We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help! I have a advert bar that keeps coming back??
suzanna
Posts: 126 Forumite
in Techie Stuff
First of all please dont laugh at me if this seems silly and straight forward, but i'm worried i have a virus or something on my computer.
I have got Ad-aware on my computer and Zone Alarm Pro. I noticed that my laptop was running slower than normal and did ctl, alt, del and my CPU was going nuts at between 15% and 100%. I then did a scan using Ad-Aware and it found a critical object with the following info;
Name: Advert Bar
Type: Reg Key
Category: Data Miner
I quarantined it then deleted it and thought that would be the end but it keeps comming back everytime i turn the computer on!!
Is this a very bad thing that i seem to have or is it not too bad??
Can anyone please help me to get rid of it??
Thank you
Suzanna
p.s I hope what i have put makes sense i'm not mad really!!
I have got Ad-aware on my computer and Zone Alarm Pro. I noticed that my laptop was running slower than normal and did ctl, alt, del and my CPU was going nuts at between 15% and 100%. I then did a scan using Ad-Aware and it found a critical object with the following info;
Name: Advert Bar
Type: Reg Key
Category: Data Miner
I quarantined it then deleted it and thought that would be the end but it keeps comming back everytime i turn the computer on!!
Is this a very bad thing that i seem to have or is it not too bad??
Can anyone please help me to get rid of it??
Thank you
Suzanna
p.s I hope what i have put makes sense i'm not mad really!!
0
Comments
-
Try Disabling System Restore then remove the offending item.
Don't worry it's not that bad and I don't think your mad! :snow_grinThis site has saved me a fortune :money: ...it's also cost me a fortune! :doh:
© Tharweb 2006
0 -
Download HijackThis.zip from http://www.spywareinfo.com/~merijn/downloads.html and extract the contents of the zip file to a suitable directory on your hard drive. Run HijackThis and click 'Do a system scan and save a logfile' and post the results here.
Knowledgeable folks will then be able to tell you how to remove that advert bar and if you have any other malware on your machine.0 -
I have just read the above link. Could i ask how do i know how far back to restore my system(does it give me options? i'm not sue when i got this bug) and then how do i look for a file named advert bar and remove it??
Is there any reason it keeps coming back ?
Sorry i'm really not up on all this technical stuff.
thanks
Suzanna0 -
Chippy_Minton wrote:Download HijackThis.zip from http://www.spywareinfo.com/~merijn/downloads.html and extract the contents of the zip file to a suitable directory on your hard drive. Run HijackThis and click 'Do a system scan and save a logfile' and post the results here.
Knowledgeable folks will then be able to tell you how to remove that advert bar and if you have any other malware on your machine.
I will download this and post the results
Thank you
Suzanna0 -
I really hope this makes sense to you and i have posted the right thing so here goes;
Logfile of HijackThis v1.99.1
Scan saved at 00:27:43, on 02/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\suzanne woodford\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Web assistant - !!0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\!!85D5BBF8-3A3C-4C2E-BCA1-6EB61C3E51D5}: NameServer = 212.159.13.49,212.159.13.50
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I am going to restart my computer and see if its still there and if it is i will do this scan again and post it just incase it dosnt show as i quarantined it earlier.
Thank you
Suzanna0 -
Here is the new scan
Logfile of HijackThis v1.99.1
Scan saved at 00:37:20, on 02/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\suzanne woodford\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Web assistant - !!0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\!!85D5BBF8-3A3C-4C2E-BCA1-6EB61C3E51D5}: NameServer = 212.159.13.49,212.159.13.50
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thanks
Suzanna0 -
I Have just done the Ad-Aware scan and the bloody thing is back again (just incase you needed to know that?) Should i quarantine it again??0
-
I'm not familiar with this particular "advert bar/data miner", but these tend to be BHO's (browser helper objects), Personally, I use autoruns from sysinternals.com to identify (and disable) BHO's.
http://www.sysinternals.com/Utilities/Autoruns.html
From the hijack this log, you seem to have 3 BHO's, and 3 Toolbar companions. Does ad-aware give any indication as to which one is causing the problem? Do you have any adverts at the top of your browser, or any other program?
Do you have an exe called advertbar.exe anywhere on your PC, if so, try to delete it, if it won't delete, kill it in task manager first.
Failing that, this one ( ycomp5_5_7_0.d ll ) has a space in the name, so looks a bit iffy to me, you could use autoruns or Hijack This to disable it (I would try and do this and any scan in safe mode, in case there is an exe running at startup which continually reloads it).
If you do a search on google for this (or any other filename), you will get 1000's of lists of other peoples hijack this logs, which is one annoying aspect of hijack this, you can never find anything about a filename now, when doing google searches.., just hijack this logs.Ever get the feeling you are wasting your time? :rolleyes:0 -
before we start playing with your log file do this (which should sort it out):-
Download the trial version of Ewido Security Suite here.- Install ewido.
- During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido
- It will prompt you to update click the OK button and it will go to the main screen
- On the left side of the main screen click update
- Click on Start and let it update.
- DO NOT run a scan yet. You will do that later in safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
Run Ewido:- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan it will prompt you to clean files, click OK
- When the scan is finished, look at the bottom of the screen and click the Save report button.
- Save the report to your desktop
Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK
I see you have nortons installed , is it up to date ?? , do you still use it ??Ex forum ambassador
Long term forum member0 -
May I suggest that If using summet like AdAware run with system restore off
then run a scan then turn restore back on, also Microsoft Anti Spyware may do a better job it did with me lastnight
removing chtml Adware.
Ok ok lesson learnt bloomin freeserials.com :mad:
And run (if you have it) AVG in safe mode.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.5K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards