Adaware to delete or not to delete

  • Thread starter z4955
  • Start date
111
0
I have ad aware SE personal edition and ran it. it picked up some critical objects and a whole bunch of negligible objects. how do I know what to delete and what not to delete? I've heard that if I just delete all of it there might be something the computer needs to run properly. I don't want to mess up my system by deleting something it needs, but I want to get rid of anything else that would be harmful. advice, plz!
 
155
0
well i use my general rule of thumb that if its located within the /system folder, dont delete it - some adaware is located there yes, but most are classified as priority deletes or what-not
 

Pengwuino

Gold Member
4,854
14
Yah, TsunamiJoe has it...

Post a screenshot and maybe we can help determine which ones to delete and which not to delete. Be careful about files in teh system directory though because some adware or spyware or viruses will diguise themselves by using file names very similar to normal system ones. rundll32.exe for example, has a name similar to it like rundl32.exe which is in actuality a virus. rundll32.exe is the real system file... be careful to check for near-spellings and such.
 
911
0
Adaware makes backups of everything it "deletes." If you have a system problem after Adaware "deletes" some items, then procede to run Adaware's restore function.
 

PerennialII

Science Advisor
Gold Member
898
0
......... and google everything you're not aware of before deletion & see if the symptoms and descriptions match.
 
155
0
also my personal favorite is a program called registry mechanic - it solves all my problems lol, (you may need to fake register it of course lol, but keep that on the DL there buddy :) )
 

Pengwuino

Gold Member
4,854
14
lol keeping it on the DL is really contrary to posting it in a public thread :P
 
59
0
from my experience, Adaware is excellent software. I have been using it with my customized settings to scan and I always mindlessly just press "next" because I trust it so much to not delete something vital. =)

I would tentatively suggest you to trust to delete, but to be safe, scan the things it finds for any "red flags"; this would be effective proportional to the amount of computer experience and knowledge you have =)

Hope that helps!
Art
 
56
0
I've used Adaware for ages and I always delete everything it finds. If malware has a name similar to a system file it won't delete the system file because it's looking for the signature of the malware inside the file. It doesn't do it by name.

Anyway, I of course take no resposibility should your system crash. :smile: But as I said, I always delete everything and I've never had a problem.

You can also set a system restore point before running it. And always check for updates!
 
210
0
I find spybot is the best at removing Spyware... Anyway prevention is the best remedey so you FireFox and wont get anywhere near the amount of malware on your internet browsing PC
 
155
0
lol keeping it on the DL is really contrary to posting it in a public thread :P
you caught me! lol

but yes firefox is nice, and if you dont use any p2p stuff, you ought not get any more bad stuff i wouldnt think
 
59
0
I've been using IE for a long time with absolutely no problems, I've tightened up the security settings, I run Adaware only when I contract a virus, and my 866mHz computer still runs as smooth as a kitty =)
Prevention, yes.
Avoid pornography and "bad" sites, and be wary of what you click.
Sites with popups, etc.
 
155
0
true but artemis, alot of people need low internet security for sites and even certain certificates, and even then you dont even have to click on things nowadays to contract spyware and the like
 
111
0
Thanks guys! :)
How do you do a screenshot???
how do I check for correct spellings of actual files vs. viruses?
where can I find 'registry mechanic'?
what is DL??
and what is p2p stuff???

sorry to be so ignorant, but I'm still learning. lol
I have firefox, but some things don't seem to want to work with it such as my propel accelerator and popup blocker. I avoid porn sites and don't click on any ads or pop ups or anything. who said cybering was safe sex? LMAO!!! DON'T GO THERE!!!
 
19
0
"How do you do a screenshot???"

Screenshot key, top right of your key board...probably says something like "print screen" on it.

"how do I check for correct spellings of actual files vs. viruses?"

Often times, you can't. And actually, if you have an excessive number of svchost.exe's running, you're probably being used...nothing too much to worry about unless you have random uploading/downloading.

As far as viruses go...

Be very careful...and honestly, if a virus is only one file, it'll probably just be idling there anyway...I have five "viruses" on my computer, though they really aren't. Probably some cheap trojan or dumb file...then again I don't keep anything personal on here so nothing to worry about. :tongue2: But there's not too much to be afraid of if the virus program says it's a baddy, just manually go in and delete the sucker.

"where can I find 'registry mechanic'?"

Honestly I wouldn't worry about these, they always make me uneasy. I prefer to edit registry myself, and only if I must.

"what is DL??"

In this case, "down-low", means keep it secret. However, it's also often used as a short cut way of saying download.

"and what is p2p stuff???"

I know that as pay-to-play for games, or it can be used as peer-to-peer as in file sharing.


And coming from a guy who has experienced all spyware imaginable, I've always been able to get rid of it. A combo of ad-aware, spybot, hijack this, and a little use of my own noodle, nothing can stand up to me. :)

As a note, DON'T CLICK ANY OF THE LINKS THAT ARE BELOW, THEY ARE MERELY THERE TO SHOW YOU NAMES OF THE FILES TO DELETE. OTHERWISE YOU'RE POSSIBLY IN FOR SOME NASTY SPYWARE. *caps off*

Since I'm here, I"ll post my little spyware removal steps:

In Windows Explorer, make sure that the option to "show all files and folders, including hidden and system" is turned on. Open a my computer window, then go to "tools, folder options, view"...then look under that list.

Update all of your spyware removal programs.

Reboot in safe mode. Some computers do F8 or F11, differs. The only sure way is to go to run, type in msconfig, then under "boot.ini" click "safeboot". To come back out of this, just do the same thing except click normalboot.

Empty the "Temp" folder:
C:\Documents and Settings\{user}\Local Settings\Temp (some computers can't take deleting them all at once if you've let them build up too much, in this case, delete portions at a time)

Delete all cookies (Don't really have to...but may as well be safe)

Run hijackthis (search google for it, handy thing) with nothing open except for it alone. If you'd like, and I recommend it, allow it to create a restore point. You shouldn't have to use it, but if you screw up it's good to have a backup.

Let HJT fix ANYTHING you have of the following items (click the box):

Fix ANY of these Running processes: if you have them:
C:\WINDOWS\winupdate.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\System32\twink64.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe

Fix ALL R0 and R1 if you have Begin2search, Coolwebsearch or any other pesky Search, such as:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Search***istant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

Fix ANY R3 with (no file) or (file missing) such as:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - Default URLSearchHook is missing

Fix ALL 01 entries:
O1 - Hosts: 216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.websearch.com

Fix ANY O2 with (no name) and either (no file) or (file missing), such as:
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)

Fix ANY of these O2, O3 and O4, they are guaranteed BADDIES, shoot them down:
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\SYSTEM\DSKTRF.DLL
O2 - BHO: ohb Cl*** - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll
O2 - BHO: MultiMPPObj Cl*** - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Cl*** - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll

O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM\WINB2S32.DLL

O4 - HKLM\..\Run: [SoundMan] soundman.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [svc] C:\WINDOWS\system32\svc.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [vs2P38h] oddtreg.exe ..... (this one's [name between brackets] might vary)
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe

These are (real) samples of spyware. Anything looking like them is suspicious.
If you have any, do a "Google" with only the file-name. If you can't find it, fix it. When in doubt, leave it for now.
O4 - HKLM\..\Run: [mqkumupqecyfw] C:\WINDOWS\System32\xvbfxo.exe
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [bgsocc] C:\WINDOWS\System32\bgsocc.exe
O4 - HKLM\..\Run: [jmruplg] C:\WINDOWS\Lmddwz.exe
O4 - HKLM\..\Run: [pgtaff] C:\WINDOWS\pgtaff.exe

Fix this 09 if you have it:
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Fix these 014 if you have them:
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

Fix ALL O16 - DPF: entries, even if they have familiar/trusted/common names, such as:
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Cl***) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab [Broken]


Also, any of these you should delete too.

C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
C:\WINDOWS\System32\CFGMGR32.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
C:\WINDOWS\System32\??rss.exe
C:\WINDOWS\System32\Szqu0w1A.exe
C:\WINDOWS\System32\Twu3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mustangsandmore.com/cgi-...1000&LastLogin= [Broken]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mustangsandmore.com/cgi-...1000&LastLogin= [Broken]
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {3CA03C79-9265-26CC-D104-15550AF52934} - C:\WINDOWS\System32\jfujibxr.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\9FAaQWyv.dll

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [stlyh] C:\documents and settings\scott macleod\local settings\temp\stlyh.exe
O4 - HKLM\..\Run: [ak0HRs1w] C:\PROGRA~1\wroowwvt\vrssotp.exe
O4 - HKLM\..\Run: [boag7m5u] C:\documents and settings\scott macleod\local settings\temp\boag7m5u.exe
O4 - HKLM\..\Run: [af40d78e1561] C:\WINDOWS\System32\CFGMGR32.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Han442nJ.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Scott MacLeod\Local Settings\Temp\msCE.tmp"
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Scott MacLeod\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Zsha] C:\WINDOWS\System32\??rss.exe

O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/gam...nts/y/ht0_x.cab [Broken]
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab [Broken]
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0d [Broken] 3e80deecaa8
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll [Broken]
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh...n/bin/cabsa.cab [Broken]
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.dll [Broken]
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab [Broken]
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab [Broken]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yah...ebio5_0_2_1.cab [Broken]


Now hit the Fix checked button and let HijackThis do what it is good at...


After HJT is finished, while still in Safe Mode, delete any of these directories if you have them:
C:\Program Files\AWS\WEATHE~1
C:\Program Files\AWS
C:\Program Files\Web Offer
C:\Program Files\Windows ControlAd
C:\Program Files\AutoUpdate
C:\Program Files\Common Files\WinTools
C:\Program Files\TV Media
C:\WINDOWS\System32\P2P Networking
After HJT is finished, while still in Safe Mode, delete these directories:
C:\Program Files\Windows ControlAd\
C:\WINDOWS\System32\P2P Networking\
C:\Program Files\wroowwvt\


Next, run adaware with in-depth scan, full scan.

Then spybot: search and destroy, and then click immunize after running that scan.


Just go back to msconfig as before, mentioned up there, and you'll reboot to a nice shiny computer. :)
 
Last edited by a moderator:
19
0
Oh, and firefox is over-rated in my opinion. It's cool and all but IE's fine. It's your choice though, of course.

Google toolbar and windows blockers do well enough unless you nearly go out of your way to get spyware...and it also helps to be familiar with the sites you go to. Avoiding bad things comes with experience.
 
1,120
7
wow That was a GREAT post! Thank you so much for posting that!
 

Related Threads for: Adaware to delete or not to delete

Replies
17
Views
2K
  • Posted
Replies
2
Views
16K
  • Posted
Replies
2
Views
7K
  • Posted
Replies
1
Views
2K
  • Posted
Replies
2
Views
2K
  • Posted
Replies
15
Views
4K
Replies
11
Views
2K
Top