Printable Version | Subscribe | Add to Favourites
New Topic New Poll New Reply
Author: Subject: Major Adware problem
zzrpowerd-locost

posted on 9/11/05 at 12:54 PM Reply With Quote
Major Adware problem

Has anyone come across this adware

ADV TARGETSAV.B

How did you get rid?

Trend mirco's online scan picked it up, followed their instructions to remove it but still there!

View User's Profile E-Mail User View All Posts By User U2U Member
flak monkey

posted on 9/11/05 at 12:58 PM Reply With Quote
Spybot and HijackThis are your friends in this case:

http://www.safer-networking.org/en/download/

http://www.merijn.org/files/hijackthis.zip

David





Sera

http://www.motosera.com

View User's Profile Visit User's Homepage View All Posts By User U2U Member
zzrpowerd-locost

posted on 9/11/05 at 02:16 PM Reply With Quote
thanks for the reply! Already tried spybot, dont even pick it up! just run hijackthis and saved logfile, can you help me make sense of it?

cheers ashley

View User's Profile E-Mail User View All Posts By User U2U Member
flak monkey

posted on 9/11/05 at 02:28 PM Reply With Quote
Yeah. Either copy and paste the contents of the files (should be notepad) here, or email it to me and I will see if I can spot anything.

David





Sera

http://www.motosera.com

View User's Profile Visit User's Homepage View All Posts By User U2U Member
flak monkey

posted on 9/11/05 at 02:50 PM Reply With Quote
Running processes look fine.

The O1 entry is suspicious since it usually means that the auto search has been hijacked. Though it could be nothing to worry about. No harm in deleting that one anyway.

The only other questionable entries are:

O4 - HKCU\..\Run: [qfwu] C:\PROGRA~1\COMMON~1\qfwu\qfwum.exe

I dont know what that is and google, unusually, doesnt either. If you know what it could be then leave it alone.

The other one:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab />
Thats ok if you have smiley central installed. However they are prone to chucking up lots of ads! So I would personally get rid of that if you can.

Remember to close all your browser windoes etc when you do the fix.

David





Sera

http://www.motosera.com

View User's Profile Visit User's Homepage View All Posts By User U2U Member
zzrpowerd-locost

posted on 9/11/05 at 05:25 PM Reply With Quote
hi david

email sent

ash

View User's Profile E-Mail User View All Posts By User U2U Member
flak monkey

posted on 9/11/05 at 05:38 PM Reply With Quote
back atcha





Sera

http://www.motosera.com

View User's Profile Visit User's Homepage View All Posts By User U2U Member
zzrpowerd-locost

posted on 9/11/05 at 06:28 PM Reply With Quote
this is the trend site about it

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FTARGETSAV%2EB

ash

View User's Profile E-Mail User View All Posts By User U2U Member
jestre

posted on 10/11/05 at 11:32 AM Reply With Quote
just a side thought but, have you run your adaware/spybot/whateverelse is safe mode with system restore turned off?





-=too much horsepower is just enough=-

View User's Profile E-Mail User Visit User's Homepage View All Posts By User U2U Member

New Topic New Poll New Reply


go to top






Website design and SEO by Studio Montage

All content © 2001-16 LocostBuilders. Reproduction prohibited
Opinions expressed in public posts are those of the author and do not necessarily represent
the views of other users or any member of the LocostBuilders team.
Running XMB 1.8 Partagium [© 2002 XMB Group] on Apache under CentOS Linux
Founded, built and operated by ChrisW.