Solved

Trying to remove Spyware/Adware coming from www.ad-a-w-a-r-e.com.

Posted on 2004-09-20
5
292 Views
Last Modified: 2010-04-11
Hello,

I have a user in our organization that it consistenly getting windows that are popping up that have the above website address in them.  As of right now, I have added the following information to the hosts file that is on the user's XP Pro machine:

127.0.0.1   www.ad-a-w-a-r-e.com

However, several of these pop-up duing the day on the user's machine.  The user gets the page cannot be displayed message, but that is still somewhat annoying.

I've ran Ad-Aware SE, SpyBot S&D and HijackThis! all the latest editions with the latest definition files, but they do not find anything that seems out of the ordinary.

Can anyone help me figure out where these www.ad-a-w-a-r-e.com messages are coming from?

Thank you,
theposse
0
Comment
Question by:theposse
5 Comments
 
LVL 4

Expert Comment

by:beem4n
ID: 12109347
Hi,
try installing panda antivirus - it works good with spybots.

Also you can run "msconfig" -> and check what files are loading at startup.
Locate by the name your spyware - remove it from startup, reboot, then delete manually from hdd.
0
 
LVL 21

Expert Comment

by:jvuz
ID: 12111088
Check with stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 21

Expert Comment

by:jvuz
ID: 12111090
0
 
LVL 1

Assisted Solution

by:sevie
sevie earned 100 total points
ID: 12114543
Xp AntiSpy - http://www.xp-antispy.org/  for turning off unneeded Win XP services that only can generat u trafic and can be used as back door

Those programs are very useful for cleaning spywares:
SpySweeper - http://www.spychecker.com/program/spysweeper.html
SpywareBlaster - http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder - http://www.spychecker.com/program/coolwebshredder.html
Stinger - http://vil.nai.com/vil/stinger 
Anti-Trojan 5.5.421 -
a2free  - http://www.emsisoft.com/en/ 
bazookasetup - http://www.kephyr.com/spywarescanner/
BHODemon 2.0
LSPFix  - http://cexx.org/lspfix.htm 
Spyware Doctor
Spy-Ad Exterminator  - http://www.oreware.com 
ect

and use a firewall to stop the unwanted trafic


0
 
LVL 3

Accepted Solution

by:
browolf earned 25 total points
ID: 12505803
one of  the problems with that url is you cant look for it in google cos it ignores the '-' ,  which means you need to use a different search engine. I found this page
http://computing.net/security/wwwboard/forum/13928.html
which contains the following helpful advice:

For those who are suffering like I did with constant pop-up ads from ad-w-a-r-e.com the situation's been resolved.

It turns out I'd been infected by 'Look2Me', the common name for the 'VX2.BetterInternet' trojan. Here are the steps I took (BREAK@MMX YOU ROCK HARDCORE!):

1. Internet Explorer > "Tools" Pulldown > "Internet Options..." > "Advanced" tab > Turn off all the 'Install On Demand' as well as 'Enable third party browser extensions'. That'll keep it from being downloaded in the first place.

2. http://downloads.subratam.org/VX2Finder9x(126).exe > Run From Current Location. This will wipe it out if you do have it.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lightweight Networking 9 61
length of the password hash sha1:64000 to set sql field property. 13 66
Cisco Router Security Commands. 2 31
CDC and AOG on MS SQL 2012 13 25
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question