www.ad-w-a-r-e.com popups and high CPU usage

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by chetanthaker, Sep 30, 2004.

  1. chetanthaker

    chetanthaker Private E-2

    Hello guys

    well, i've been facing this problem for a couple of days now

    I keep getting random www-ad-w-a-r-e.com popups that lead to MORE popups

    I did a search with adaware and S&D, dint really help a lot
    Under PROCESSES (in Win2k), i hav RUNDLL32.exe taking up around 80%+ of my CPU processing and cant really work with other apps.

    I end task it and my PC is back to its normal speed
    This is a TOTAL FRESH WIN2k INSTALL.... installed it like a couple of weeks back
    (no firewall installed.... normally i DO hav a firewall)

    Finally decided to use HIJACK THIS


    Im sending u my log
    Please chk and lemme know what i need to do about this

    My PC has gone DEAD SLOW (being a celeron 400 :D)


    HELP !

    ---------------------------------------------
     

    Attached Files:

    • hjt.txt
      File size:
      5.3 KB
      Views:
      2
    Last edited by a moderator: Sep 30, 2004
    chetanthaker, Sep 30, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to follow guidelines! HijackThis is the last step and we have rules about how and when to post a log. . Please do the below first.


    Please follow all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    NOTE: You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Do not post a HijackThis log until we ask you to and when we do it must betext document attachment to your message. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!


    Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

    I see some trojans in your log too. Have you gone to Windows Update since installing this PC? If not, you are MUST do that ASAP and get all critical updates on this system before (if not already there) you get other problems like Sasser or Blaster worms.
     
    Last edited: Sep 30, 2004
    chaslang, Sep 30, 2004
    #2
  3. Greenious

    Greenious Private E-2

    Yeah, this one is a big resource hog. And most spyware removers can't handle it yet. This is how I managed to remove it:

    Fortunately, I run w2k, and the "infection" was contained in one of the users.

    I logged in as administrator. (No problem there)

    In the popups, there is a reference to something like: http://www.ad-ware.com/callback_ron.php?GUID={A21F4661-16C4-11D9-89A8-0050BA18DA71} &country=CA&type=.

    The stuff within {} is actually a reference to something in the registry. Using regedit I searched for this, and found a couple of references to this key. I removed them all, but not until after I examined them.

    One of the keys refered to a DLL file in the systemroot/system32/ folder.

    I checked it out, turned out to be a new file, that appeared around the time this nuisance started.

    The file is both hidden & marked as a systemfile, so you have to enabled viewing of those files to find it.

    It also has a bunch of backup copies in system32 folder, all files had the very same date & time stamp, as well as being exactly 314 kb in size.

    I searched for all files changed within that timeframe, only these turned up, so I deleted them all.

    Now the computer is working great again. :)
     
    Greenious, Oct 13, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds