ad-aware and viruses

  • Thread starter Thread starter Der Alta
  • 12 comments
  • 636 views
Der Alta

Der Alta

Official GTP Bouncer
Staff Emeritus
Messages
9,209
Messages
DerAlta
A few weeks past, I had a bit of a computer catastrophe. It all started with a program I couldn't seem to delete. There were three files in a folder that the machine wouldn't let me delete. It always stated they were in use.

Under Ad-aware they always came up as pests. A quick check of services.msc and msconfig confirmed they weren't starting up with the machine. Yet, no matter what, they always came up as in use when I tried to delete them. While doing a search on the net I came across and on-line free pest scan from Zone Alarm.

It ran nicely, and what it found scared me silly. I had a Key logger installed in the machine that slipped by a hardware firewall, and software firewall, my anti-virus, Ad-aware and Spybot S&D. I hunted it down and killed the program. Deleted it, it's folder, it's registry settings and anything else I could find attributed to it on the net. Phew.

A few days later I ran Ad-aware and then the Pest scan. Ad-aware caught a handful of Cookies, and not much else. Pest Scan caught the Key Logger again. It seems to have snuck back in. Killed it and anything else I could find, again.

A few more days later, It happened again. Ad-aware caught nothing, but the Pest Scan caught the same key logger. I killed it and ran the Pest Scan again. Came up clean. I began my search on-line to find out more about this key logger.

As it turns out, it didn't have to sneak in the second or third time, it simply never left. It had wrote it self into the Ad-aware folder as a file called "unwise.exe" and re-wrote the Desktop Icon shortcut to reinstall itself everytime I ran Ad-aware. How smart is that? IT skipped it when running Ad-aware and then everytime you ran Ad-aware it reinstalled itself.

Easy fix, was to kill anything/everything related to it, and repath the shortcut to Ad-aware without the extra bit of code written in.

As for the first program that I couldn't erase, it had covered itself as part of explorer. So in the task manager, I killed explorer, started DOS and deleted the folder with the three files. REstarted explorer, and Voila! it was gone.

So in reality, I now run anti-virus, two firewall, and three pest scanners.

And they still sneak in. :(

AO
 
That is a scary thing. :nervous: That was pretty neat how it would re install itself every time you ran Ad Aware, though. I have some questions: Why do these people do what they do? Why do they write spyware and adware and the like? Do they think they can put it on their resume or something? Please tell me why these people do this.
 
I ran the pest scan and it found a keylogger. It came in 3 dll files and an executable.
 
Integra Type R
That is a scary thing. :nervous: That was pretty neat how it would re install itself every time you ran Ad Aware, though. I have some questions: Why do these people do what they do? Why do they write spyware and adware and the like? Do they think they can put it on their resume or something? Please tell me why these people do this.
Click to expand...

the people who do this are crazy. They have nothing better to do then to make annoying spyware and adware to install itself into people's computers.
 
Woah, some smart coding there! Are you using firefox or IE? I noticed since I started using firefox that TONS of that stuff doesn't come through anymore.
 
I use IE and never get that stuff. Sounds scary though. I only have 1 firewall, built into the router, and 1 antivirus program from Trend Micro. I even use Outlook for e-mail.
 
Der Alta
A few weeks past, I had a bit of a computer catastrophe. It all started with a program I couldn't seem to delete. There were three files in a folder that the machine wouldn't let me delete. It always stated they were in use.

Under Ad-aware they always came up as pests. A quick check of services.msc and msconfig confirmed they weren't starting up with the machine. Yet, no matter what, they always came up as in use when I tried to delete them. While doing a search on the net I came across and on-line free pest scan from Zone Alarm.

It ran nicely, and what it found scared me silly. I had a Key logger installed in the machine that slipped by a hardware firewall, and software firewall, my anti-virus, Ad-aware and Spybot S&D. I hunted it down and killed the program. Deleted it, it's folder, it's registry settings and anything else I could find attributed to it on the net. Phew.

A few days later I ran Ad-aware and then the Pest scan. Ad-aware caught a handful of Cookies, and not much else. Pest Scan caught the Key Logger again. It seems to have snuck back in. Killed it and anything else I could find, again.

A few more days later, It happened again. Ad-aware caught nothing, but the Pest Scan caught the same key logger. I killed it and ran the Pest Scan again. Came up clean. I began my search on-line to find out more about this key logger.

As it turns out, it didn't have to sneak in the second or third time, it simply never left. It had wrote it self into the Ad-aware folder as a file called "unwise.exe" and re-wrote the Desktop Icon shortcut to reinstall itself everytime I ran Ad-aware. How smart is that? IT skipped it when running Ad-aware and then everytime you ran Ad-aware it reinstalled itself.

Easy fix, was to kill anything/everything related to it, and repath the shortcut to Ad-aware without the extra bit of code written in.

As for the first program that I couldn't erase, it had covered itself as part of explorer. So in the task manager, I killed explorer, started DOS and deleted the folder with the three files. REstarted explorer, and Voila! it was gone.

So in reality, I now run anti-virus, two firewall, and three pest scanners.

And they still sneak in. :(

AO
Click to expand...

Well the problem is that you have the mother ship of trojans installed on your computer - Microsoft Windows. And to make matters worse, you have the computer connected to ... wait for it ... the internet. Unless you're painstakingly careful about how the computer is used, you are garounteed to have viri, adware, and trojans installed on the system within two months.

To limit your problems:
DO NOT USE Internet Explorer
DO NOT USE Outlook (Express, or full version)
Run a quality virus scanner like Norton or McAfee
Do not browse to sites you do not trust
Do not email you do not trust
Trust no one (ha ha)
Do not run any software you "steal" from the internet. Chances are it's been cracked with trojan software.
Be very very selective on which sites you go to, and open only email from people you know, or sites you are expecting email from (confirmation / registration ...)

I have had to deal with no malitoius or pesticle software in the past four years of computer use on my personal comptures. I daily fix computers for users who expect everything to be wonderful, and simply roam the internet freely, contracting all sorts of horrid software.

That said, it's still possible to get screwed in the pooper even if you're as careful as is feasible possible. My room mate is the network security guy for a huge corporation. He had to reinstall his computer because of a virus he received that could not be removed. Though that was the first problem he had had in nearly five years.
 
LoudMusic
To limit your problems:
DO NOT USE Internet Explorer
DO NOT USE Outlook (Express, or full version)
Run a quality virus scanner like Norton or McAfee
Do not browse to sites you do not trustzz
Do not email you do not trust
Trust no one (ha ha)
Do not run any software you "steal" from the internet. Chances are it's been cracked with trojan software.
Be very very selective on which sites you go to, and open only email from people you know, or sites you are expecting email from (confirmation / registration ...)
Click to expand...

Hm..

DO NOT USE Internet Explorer
Click to expand...
Check.

DO NOT USE Outlook (Express, or full version)
Click to expand...
Check.

Run a quality virus scanner like Norton or McAfee
Click to expand...
Check if Symentac Client Security counts.


Do not browse to sites you do not trustzz
Click to expand...
:guilty:
Do not email you do not trust
Click to expand...
:guilty:

Do not run any software you "steal" from the internet. Chances are it's been cracked with trojan software.
Click to expand...
:eek:
 
OK, I just searched my hard drive for unwise.exe and 6 items popped up, including Ad-aware, which I do run every week. It also was found in Compaq Suppport, Spamsubtract, GetRight, Zone Game Collapse deluxe and in Macromed-Shockwave 8. Is this bad? Now what?

I have Spy Bot, but it hasn't caught anything in over a month and Ad-aware of course, but nothing came up in a scan I ran. Also, McAffe Virus scan didn't pick it up either.

I'll do a search for Zone Alarm, but any links or tips will and can be usefull to me if you got any, since I'm not good with computers.

UPDATE: I was going to get rid of Ad-aware unwise.exe and thought afterwards to get rid of the whole darn thing and download it again. So, I click uninstall Ad-aware 6 in the All Programs list after pressing the Start button, and I notice I could select different things of AA6 to get rid of, and at the top of the list was UNWISE.EXE. So, I got rid of if. Then, afterwards, I thought to get rid of the whole darn thing, which was the plan, and it would search for UNWISE.EXE, but I just got rid of it. So, now I guess I have to rid the program the hard way, now. So, my question is, what is an UNWISE.EXE file anyway?
 
"UnWise.exe" is a common program name for the uninstall script used by most application developers. Somewhere along the way a virus / trojan writer got smart and decided to use that name for malicious software.

It doesn't mean it's bad, but it could be.
 

Latest Posts

Back