Page 1 of 1
Dang Adware...
Posted: Mon Mar 14, 2005 11:35 pm
by Capm
I've got a machine here, I've been through it pretty thoroughly, adaware, hijack this, spybot etc..
I've still got a piece of adware in there, every few minutes, a couple of internet explorer windows popup with ads, and I can't seem to track it down, I've been through all the startup configs etc... Anyone got any ideas where to look for this blasted thing?
Posted: Mon Mar 14, 2005 11:41 pm
by Krom
Find out what rundll32 is up to, what you are looking for is probably a DLL attached to some other program not a program by itself.
Posted: Tue Mar 15, 2005 12:09 am
by Grendel
Came along some really clever adware lately -- had to find a program that would at least tell me what it is so I could lookup what it's dll's where. Hooked up in three places -- startup registry entries, shell extensions and IE dll's. Each one would reinstall the other one of course. Two processes running at realtime level monitoring each other where just the front end. That sucker even came up in safe mode. M$ AntiSpy told me what its name was, I then found some info where that beast usually is located. Used sysinternals (
http://www.sysinternals.com) process explorer to suspend (not kill) the watchdogs, autoruns to kill every suspect registry entry. Then I unregistered the dll's, killed the dogs and booted into safe mode, deleting the leftovers.. Pain in the arse.
Posted: Tue Mar 15, 2005 1:24 am
by Xamindar
ack, have you looked in msconfig?
I always disable that rundll32 anyway.
Posted: Tue Mar 15, 2005 10:10 am
by Asrale
Download
Rootkit Revealer and post a screenshot of its results.
Posted: Tue Mar 15, 2005 8:12 pm
by MD-2389
Could you also post the log generated by Hijack This?
edit: A newer version of Hijack This! was released on Feb 16th.
download.
Posted: Tue Mar 15, 2005 8:58 pm
by Krom
Xamindar wrote:ack, have you looked in msconfig?
I always disable that rundll32 anyway.
Uhmm, rundll32 does have a purpose in windows, if it is running odds are it needs to be running, for instance I use nview desktop manager and it runs from rundll.
Posted: Wed Mar 16, 2005 2:48 pm
by Xamindar
Krom wrote:Xamindar wrote:ack, have you looked in msconfig?
I always disable that rundll32 anyway.
Uhmm, rundll32 does have a purpose in windows, if it is running odds are it needs to be running, for instance I use nview desktop manager and it runs from rundll.
eh, I've never had any problems with it disabled.
Posted: Wed Mar 16, 2005 8:23 pm
by Krom
Try bringing up display properties, rundll32 will be running if you do.
Posted: Wed Mar 16, 2005 9:17 pm
by Capm
I'll see to posting the log next time I get in the office.
Posted: Fri Mar 18, 2005 3:43 am
by World War Woodi
Um, how bout ditching IE and running mozilla firefox ?
I have nearly 0 ad hits when I run my adaware and spybot since switching.
When I was running IE with my 3 kids using the computer I would average 30 to 150 ad hits and hijacks.
Iam VERY happy with firefox.
Posted: Fri Mar 18, 2005 5:12 am
by DCrazy
woodi: Adware that's already on the machine has a tendency to launch its ads in IE, regardless of your preferred browser setting.
Posted: Fri Mar 18, 2005 6:04 am
by BUBBALOU
ignorance is bliss
My box is Tight , I know of no such things
Posted: Fri Mar 18, 2005 11:15 am
by Admiral LSD
woodi wrote:Um, how bout ditching IE and running mozilla firefox ?
I have nearly 0 ad hits when I run my adaware and spybot since switching.
When I was running IE with my 3 kids using the computer I would average 30 to 150 ad hits and hijacks.
Iam VERY happy with firefox.
Firefox isn't immune to adware either:
http://www.vitalsecurity.org/2005/03/fi ... ts-ie.html