I've been living with this adware for quite some time (since late November?). At the time I was unable to find much useful info about it, but I found this thread after the holidays. Hallelujah! Thanks so much to Pieter and everyone else.
One problem I had was trying to piece together the various steps from the different posts here. Also, I did have the same two registry entries others had, but I could not get either of Pieter's scripts (webcheck.reg
) to work. I reviewed the .vbs script and saw it really came down to re-registering webcheck.dll.
This whole episode was a minor nightmare to figure out but, in the end, my clean-up was pretty easy.
Here's a summary of what worked for me under Windows XP SP1 (I assume this would also work under SP2):1. Disable/remove msvcrta.dll.
I used Security Task Manager (free trial http://www.neuber.com/taskmanager/
) to "Remove -> Move file to quarantine" and then rebooted. I ran Security Task Manager again to confirm the msvcrta.dll process was gone.2. Clean out the Prefetch folder.
I just used Windows Explorer to go to C:\WINDOWS\Prefetch and deleted everything there, and then rebooted again.3. Clean up the registry entries.
I opened a Cmd prompt (Start -> Run -> cmd) and entered the command "regsvr32 webcheck.dll" (without quotes). I then rebooted a third time.
I seem to be clean now and have not seen the pop-ups since running through these 3 steps. The msvcrta.dll process is not running, and searching for "msvcrta.dll" in regedit finds it only in the context of Security Task Manager. Yippee!
Thanks again to everybody who helped.