Adaware to delete or not to delete

  • Thread starter z4955
  • Start date
  • Tags
    Delete
In summary: Be careful of what you click. Avoid porn sites and "bad" sites. Spybot is good at removing spyware. Registry Mechanic is good for fixing problems. P2P is using file sharing programs without encryption.
  • #1
z4955
111
0
I have ad aware SE personal edition and ran it. it picked up some critical objects and a whole bunch of negligible objects. how do I know what to delete and what not to delete? I've heard that if I just delete all of it there might be something the computer needs to run properly. I don't want to mess up my system by deleting something it needs, but I want to get rid of anything else that would be harmful. advice, please!
 
Computer science news on Phys.org
  • #2
well i use my general rule of thumb that if its located within the /system folder, don't delete it - some adaware is located there yes, but most are classified as priority deletes or what-not
 
  • #3
Yah, TsunamiJoe has it...

Post a screenshot and maybe we can help determine which ones to delete and which not to delete. Be careful about files in teh system directory though because some adware or spyware or viruses will diguise themselves by using file names very similar to normal system ones. rundll32.exe for example, has a name similar to it like rundl32.exe which is in actuality a virus. rundll32.exe is the real system file... be careful to check for near-spellings and such.
 
  • #4
Adaware makes backups of everything it "deletes." If you have a system problem after Adaware "deletes" some items, then procede to run Adaware's restore function.
 
  • #5
... and google everything you're not aware of before deletion & see if the symptoms and descriptions match.
 
  • #6
also my personal favorite is a program called registry mechanic - it solves all my problems lol, (you may need to fake register it of course lol, but keep that on the DL there buddy :) )
 
  • #7
lol keeping it on the DL is really contrary to posting it in a public thread :P
 
  • #8
from my experience, Adaware is excellent software. I have been using it with my customized settings to scan and I always mindlessly just press "next" because I trust it so much to not delete something vital. =)

I would tentatively suggest you to trust to delete, but to be safe, scan the things it finds for any "red flags"; this would be effective proportional to the amount of computer experience and knowledge you have =)

Hope that helps!
Art
 
  • #9
I've used Adaware for ages and I always delete everything it finds. If malware has a name similar to a system file it won't delete the system file because it's looking for the signature of the malware inside the file. It doesn't do it by name.

Anyway, I of course take no resposibility should your system crash. :smile: But as I said, I always delete everything and I've never had a problem.

You can also set a system restore point before running it. And always check for updates!
 
  • #10
I find spybot is the best at removing Spyware... Anyway prevention is the best remedey so you FireFox and won't get anywhere near the amount of malware on your internet browsing PC
 
  • #11
lol keeping it on the DL is really contrary to posting it in a public thread :P

you caught me! lol

but yes firefox is nice, and if you don't use any p2p stuff, you ought not get any more bad stuff i wouldn't think
 
  • #12
I've been using IE for a long time with absolutely no problems, I've tightened up the security settings, I run Adaware only when I contract a virus, and my 866mHz computer still runs as smooth as a kitty =)
Prevention, yes.
Avoid pornography and "bad" sites, and be wary of what you click.
Sites with popups, etc.
 
  • #13
true but artemis, a lot of people need low internet security for sites and even certain certificates, and even then you don't even have to click on things nowadays to contract spyware and the like
 
  • #14
Thanks guys! :)
How do you do a screenshot?
how do I check for correct spellings of actual files vs. viruses?
where can I find 'registry mechanic'?
what is DL??
and what is p2p stuff?

sorry to be so ignorant, but I'm still learning. lol
I have firefox, but some things don't seem to want to work with it such as my propel accelerator and popup blocker. I avoid porn sites and don't click on any ads or pop ups or anything. who said cybering was safe sex? LMAO! DON'T GO THERE!
 
  • #15
"How do you do a screenshot?"

Screenshot key, top right of your key board...probably says something like "print screen" on it.

"how do I check for correct spellings of actual files vs. viruses?"

Often times, you can't. And actually, if you have an excessive number of svchost.exe's running, you're probably being used...nothing too much to worry about unless you have random uploading/downloading.

As far as viruses go...

Be very careful...and honestly, if a virus is only one file, it'll probably just be idling there anyway...I have five "viruses" on my computer, though they really aren't. Probably some cheap trojan or dumb file...then again I don't keep anything personal on here so nothing to worry about. :-p But there's not too much to be afraid of if the virus program says it's a baddy, just manually go in and delete the sucker.

"where can I find 'registry mechanic'?"

Honestly I wouldn't worry about these, they always make me uneasy. I prefer to edit registry myself, and only if I must.

"what is DL??"

In this case, "down-low", means keep it secret. However, it's also often used as a short cut way of saying download.

"and what is p2p stuff?"

I know that as pay-to-play for games, or it can be used as peer-to-peer as in file sharing.


And coming from a guy who has experienced all spyware imaginable, I've always been able to get rid of it. A combo of ad-aware, spybot, hijack this, and a little use of my own noodle, nothing can stand up to me. :)

As a note, DON'T CLICK ANY OF THE LINKS THAT ARE BELOW, THEY ARE MERELY THERE TO SHOW YOU NAMES OF THE FILES TO DELETE. OTHERWISE YOU'RE POSSIBLY IN FOR SOME NASTY SPYWARE. *caps off*

Since I'm here, I"ll post my little spyware removal steps:

In Windows Explorer, make sure that the option to "show all files and folders, including hidden and system" is turned on. Open a my computer window, then go to "tools, folder options, view"...then look under that list.

Update all of your spyware removal programs.

Reboot in safe mode. Some computers do F8 or F11, differs. The only sure way is to go to run, type in msconfig, then under "boot.ini" click "safeboot". To come back out of this, just do the same thing except click normalboot.

Empty the "Temp" folder:
C:\Documents and Settings\{user}\Local Settings\Temp (some computers can't take deleting them all at once if you've let them build up too much, in this case, delete portions at a time)

Delete all cookies (Don't really have to...but may as well be safe)

Run hijackthis (search google for it, handy thing) with nothing open except for it alone. If you'd like, and I recommend it, allow it to create a restore point. You shouldn't have to use it, but if you screw up it's good to have a backup.

Let HJT fix ANYTHING you have of the following items (click the box):

Fix ANY of these Running processes: if you have them:
C:\WINDOWS\winupdate.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\System32\twink64.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe

Fix ALL R0 and R1 if you have Begin2search, Coolwebsearch or any other pesky Search, such as:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

Fix ANY R3 with (no file) or (file missing) such as:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - Default URLSearchHook is missing

Fix ALL 01 entries:
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com

Fix ANY O2 with (no name) and either (no file) or (file missing), such as:
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

Fix ANY of these O2, O3 and O4, they are guaranteed BADDIES, shoot them down:
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF.DLL
O2 - BHO: ohb Cl*** - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: MultiMPPObj Cl*** - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Cl*** - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL

O4 - HKLM\..\Run: [SoundMan] soundman.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [svc] C:\WINDOWS\system32\svc.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vs2P38h] oddtreg.exe ... (this one's [name between brackets] might vary)
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

These are (real) samples of spyware. Anything looking like them is suspicious.
If you have any, do a "Google" with only the file-name. If you can't find it, fix it. When in doubt, leave it for now.
O4 - HKLM\..\Run: [mqkumupqecyfw] C:\WINDOWS\System32\xvbfxo.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [bgsocc] C:\WINDOWS\System32\bgsocc.exe
O4 - HKLM\..\Run: [jmruplg] C:\WINDOWS\Lmddwz.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe

Fix this 09 if you have it:
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Fix these 014 if you have them:
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

Fix ALL O16 - DPF: entries, even if they have familiar/trusted/common names, such as:
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Cl***) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab


Also, any of these you should delete too.

C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
C:\WINDOWS\System32\CFGMGR32.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
C:\WINDOWS\System32\??rss.exe
C:\WINDOWS\System32\Szqu0w1A.exe
C:\WINDOWS\System32\Twu3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mustangsandmore.com/cgi-...1000&LastLogin=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mustangsandmore.com/cgi-...1000&LastLogin=
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {3CA03C79-9265-26CC-D104-15550AF52934} - C:\WINDOWS\System32\jfujibxr.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\9FAaQWyv.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [stlyh] C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
O4 - HKLM\..\Run: [ak0HRs1w] C:\PROGRA~1\wroowwvt\vrssotp.exe
O4 - HKLM\..\Run: [boag7m5u] C:\documents and settings\scott macleod\local settings\temp\boag7m5u.exe
O4 - HKLM\..\Run: [af40d78e1561] C:\WINDOWS\System32\CFGMGR32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Han442nJ.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\msCE.tmp"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Zsha] C:\WINDOWS\System32\??rss.exe

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/gam...nts/y/ht0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0d 3e80deecaa8
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.dll
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_1.cab


Now hit the Fix checked button and let HijackThis do what it is good at...


After HJT is finished, while still in Safe Mode, delete any of these directories if you have them:
C:\Program Files\AWS\WEATHE~1
C:\Program Files\AWS
C:\Program Files\Web Offer
C:\Program Files\Windows ControlAd
C:\Program Files\AutoUpdate
C:\Program Files\Common Files\WinTools
C:\Program Files\TV Media
C:\WINDOWS\System32\P2P Networking
After HJT is finished, while still in Safe Mode, delete these directories:
C:\Program Files\Windows ControlAd\
C:\WINDOWS\System32\P2P Networking\
C:\Program Files\wroowwvt\


Next, run adaware with in-depth scan, full scan.

Then spybot: search and destroy, and then click immunize after running that scan.


Just go back to msconfig as before, mentioned up there, and you'll reboot to a nice shiny computer. :)
 
Last edited by a moderator:
  • #16
Oh, and firefox is over-rated in my opinion. It's cool and all but IE's fine. It's your choice though, of course.

Google toolbar and windows blockers do well enough unless you nearly go out of your way to get spyware...and it also helps to be familiar with the sites you go to. Avoiding bad things comes with experience.
 
  • #17
wow That was a GREAT post! Thank you so much for posting that!
 

Related to Adaware to delete or not to delete

1. Should I delete Adaware from my computer?

It depends on your personal preference and needs. Adaware is an anti-malware software that helps protect your computer from potential threats. If you do not have any other anti-malware software and are concerned about your computer's security, it may be beneficial to keep Adaware. However, if you have another reliable anti-malware program, you may choose to delete Adaware to free up space on your computer.

2. Is Adaware safe to use?

Yes, Adaware is safe to use. It is a legitimate anti-malware software that has been trusted by millions of users for over 20 years. However, it is important to download Adaware from a reputable source to ensure that you are downloading the official version of the software and not a potentially harmful copy.

3. How do I know if I have Adaware on my computer?

If you are unsure if you have Adaware on your computer, you can check your list of installed programs. To do this, go to your computer's Control Panel and select "Programs and Features" or "Add/Remove Programs." If Adaware is listed, it is installed on your computer.

4. Can I disable Adaware instead of deleting it?

Yes, you can disable Adaware if you do not want to completely delete it from your computer. To do this, open the Adaware program and go to the "Settings" menu. From there, you can select "Disable" to turn off the program's real-time protection. Keep in mind that this will leave your computer vulnerable to potential threats.

5. How often should I run Adaware?

It is recommended to run Adaware at least once a week to ensure that your computer is protected from any potential threats. However, you may choose to run it more frequently if you regularly download files from the internet or visit websites that may contain harmful content.

Similar threads

  • Computing and Technology
Replies
12
Views
698
Replies
2
Views
2K
  • Programming and Computer Science
2
Replies
50
Views
4K
Replies
2
Views
743
  • Programming and Computer Science
Replies
2
Views
1K
  • Special and General Relativity
Replies
1
Views
1K
  • Programming and Computer Science
Replies
9
Views
1K
Replies
12
Views
4K
  • Quantum Interpretations and Foundations
Replies
25
Views
1K
Back
Top