c: >windows> DOWNLO~1 dirctory.. and then look in the list of files on the right to see if its under X(upiter) at the end of the list.
(first highlight the file, and then File properties or hotkey alt+enter to open the file properties; copy the information on the file and post it please.)

by cegs on Nov-18-02 at 12:34
OK, I gotz it,
[version] ; version signature (same for both NT and Win95) do not remove signature="$CHICAGO$" AdvancedINF=2.0 [Add.Code] XupiterToolbarLoader.exe=XupiterToolbarLoader.exe [XupiterToolbarLoader.exe] ;File-Win32-x86=thiscab clsid={A27CFCAE-9351-4d74-BFFC-21EB19693D8C} version=3.0.5.1000 Hook=InstallerHook [InstallerHook] run=%EXTRACT_DIR%\XupiterToolbarLoader.exe /CabInstall ; end of INF file

by phantonwerwolf on Nov-18-02 at 12:50
Note: In post above (at 12:34), I believe you will see the code that tells windows not to remove or unistall this file.. Thus this may be why explorer cannot detect it... Good job cegs, now you can delete the file.. note that the {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} is the name of the plugin that had to be removed.. and you should be free of the plugin in your settings.. dowloaded program file.. After you delete it, find your way back up to c: progra~1 and make sure the xupiter directory is also gone.

IF you think this was fun so far.. now we get serious.. IF AT ANY part of the next step you have a question stop and ask it, because you only get to delete stuff in the registry once. And this is the only way to get the Xupiter tool bar item out of your browser> view> toolbars.. even though it now doesn't work because the files are gone. IF anyone wants to step in and help cegs backup the registry now is the time......

How to create a backup Registry file.
Click Start
Click Run
Type in "regedit"
Click OK
Highlight "My Computer" on the left
Click the Registry menu at the top and select "Export Registry File"
Name the file "backup" and save it to your Desktop. If you screw-up, locate the "backup" file on your Desktop and double-click it. Select Yes and your registry will be restored.

[Restoring the registry
If for some reason registry checker fails and Windows won't boot, you can try to restore the registry in DOS. Just boot into DOS and type scanreg/restore at the DOS prompt.
If you want to be extra safe, you should create copies of the two files that make up the registry (User.dat and System.dat) and place them in a separate backup folder on your hard drive (they're too big to fit on a floppy).
You'll find User.dat and System.dat in the C:/Windows folder but won't have access to them unless you go into Windows Explorer and choose View, Folder Options, click on the View tab, and check Show All Files.]

Here's how to Backup your Registry for different versions of Windows: