Trouble with Adssite

Hi there


I picked up the Adssite problem about a month ago and have been battling it ever since. Working with another malware tech on another site we threw a gambit of removers, scanners, you name it at this thing and it still won't go away.
Even tried to delete it from my registry and it kept coming back.

Now, we managed to damage it enough that I only get about five or six Adssite ads throughout the day and stopped the whole firefox wanting to randomly shut down.
I'm just wondering if there's any way to be completely rid of it.
Nothing seems to work so I'm looking for any and all help. Thanks in advance!

This is my first time using this forum so I hope I'm attaching the right logs for you guys. Just let me know if you need anything else.

 

Hi TheFink!
Welcome to Major Geeks!
Let me take a look at your logs (this takes time!) and I'll get back to you.
abri

 

Hi TheFink!

Not an easy one you brought me. Couple of questions to start with:

1) Do you know why Pocket Killbox has one of your Windows updates in its backup files?
WindowsXP-KB900485-v2-x86-ENU.exe <----- this one

2) You have a lot of spyware programs on your computer. Are they paid or trial versions? Like
Spyware Doctor, for instance.

3) You have a program on your computer called CUPLOADER. Do you know what this is?
And this?: GoPetsWeb

4) Do you remember which scans you've already run and when this problem started?


Okay, and now I would like to ask you to do the following:

1) When you ran your previous scans, did you have TeaTimer disabled? TeaTimer blocks some fixes. I'll post the instructions here for how to disable it:

Disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Go to add/remove programs and uninstall the below:

- Viewpoint Media Player
- J2SE Runtime Environment 5.0 Update 10
- J2SE Runtime Environment 5.0 Update 1
- J2SE Runtime Environment 5.0 Update 6
- J2SE Runtime Environment 5.0 Update 9
- Java 2 Runtime Environment, SE v1.4.2_05

3) Now Reboot your computer after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment


5) Run HijackThis (it's called analyse.exe under C:\MGTools) and select Do a system scan only. Select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

After you click fix, just close hijackthis.



6) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

6) Make sure you tell me how things are working now!


7) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

8) If the adsite or adssite popup is still there, please remove any toolbars and add-ons you have in your browsers.


9) Please run C:\MGTools.exe again (located under C:\ ) and attach a fresh MGlogs.zip along with the Avenger log.


Let me know how things are running now?

abri

 

Hello abri

Firstly let me say thank you for taking my case, yeah it’s a bit tricky huh? I’ll try and do my part on my end as best I can to get this thing off my computer.

Alright, let’s see. If Pocket Killbox is a spyware program then it’s probably from a long time ago when I had to use Killbox on another problem. Why it has the update file attached to it I have no idea.

As far as all those spyware programs they are either freeware or trial versions. Basically it’s all the stuff techs have told me to download to fix issues. I just never got around to deleting anything, should I? What’s funny is since it’s all still here it saves me a bit of time since I don’t have to re-download anything haha.

I have no clue what Cuploader is nor what it’s associated with. With GoPetsWeb, I could be wrong about its origin, but I use MSN messenger with a friend to chat and sometimes we play the MSN online games, I know they like to download a lot of stuff to your computer in order to play, that might be where that came from.

The scans and programs I’ve run on this thing are: AVG, DrWeb-CureIt, PrevxCSI, Spyware Doctor, Super-Anti-Spyware, Spybot S&D, and ComboFix. I’ve also run uninstalls like say, if I remember this correctly, rightonadz_uninstall.exe and adssite sidebar_uninstall.exe....etc. I’ve also tried to directly delete any mention of adssite from my registry with no luck.

Alright, all done. So far no ads but I’ll see what happens in the next 24 hours. ::crosses fingers::
I’ve attached a new MGlogs.zip for you and I’m unfamiliar with the Avenger log you requested, I don’t think I have that currently, just let me know what you want me to do for that.


Edit: Mmm just got an ad a moment ago.

 

Hi TheFink,

I hope that your problem is resolved. Time should tell.

Please go to add/remove programs and uninstall the following:

- Spyware Doctor
- Viewpoint Media Player

If you can't uninstall Viewpoint Media Player, please run this:
ViewpointKiller

There are two different adware problems, one is called adsite and one is called adssite. I want to make sure that yours has two s's.

There is a poster named flints who shares the same problem with you. You may be interested in reading that thread. I've been looking for similiarities in your logs. That thread is at this address:

http://forums.majorgeeks.com/showthread.php?t=145726


Let me know if the adware continues to be gone.
abri

 

Hi Abri

Well I uninstalled Spyware Doctor and Viewpoint with no problems . I did though throughout today get two more pop-ups. Also I did take note on which one it was and it's Adssite, hope that helps.

 

Hi TheFink,
Please look in your add/remove programs list and see if there is anything at all in there that has the name Adssite tacked on the end of it. It might take any name, but two they use are these:

Browser Optimizer Adssite
Search Assistant Adssite

If you find anything like that, please uninstall it.
abri

 

Ok abri, I went through my program list, didn't see either of those you mentioned nor anything else with Adssite in the title. I carefully read over them all and even looked up the ones I wasn't too sure about, just in case there might have been some other baddies lurking amongst my programs.

 

Addons wise I have AdBlock Plus and McAfee Site Advisor. I did have the Google Toolbar for a bit on recommendation for its built in pop-up blocker but it didn't stop the Adssite ads so I nix it.

 

As far as I know they're all free or trial versions. If I remember correctly I think Xoftspy was definitely a trial one.
I checked again just in case and Viewpoint is still deleted off my programs list.

 

Ok I deleted that file and uninstalled those programs.

You know, that CA one doesn't sound familiar to me, I'm not too sure where that came from. Maybe I had to use it a really long time ago. Should I delete it?

 

I haven't seen CA asking for any updates so I assume it's just sitting there. So I'll uninstall it.

I got the message that it was a successful merge.

I'll have to see what happens in the next 24 hours, see if I get any pop-ups.

Happy Holidays!!

 

I figured since the problem is stemming around Firefox, a friend suggested that I try uninstalling it completely then reinstalling it onto my computer again. I thought, what the heck right?
So far in the past few days I haven't seen any pop-ups.

 

Oh geez, yeah sorry I never replied to that post. I did in fact get a few pop-ups after that. Seems the reinstall did the trick so far.

 

Well it's a great idea all around. I just wanted to say thank you so much
Chaslang for all your help in fixing my issue, I thought I would never be rid of the plague that is adssite but you basically saved my sanity, not to mention my computer

Btw, should I follow your final steps now?

 

Will do. Thanks again!!