?
Solved

Can't uninstall ad blocking software

Posted on 2007-08-03
19
Medium Priority
?
731 Views
Last Modified: 2008-01-09
I  downloaded and installed some ad blocking software, Ad Annihilator, from Downloads.com. The software commandered Internet Explorer. When I tried to uninstall it, the uninstaller wasn't able to find the install.log file. I tried reinstalling, rebooting, uninstalling, rebooting but couldn't get rid of it.

Any suggestions?
0
Comment
Question by:trek2100
  • 4
  • 4
  • 3
  • +3
15 Comments
 
LVL 2

Expert Comment

by:spiritfan
ID: 19629877
If you haven't done so already, try using the control panel to uninstall it.

Another way that might remove it is to download HijackThis from: http://www.spywareinfo.com/~merijn/programs.php
then run "system scan only". Check mark all instances of Ad Annihilator and click "fix checked". I know Ad Annihilator is not a spyware, but this method still might remove it.

Good luck
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 240 total points
ID: 19630246
it did come with an uninstaller, some part of it may still be running.
have you contacted the product team about your problem?
How do you know if its this program blocking adds or popups?

 my preferred method of removal for stubourne program is safemode,
you may have to check the taskmanager, startup programs stop everything associated with this program.
ccleaner may clear out any left overs. delete everything including cookies( sorry you;ll have to logon to re-activate) delete the index.dat file.
http://www.ccleaner.com/
What is Index.dat file ?
http://www.acesoft.net/delete_index.dat_files.htm

startup inspector for windows is great to see whats loading with you windows
http://www.windowsstartup.com/

look in the regestry if your not experienced using the regestry dont, or at leat export the string  before deleteing.
to access the regestry
go to start run type regedit press enter
collapse it till all you see if the my computer, then at the top edit find type in Ad Annihilator hit find text then just wait.
Find the host string though. And delete it.
You may have to run a system file checker to repair IE6.
go to start run type in  sfc /scannow press enter you will be asked for OS disc.

try a system restore to before you installed it.

How to reinstall or repair Internet Explorer and Outlook Express in Windows XP
http://support.microsoft.com/kb/318378/EN-US/
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 19630473
I'm afraid Ad Annihilator is one of an increasing number of fake malware products that actually can be used to install more malicious products.

See http://www.2-spyware.com/corrupt-anti-spyware for further info.

Treat it as if it is a malware infection so try Spybot/AdAware and HijackThis afterwards to check you have cleared all the remaining traces.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 260 total points
ID: 19630940
Ad Anihilator is too aggressive program and not compatible with IE7, and their site won't give you any support when you uninstall any of their programs, but instead they offer you one of their uninstallers but you have to pay for it.

Since the uninstall wizard can't find the uninstaller, I'd suggest just deleting the Ad Anihilator folder from the Program Files folder and all the other related files, you can use registry cleaner too. Hijackthis could even remove some of the registry entries. The dead entry in add/remove programs will be also easy to remove later.

Yeah, I agree treat this like malware.
I don't have a separate popup blocker software, I guess Zone Alarm is doing it's job well for me.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19631166
No Vee_Mod, but MASQUERAID maybe staying, :)
It's 33 minutes past midnight and I haven't had a wink, I'm off to bed in a minute, :)
My brain cells need recharging.

@MASQUERAID,
I just saw your post at the other thread, I got here anyhow thanks.
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 19631188
OK folks I get the next 8 hour watch ;)  
I hope trek2100 has enough to fix this.  If not post again.
0
 

Expert Comment

by:junkyboy55
ID: 19632280
You might want to try ad-aware 2007 (free version) from LavaSoft. It will fix many of your malware needs and it has a feature called Ad-Watch which can help you in the future by detecting the malware as you are about to download it.

http://www.lavasoftusa.com/products/ad_aware_free.php
0
 

Author Comment

by:trek2100
ID: 19632814
Thanks to all who suggested solutions. IE is still acting kind of funny but a least I can access my web email.
0
 
LVL 70

Expert Comment

by:Merete
ID: 19632883
no probs, glad its gone,
 if IE is still acting funny run a system file checker, system is restore is also good bfore the time youinstalled these.
Please  be aware that it pays to delete these occasionally so as not bring back a poblem of malware.
While I'm here may I suggest you add some ectr protection,
use spyware blaster
It  doesn't scan and clean for spyware - it prevents it from ever being installed.
It's main features include:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially dangerous sites in Internet Explorer.

http://www.javacoolsoftware.com/spywareblaster.html
0
 

Author Comment

by:trek2100
ID: 19632897
Will take your advice and get SpywareBlaster. Have Anonymizer anti-spyware installed. I'm pretty careful about downloading from the internet. In this case I downloaded the software from Download.com. The editors review of the software gave it a 5 star rating and users gave it 4 stars so I thought I was safe.
0
 
LVL 70

Expert Comment

by:Merete
ID: 19633144
yes its become something of a hit and mis who can you trust, I don thave any other tools apart from my AVG spyware blaster and NAT, xpsp2 firewall. But i run ccleaner every time before closing my machine I clear out all my history and ie usage, run my avg when I boot up.
Update everything everyday.
Including windows updates which has the maliscious software remover updated every month.
where possible I always logon manually.
I ue hjackthis and post my logs here
http://www.hijackthis.de/ 
same place for  downlownload as it provides a result straight away.
I also have Panda and Trend  emails everyday notifying me of the latest threats.
Informed is well armed.
Cheers
Merete



0
 
LVL 70

Expert Comment

by:Merete
ID: 19633972
Vee_Mod: we were referring to installing programs off the internet with high ratings that can turn out to be nasties??
No one fromEE provided this program to  trek2100 to install he made that decision himself and found he had a problem and came to us
I dont understand your comment if you felt my final comment was referring to who one can trust here at experts exchange my comment was mis taken in context as i was referring trek2100 experince.
you do make a good point however.

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19634173
Glad to know it's gone, thanks!

Yeah, SpywareBlaster from Javacool is a great addition and it doesn't need any resources to protect you because it doesn't need to run in the background, all it needs is to check for updates like weekly or so and install if any, then re-enable all protection. I have it installed in my pc and I use its database a lot to check for bad 016 entries in Hijackthis.

SUPERAntispyware that Vee_Mod suggested is the best malware scanner out there so far. It has very good detection and removal rate compared to other leading malware scanners like SpySweeper, or AVG Antispyware.
And the best thing is it's free as an on-demand scanner with all the updates. The paid version has real-time protection.
Winhelp2002 hosts file is also a great protection to block ads, banners and hijackers.

You might like to check out TonyKlein's article to tighten your security, "How did I Get Infected in the First Place?"
http://forums.spybot.info/showthread.php?t=279


>>IE is still acting kind of funny but a least I can access my web email.<<
Let us check your Hijackthis log for any suspicious entries, some nasties can also hide from the scan, but there are also other diagnostic tool we can suggest if Hijackthis log shows up clean.



Vee_Mod,
Thanks for the compliments and kind words, I very much appreciate it.
0
 

Author Comment

by:trek2100
ID: 19634191
rpggamergirl,
It was suggested that I post a copy of my HiJackThis log. Being a new member, I don't know if its against policy to post it here or if I should post it in some other location for you to view.  My apologies to all if I posted it in the wrong location.

Logfile of HijackThis v1.99.1
Scan saved at 8:59:04 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
c:\program files\anonymizer\anonymizer software\common\AnonProxy.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Start Menu\Programs\UTILITIES\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy-memh3131d.network.fedex.com:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2569.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [S4F] "C:\Program Files\S4F\Filter7.exe"
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178825120215
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180830652217
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MaxSyncService (NTService1) -   - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19634293
trek2100,

Thanks for the log, apart from some registry clutters, I couldn't spot any suspicious entries present.
In what way is IE acting funny? would you mind to elaborate please.

>>I don't know if its against policy to post it here <<
There is no policy that I know of with regards to posting hijackthis log in the thread.
Though some Zone Advisors/PE will not allow hijackthis logs to be posted in their zones.
Usually it is recommended that logs are uploaded to EE-Stuff.com or to any hosting sites for 2 reasons that I know of:
1. Because some logs are too long and clutters up the thread and it's much easier for those searching in the FAQ if they don't need to scroll the long threads looking for solutions.

2. Sometimes personal identifiable info can show up in the log usually IF hijackthis is run from the temp folder or under Documents  & Settings folder and if real names are being used as user account. So it's for the log owner's own privacy that EE puts into consideration.
In other words, if the Asker is happy to post his log then that's alright. I always removed any personal identifiable info in the log if I see it.

Personally I prefer if Askers paste their hijackthis logs on the question.
In my assigned zones I will delete only long logs like Combofix, autoruns, SilentRunners etc.
Hijackthis zone is the best place to post hijackthis logs, but if the question is posted somewhere else and an expert asks for Hijackthis log then it's okay too.

0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses
Course of the Month17 days, 4 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question