[Referred]ad ware analysis
Started by
lauren23
, May 03 2005 05:35 PM
#1
Posted 03 May 2005 - 05:35 PM
#2
Posted 03 May 2005 - 11:29 PM
Well you certainly have a mess there...
Ad-aware has found object(s) on your computer
If you chose to clean your computer from what Ad-aware found, follow these instructions below…
Make sure that you are using the * SE1R42 28.04.2005 * definition file.
Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.
Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);
Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click Ok.
Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.
When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to CoolWebSearch ONLY. Click next, Click Ok.
If problems are caused by deleting a family, just leave it.
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.
Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.
Remember to post your fresh scanlog in THIS topic.
- Rawe
Ad-aware has found object(s) on your computer
If you chose to clean your computer from what Ad-aware found, follow these instructions below…
Make sure that you are using the * SE1R42 28.04.2005 * definition file.
Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.
Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);
Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click Ok.
Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.
When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to CoolWebSearch ONLY. Click next, Click Ok.
If problems are caused by deleting a family, just leave it.
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.
Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.
Remember to post your fresh scanlog in THIS topic.
- Rawe
#3
Posted 04 May 2005 - 10:15 PM
Hey thanks for your help,
So i performed another check with ad ware after I ran Cclean. I deleted all the cool wb searches and here is the new ad ware log. there are some cool web searches that showed up. Let me know the next step. thanks again.----mike
So i performed another check with ad ware after I ran Cclean. I deleted all the cool wb searches and here is the new ad ware log. there are some cool web searches that showed up. Let me know the next step. thanks again.----mike
Attached Files
#4
Posted 05 May 2005 - 03:21 AM
Ok, we have to try it this way then..
Ad-aware has found object(s) on your computer
If you chose to clean your computer from what Ad-aware found, follow these instructions below…
Make sure that you are using the * SE1R42 28.04.2005 * definition file.
Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.
Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);
Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click Ok.
Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.
When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.
If problems are caused by deleting a family, just leave it.
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.
Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.
Remember to post your fresh scanlog in THIS topic.
- Rawe
Ad-aware has found object(s) on your computer
If you chose to clean your computer from what Ad-aware found, follow these instructions below…
Make sure that you are using the * SE1R42 28.04.2005 * definition file.
Open up Ad-Aware SE and click on the gear to access the Configuration menu. Make sure that this setting is applied.
Click on Tweak > Cleaning engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder);
Run CCleaner to help in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click Ok.
Note; the path above is of the default installation location for Ad-aware SE, if this is different, adjust it to the location that you have installed it to.
When the scan has completed, select next. In the Scanning Results window, select the "Scan Summary"- tab. Check the box next to any objects you wish to remove. Click next, Click Ok.
If problems are caused by deleting a family, just leave it.
Reboot your computer after removal, run a new "full system scan" and post the results as a reply. Don't open any programs or connect to the internet at this time.
Then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Also, keep in mind that when you are posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (Mru's) aren't considered as a threat. This option can be changed when choosing your scan type.
Remember to post your fresh scanlog in THIS topic.
- Rawe
#5
Posted 05 May 2005 - 07:28 PM
Ok I ran it again and got rid of all the cool searches and all the things that were titled malware. The log was down to 3 things. How ever i am having problems with windows. it says periodically "missing files dll or exe etc. Just wated to let you know seeing is how you are the expert computer guy.
Attached Files
#6
Guest_Andy_veal_*
Posted 06 May 2005 - 06:34 PM
Hello and Welcome
Ad-aware has found objects on your computer
If you chose to clean your computer from what Ad-aware found please follow these instructions below…
Please make sure that you are using the * SE1R43 06.05.2005 * definition file.
Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.
Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Please then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Please run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click OK.
Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.
When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.
If problems are caused by deleting a family, please leave it.
Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.
Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.
Please post back here
Good luck
Andy
Ad-aware has found objects on your computer
If you chose to clean your computer from what Ad-aware found please follow these instructions below…
Please make sure that you are using the * SE1R43 06.05.2005 * definition file.
Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.
Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.
Please then boot into Safe Mode
To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):
Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
Please run Ad-Aware SE from the command lines shown in the instructions shown below.
Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)
"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)
Click OK.
Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.
When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.
If problems are caused by deleting a family, please leave it.
Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.
Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.
Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.
Please post back here
Good luck
Andy
#7
Posted 06 May 2005 - 10:13 PM
I have already done this twice. Is there another way
#8
Guest_Andy_veal_*
Posted 07 May 2005 - 02:21 AM
Did it remove any objects?
#9
Posted 07 May 2005 - 03:57 AM
Lauren, did it remove any objects?
Btw, you didn't actually do that twice, because you don't have the latest definitions..
Could you possibly post your latest scanlog here?
- Rawe
Btw, you didn't actually do that twice, because you don't have the latest definitions..
Could you possibly post your latest scanlog here?
- Rawe
#10
Posted 08 May 2005 - 10:16 PM
This is my 5th log i think after i removed all the files titled malware.
Attached Files
#11
Posted 08 May 2005 - 11:32 PM
Could you possibly perform webupdate?
You have old definitions file.
Then post a new log.
- Rawe
You have old definitions file.
Then post a new log.
- Rawe
#12
Guest_Andy_veal_*
Posted 11 May 2005 - 10:34 AM
Are you still having problems?
#13
Posted 17 May 2005 - 09:20 PM
Yes I am still haveing the same problems. One of the replys said to do a web update. I dont know how to do this. I need to get ride of the is dr watson problem fast.
#14
Guest_Andy_veal_*
Posted 18 May 2005 - 10:24 AM
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.
Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users