 sj |
||
|
||
Tech: Adware threats
|
|
|
Subject: Tech: Adware threats From: michaelr Date: 12 Mar 04 - 09:57 PM My Norton Antivirus keeps finding "adware threats" during its weekly virus scans. It calls them all "Adware.Lop". The file names are invariably combinations like Qlp1304.TMP (in the Windows\Temp folder), and when I instruct Norton to delete them, it tells me "delete failed". I then use the Windows "Find File" feature and manually delete them, but there is always one or two that Windows tells me "Cannot delete: Access is denied. Make sure the disk is not full or write-protected (which it's not) and that the file is not currently in use." Also, there is always one of these files called rsnouoee.exe (in the Windows\Application Data folder), and when I try to delete it, the message I get is "Cannot delete: The specified file is being used by Windows". Someone please tell me: -- what is Adware? -- why won't Norton AV delete it? -- why are there new TMP files every week? Does rsnouoee cause them to accumulate? -- how do I get rid of this crap? I'd appreciate the help. Cheers, Michael |
|
Subject: RE: Tech: Adware threats From: MMario Date: 12 Mar 04 - 10:33 PM ad-aware is a good program to get rid of them - adware is stuff that gets dowlnoaded to you by various websites - most of them collect info on your web browsing and send it back to a collection point. |
|
Subject: RE: Tech: Adware threats From: Sorcha Date: 12 Mar 04 - 10:35 PM And, then you get spam... |
|
Subject: RE: Tech: Adware threats From: MMario Date: 12 Mar 04 - 10:56 PM adware also chews up processing time on your computer and increases traffic on your internet connection. |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 12 Mar 04 - 11:18 PM there can be programs/processes running that YOU did not knowingly start, put there at an earlier time by an adware program...if they are running, and using one of the files you mention, you will get that message that "access denied, file in use" stuff... You can use a program like Application Manager to look at EVERYTHING running and decide what to do.... there are others...one by Karen Kenworthy depending on what system you are running |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 12 Mar 04 - 11:24 PM oh, and here are several more at the Pricelessware site where good freeware programs are voted in by experts. |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 13 Mar 04 - 02:46 AM The most common reason for failure to delete is that the file is "open" and running. The safest way to "close everything" would probably be to shut down the computer and reboot in DOS, but if you're not familiar with the use of DOS file management commands, it may be pretty difficult to do the deletions you want, and you can damage the system by inappropriate DOS actions. In Windows, you can "three-fingered salute" - i.e. press Control, Alt, and Delete simultaneously. This will open "Task Manager" which shows what programs are running. If you click on the tab in Task Manager labelled "Processes" it will show you every process that is currently running (i.e. every file that is open). You can click (sometimes you need to double-click) on a file name, and then click the button labelled "End Process" to close that file, after which you should be able to delete it manually using Windows explorer. Be aware that when you "end process" for a file that is running, any program that is using that file may crash. If the file is "critical" to Windows operation, the computer may lock up so that you still can't do your delete, without restarting in DOS and doing it that way. If terminating a process does lock things up, you probably have found a file you shouldn't delete, although some viruses and adware manage to install their files so that they "emulate critical files." Deleting files in Temp folders is seldom productive. If they're in Temp, they were loaded from somewhere else; and will reload the next time you reboot, or the next time you open a program with which they are associated. The problem comes from the fact that the "temp file" that is created in the Temp folder doesn't have to have the same name as the "physical file on your hard drive" that causes it to open. It is possible that running the "end process" routine for files that your Norton program couldn't delete will allow Norton to delete them and their parent files if you re-run the Norton before you reboot. Much of the adware is fairly innocuous, depending on how you feel about being "surveyed." Adclick and DoubleClick are two that many sites use, and the "adware" merely keeps lists of what site you visited, and records for each site an indentification of what site you went to next. The results, according to privacy statements on sites that use them, are reported only as "anonymous user went from site A to site B." This allows marketing analysts to identify competing products and also to find places to "position" their advertising where "people who might like us are likely to go." More invasive forms of adware, which do identify you specifically and track where you go, and which report the information collected by the identity assigned to your machine is found in virtually all of the "file sharing" programs (especially MP3 sharing). If you read the fine print in their privacy statements when you download the necessary software (but who does) you will find that you have agreed to allow them to track everything you do. In most of these programs removing the adware will cause the programs required in order to access the sites to stop working. John |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 13 Mar 04 - 11:12 AM in Win98, John, ctrl-alt-del gets me only a little window from Norton, evidently...with a short list of programs running...NO tabs or way to list all the files in use, which is why I have resorted to helper programs. Is there a Windows view that Norton is overriding? |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 13 Mar 04 - 04:17 PM Bill D - I'd forgotten about the "attenuated" capabilities in Win98. I'll have to research a little to come up with the standard method. You can go to Start - Programs - Accessories - System Tools - System Information to see all the processes that are running, which would let you at least confirm that as the reason why your Norton can't delete something. It would also confirm an exact file name to look for to do a DOS-boot delete. (Versions of Norton programs I use don't worry about adware, so I don't know how accurate their report is; but some 'anti-spy' utilities may report "generic" names that aren't quite exact enough to find the file easily. You'd still have the problem of "aliasing" where a file runs under a name different than the name from which it restarts.) There is a procedure for terminating a process for Win98; but unfortunately I don't remember it, so will have to look it up. Can't make promises about when I can get to it. In pre-Win98 times, you always found it under "how to turn of TSRs." If you have a decent accessory, that works too. Lots of helper programs were a necessity in Win3.11 and Win95, some were helpful in Win98, most are "dangerous" in Win2K, and mostly they're just unnecessary in WinXP. Historical context is meaningful. The "adware" is a real problem, and you probably do need an accessory program, in any OS, if you want some control. I've tried Ad-Aware, and am not particularly impressed. The only adware it ever seems to find is AdClick and DoubleClick. Based on the privacy statements associated with those two, I don't find them particularly objectionable, just annoying; and you can clear both of them just by cleaning out cookies periodically. "Spybot-Search And Destroy" does find and successfully delete a lot more junk, but the warning remains that much of the "dirty adware" that you really shouldn't have to put up with is a required part of the programs that contain it. If you delete the adware, you disable the program. There is also the concern that a virus can disguise itself as adware, so a good AV program with current signatures is absolutely necessary. John |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 13 Mar 04 - 04:49 PM yep..I use Spybot S&D and registry cleaners and Web filters and Anti-virus and mail filters...why, letters from my Grandma and Mudcat buddies have to knock 3 times and give the secret code before I let the drawbridge down! *grin* I control cookies so carefully that Keebler and Oreo packages set off alarms at the office door! Thanks...I know I'm behind the curve, as usual, but as much as I like 'newer & better', I also dread the baggage M$ includes with it. (I totally skipped Win95 and came here from 3.1!) |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 13 Mar 04 - 07:24 PM Bill D - Actually I'd hope you got to Win98SE from Win3.11. There was a big difference between 3.1 and 3.11, since the 3.11 was the first one to incorporate a usable "workgroup" networking ability, and made a lot of other real improvements. Win95 was always pretty "buggy," and Win98 never ran right until you got to the "SE" (second edition) level. With 98SE, sometimes you could run for hours without a blue screen. (It's actually been improved, incrementally, since it came out.) WinXP is by far the best that Mickey has come up with. From the stability and maintainability viewpoint, it makes even Win2K look like a bag of bandaids. It does seem they incorporated a lot of crap just to annoy the users, but once you get it set up it's pretty trouble-free and eliminates the need for almost all those accessory programs (EXCEPT AV!!!). They will probably mess it all up with the "Second Edition" that they plan to release soon. It's already in the hands of the OEM builders, and theoretically they're not allowed to build new machines with earlier versions now. It will incorporate a pretty effective firewall that will install turned on by default, will default to disable most scripting. That will cause a lot of problems for people on small networks ("my firewall says you're firewall is a p.o.s." kind of thing). The next completely new desktop OS isn't scheduled out (current schedule) until 2006, so if you wanted to upgrade now you'd be fairly assured of at least a couple of years before they "obsolete" you again (maybe). John |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 13 Mar 04 - 08:52 PM oh, sure 3.11 and 98SE "...eliminates the need for almost all those accessory programs..." but, but, but...my hobby! What will I do with my hobby? I have 347 wonderful programs! *grin*... Next you'll be telling me my collection of typewriter ribbons is useless! "...a couple of years before they "obsolete" you again" ..ah, a couple of years is an eternity, as I always go 2-3 years past 'obsolete' before I trust 'em... There oughta be a law that they make "X" work right before they can sell you "Y". |
|
Subject: RE: Tech: Adware threats From: Crane Driver Date: 14 Mar 04 - 09:19 AM I recently downloaded "Ad-aware" from a freeware site - the first time I ran it, it deleted 218 files described as "data miners" which apparently just sit there feeding data back to .... whoever. Now I run it each time I log off, and it usually deletes 8 or 9 more files. The first time, the computer speed noticeably increased after I got rid of the crap. Whatever they are, I don't want 'em. Norton antivirus doesn't even notice them coming aboard, BTW. Andrew |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 14 Mar 04 - 12:41 PM Whether Ad-Aware is useful probably depends a lot on where you go on the web and on other maintenance practices you follow. My observation has been that on my machines it finds the same few cookies each time I run it, but never finds anything else. Since I go through my "cookie jars" fairly often, just to keep a bunch of junk from piling up there, it doesn't appear to get rid of anything I wouldn't delete manually anyway, and it leaves a lot of junk that I still have to delete manually. It doesn't really do anything I wouldn't do routinely if it was not there. The cookies that Ad-Aware has found when I run it are all of the "just a cookie" kind that are eliminated entirely just by deleting the cookie. If I run Spybot after a run with Ad-Aware, Spybot identifies additional "adware programs" that install themselves by making registry entries and offers to remove them. These adware devices, that Spybot finds and that Ad-Aware does not, are much more of a nuisance to clean out manually, so Spybot does accomplish something I might not do on a frequent and regular basis without it. If I clean my cookie stash first - something I have to do anyway - Ad-Aware finds nothing. If I run Ad-Aware before I do my normal manual cleaning, it deletes less than 10 or 15 percent of the cookies I would dump anyway. Even after I do a "routine" cleaning of my cookie folders, Spybot occasionally finds an additional "concealed cookie." I could go through a few extra steps to find the concealed adware manually, but Spybot makes it unnecessary, so it saves me some work. (Actually, a lot of work, since the "few extra steps" are not particularly simple, and removal of this stuff requires editing the Registry in many cases.) Based on my experience that 10 or 15% of the cookies I pick up are the Adclick or Doubleclick that Ad-Aware finds, if it removed 288 items, you're far "past due" to clean out your cookies. They don't take up a lot of space, but they're mostly trash just the same. John |
|
Subject: RE: Tech: Adware threats From: GUEST,Rich Date: 29 Sep 04 - 03:46 PM What about cleaning the registry manually. I found all types of Ad Ware using Ad Aware and Norton. But neither is getting rid of my problem. I found steps to manualy go into the regedit and delete different entries. Is this safe? |
|
Subject: RE: Tech: Adware threats From: Cluin Date: 29 Sep 04 - 05:04 PM Back up your registry first before you alter anything in it. |
|
Subject: RE: Tech: Adware threats From: Bernard Date: 29 Sep 04 - 07:36 PM A friend of mine has a computer 'infected' with 'Windowws Hijacker' (sic), which is proving difficult to shift. Neither SpyBot nor Spy Sweeper can shift it, even though they claim to have done... What this particular nasty does is to hi-jack your home page, replacing it with its own... and prevents access to any other page in the process... |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 29 Sep 04 - 09:39 PM Most of the "hijacker" scum, apparently what you have, is a part of a program that you get tricked into installing. Since one way or another you usually (usually unwittingly?) give permission for the program to install, it isn't really a virus, so Norton ignores it. The fact that it does something you don't want is sort of academic. Most such things are removed by using the Start - Control Panel - Add Remove Software service, assuming you can figure out what garbage program contains them. Once the program is removed, Norton or other AV program may detect any remnants as virus/adware/spyware and may be able to remove it. If possible, you should find the specific name of the program that's causing your problem at your preferred AV maker's site, and get specific instructions there. MOST of the recently reported "hijack" adware changes your home page to its own for the purpose of dumping what it's collected about you. It often is real spyware, and often is quite invasive. I didn't find the specific name given, but if you go to Norton's web site and put "hijack" in the search box you'll get several generically similar "programs." John |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 29 Sep 04 - 09:48 PM try this program http://www.spychecker.com/program/hijackthis.html |
|
Subject: RE: Tech: Adware threats From: The Fooles Troupe Date: 29 Sep 04 - 11:50 PM HijackThis! (freeware) is useful for finding the home page hijacks. It's probably not as useful or as wide ranging as some other more recent anti-malware utils - but the owner of the util only intended it to do things that other ones at the time couldn't do. i use it form time to time to show up if anything has not been picked up by the others. They don't interact, so if one of the other utils has 'ignored' something - this one will pop it up for you to see. * HijackThis v1.97 * Written by Merijn - merijn@spywareinfo.com http://www.spywareinfo.com/~merijn/files/hijackthis.zip http://www.spywareinfo.com/~merijn/index.html |
|
Subject: RE: Tech: Adware threats From: The Fooles Troupe Date: 30 Sep 04 - 02:04 AM Oops... HijackThis Ver 1.98.2 Updated 09/13/2004 Robin |
|
Subject: RE: Tech: Adware threats From: GUEST Date: 07 Oct 04 - 03:01 PM i am having the same problem although i haven't a clue on how to solve it am still trying though |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 07 Oct 04 - 03:51 PM Gates: Microsoft to Tackle the Spyware Problem Microsoft chairman Bill Gates says he's never had a computer virus, but that adware and malware have him ticked off enough that Microsoft plans to do something about them. Precisely what that might be Gates didn't say, although the figure "hundreds of millions" of dollars was mentioned. Can't you hear the bugles? The cavalry is coming over the hill!!! John |
|
Subject: RE: Tech: Adware threats From: Bill D Date: 07 Oct 04 - 04:44 PM I hear the bugles! They're playing Traps, Revile, Assembler...and especially, Charge! |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 07 Oct 04 - 05:11 PM They're probably sending the 7th Cav... John |
|
Subject: RE: Tech: Adware threats From: The Fooles Troupe Date: 07 Oct 04 - 07:35 PM The General Custer Division... |
|
Subject: RE: Tech: Adware threats From: kendall Date: 08 Oct 04 - 07:41 AM Custer had it coming. |
|
Subject: RE: Tech: Adware threats From: The Fooles Troupe Date: 08 Oct 04 - 09:25 AM ... and he got it going... |
|
Subject: RE: Tech: Adware threats From: Shanghaiceltic Date: 08 Oct 04 - 08:41 PM This is a timely thread as I went to an mP3 site and some of there stuff has taken over my PC web browser. I will never go to theses sites again. They calimed they were ad-ware and psy-ware free. I was a mug to believe it. |
|
Subject: RE: Tech: Adware threats From: Shanghaiceltic Date: 09 Oct 04 - 12:17 AM I tried downloading Spywareblaster and Hijiack this on my PC. When I did I was prevented from doing it by a 'mysearch' type window popping up ans stopping the connection. Unless I am being a bit paranoic then it seems that this particular window knew where I wa going. So instead I used my wifes PC download both from hers onto a memory stick with no problem. No installed and run and things seem better. Crafty unsrcupulous bastards these adware and spyware people. |
|
Subject: RE: Tech: Adware threats From: The Fooles Troupe Date: 09 Oct 04 - 01:21 AM If you don't have these tools before you need them - you will often find nowadays that they are detecting them and trying to stop you - so get them NOW and put them somewhere safe - even if on an external disk to install later. But you should be running/updating them regularly. The Karen's Snooper utility (needs VBasic 6 run support files) is useful here if a background process is running - this little known utility logs every process that starts and stops. http://www.karenware.com/ |
|
Subject: RE: Tech: Adware threats From: GUEST,harleybabe_4@msn.com Date: 18 Oct 04 - 11:06 PM I scanned my computer and it said i had a mtrslib2(1).js adware CDT threat what is this also i had csieth.dll spyware cometc? please explain |
|
Subject: RE: Tech: Adware threats From: GUEST,Old Guy Date: 18 Oct 04 - 11:19 PM I use the Mozilla Firefox browser which is superior to Explorer and I never get hit with spyware etc. It will not allow popups by default. Likewise their Thunderbird mail client is immune to email viruses if you do not open them. Everyone I can convince to drop Explorer and Outlook love Mozilla. Get them free at Mozilla.org Old Guy |
|
Subject: RE: Tech: Adware threats From: Cluin Date: 18 Oct 04 - 11:58 PM Shanghaiceltic, it sounds suspiciously like you have a version of the CoolWebSearch malware. Look for a little program called CWShredder. It is specifically designed to remove CWS. I run it regularly; only takes a few seconds. You may have to run it a few times to clear all of the malware off your system. Then run Spybot S&D and Ad-Aware too. |
|
Subject: RE: Tech: Adware threats From: GUEST,HELGI Date: 30 Oct 04 - 08:00 PM mtrslib2[1}.JS WHAT IS THIS |
|
Subject: RE: Tech: Adware threats From: JohnInKansas Date: 31 Oct 04 - 01:13 AM This file is associated with a class of spyware exploits genrally classed under the name "W34.Spybot" by AV resources. Typical descriptions may be found by searching for "rbot" on any AV vendor site. If you include longer details of the filename you may not get results, because there are too many variants to index all of them. If you search for "rbot" at a typical AV vendor website, you are likely to get quite a few results, and you should examine them to get the variant that most closely matches what you've encountered. For illustration purposes only, ONE such result may be seen at W32.Spybot.FCD. This is a worm type infection, usually transmitted via IRC Chat sites. It typically attempts to take information from infected machines and transmit it to a target website. While some similar spyware attempts to take personal information which might be used for things like identity theft, most reported variants of this one appear to be seeking ID codes for computer games, probably for use in creating and distributing counterfeit copies of the games. There is no assurance however that an infected machine might not be subject to theft of more "personally significant" and more damaging information. This worm does make a number of Registry entries, so removal requires editing the Registry to delete keys that it puts there. This should be done after the "infecting" files have been removed by running a good AV program with current signature files. For operating systems that have "System Restore" capability, it is important that you turn off System Restore before running the AV, since the infection can be reinstalled if an infected "backup" Registry is reinstalled. Specific Registry keys that need to be deleted vary somewhat from one version to another for this worm, so it is important to visit an AV maker's site for instructions specific to the "version" with which your machine is infected. If you can't get an exact match, the removal procedures for a "most similar" version of the worm will probably be "close enough" to let you do a successful removal. John |
|
Subject: RE: Tech: Adware threats From: Shanghaiceltic Date: 01 Nov 04 - 12:41 AM Just downloaded a trial copy of Spysubtract and run it. I nealry fell off my seat when I saw what was on my PC. I thought Spybot was good but this one is far more comprehensive. |
| Share Thread: |