Adware is truly BAD NEWS.............

[Guest]

I had Adware installed on my computer. HAD is the key word here! On Dec. 31, 2003, Norton Anti-Virus detected the Trojan. Narat virus. It turned out that Adware.Mpgcom is a Browser Helper Object that sends data to and receives data from a remote Web site. The symptoms are the existence of the files name %Windir%\mpgcom.dll or %Windir%\msnarrator.exe. When this component is active, it will send data that may contain personal identifiable information to a third-party server. It also displays pop-up ads on the system, and it contains functionality to update itself.
I was able to remove everything from my computer except the file msnarrator.exe. It will not let me delete or move it
It is not a threat but still does the pop-ups through IE. In order to rid your computer of this virus, the first step is disabling System Restore - which I have done. When everything has been removed, turn System Restore back on. I still have it off because of the existence of this malicious file.
I am at a loss of how to delete this file
If anyone can help me, please respond to this posting or contact me directly at my email addy
Thank you in advance for any help you can give.

 

[purplehaz]

Removal instructions:
http://securityresponse.symantec.com/avcenter/venc/data/adware.mpgcom.html

 

[Jim Macklin]

The complaint you have is probably in error. You're blaming
AdAware because of a report from Norton of a Trojan and a
file Mpgcom. I run AdAware and just searched my entire
computer and I have no such file.

I suspect the file in question was part of the virus.



| I had Adware installed on my computer. HAD is the key
word here! On Dec. 31, 2003, Norton Anti-Virus detected the
Trojan. Narat virus. It turned out that Adware.Mpgcom is a
Browser Helper Object that sends data to and receives data
from a remote Web site. The symptoms are the existence of
the files name %Windir%\mpgcom.dll or
%Windir%\msnarrator.exe. When this component is active, it
will send data that may contain personal identifiable
information to a third-party server. It also displays
pop-up ads on the system, and it contains functionality to
update itself.
| I was able to remove everything from my computer except
the file msnarrator.exe. It will not let me delete or move
it.
| It is not a threat but still does the pop-ups through IE.
In order to rid your computer of this virus, the first step
is disabling System Restore - which I have done. When
everything has been removed, turn System Restore back on. I
still have it off because of the existence of this malicious
file.
| I am at a loss of how to delete this file.
| If anyone can help me, please respond to this posting or
contact me directly at my email addy.
| Thank you in advance for any help you can give.

 

[Guest]

If you're DOS competent in syntax you can do it from the
CMD window. or see if you can rename it, re boot and
delete or boot into the safe mode and do. These things
seem to get nastier all the time. one click and you have
one, the AV alerts you too late to do anything. It's
easier to have a bootable spare and swap drives.

-----Original Message-----
I had Adware installed on my computer. HAD is the key

word here! On Dec. 31, 2003, Norton Anti-Virus detected
the Trojan. Narat virus. It turned out that
Adware.Mpgcom is a Browser Helper Object that sends data
to and receives data from a remote Web site. The
symptoms are the existence of the files name %Windir%
\mpgcom.dll or %Windir%\msnarrator.exe. When this
component is active, it will send data that may contain
personal identifiable information to a third-party
server. It also displays pop-up ads on the system, and
it contains functionality to update itself.

I was able to remove everything from my computer except

the file msnarrator.exe. It will not let me delete or
move it.

It is not a threat but still does the pop-ups through

IE. In order to rid your computer of this virus, the
first step is disabling System Restore - which I have
done. When everything has been removed, turn System
Restore back on. I still have it off because of the
existence of this malicious file.

I am at a loss of how to delete this file.
If anyone can help me, please respond to this posting or

contact me directly at my email addy.

 

[GK]

I had Adware installed on my computer. HAD is the key word here! On Dec. 31, 2003, Norton Anti-Virus detected the Trojan. Narat virus. It turned out that Adware.Mpgcom is a Browser Helper Object that sends data to and receives data from a remote Web site. The symptoms are the existence of the files name %Windir%\mpgcom.dll or %Windir%\msnarrator.exe. When this component is active, it will send data that may contain personal identifiable information to a third-party server. It also displays pop-up ads on the system, and it contains functionality to update itself.
I was able to remove everything from my computer except the file msnarrator.exe. It will not let me delete or move it.
It is not a threat but still does the pop-ups through IE. In order to rid your computer of this virus, the first step is disabling System Restore - which I have done. When everything has been removed, turn System Restore back on. I still have it off because of the existence of this malicious file.
I am at a loss of how to delete this file.
If anyone can help me, please respond to this posting or contact me directly at my email addy.
Thank you in advance for any help you can give.

Holly, not sure what this has to do with the legit program Ad-aware, but if
you have a file you want to delete and can't, then try and do it from
Safe Mode. Reboot and hold the f8 key down during the boot to get there.
Once your in safe mode, locate the file and try and delete it. If you can't,
then you'll have to take ownership of the file, which is by right clicking
on the file and going through properties. Before you journey off to safe mode,
make sure you have the location of the file written down. If you can't
see the file while in your in your computer, you'll need to make sure all
your hidden files and filers are shown, as well as protected system files.

I've breezed through this, kind of, thinking you'll figure some stuff
out on your own. If you have a problem or question about the process, post
the concern.

 

[L. A. Powell]

Adware IS spyware...not to be confused with Ad-Aware from
www.lavasoftus.com.

Didn't come from Ad-Aware. I've been running Ad-Aware successfully
through several versions and never had any such files or viruses show
up.

I had Adware installed on my computer. HAD is the key word here! On

Dec. 31, 2003, Norton Anti-Virus detected the Trojan. Narat virus. It
turned out that Adware.Mpgcom is a Browser Helper Object that sends data
to and receives data from a remote Web site. The symptoms are the
existence of the files name %Windir%\mpgcom.dll or
%Windir%\msnarrator.exe. When this component is active, it will send
data that may contain personal identifiable information to a third-party
server. It also displays pop-up ads on the system, and it contains
functionality to update itself.

I was able to remove everything from my computer except the file

msnarrator.exe. It will not let me delete or move it.

It is not a threat but still does the pop-ups through IE. In order to

rid your computer of this virus, the first step is disabling System
Restore - which I have done. When everything has been removed, turn
System Restore back on. I still have it off because of the existence of
this malicious file.

 

[Jim Macklin]

You know I feel silly, I must be getting tired, I saw
AdAware, not Adware (toolbar)

Thanks to Purplehaz for this

http://securityresponse.symantec.com/avcenter/venc/data/adware.mpgcom.html

I guess the jerk "GerryO" influenced me.


in message | The complaint you have is probably in error. You're
blaming
| AdAware because of a report from Norton of a Trojan and a
| file Mpgcom. I run AdAware and just searched my entire
| computer and I have no such file.
|
| I suspect the file in question was part of the virus.
|
|
|
| | | I had Adware installed on my computer. HAD is the key
| word here! On Dec. 31, 2003, Norton Anti-Virus detected
the
| Trojan. Narat virus. It turned out that Adware.Mpgcom is
a
| Browser Helper Object that sends data to and receives data
| from a remote Web site. The symptoms are the existence of
| the files name %Windir%\mpgcom.dll or
| %Windir%\msnarrator.exe. When this component is active,
it
| will send data that may contain personal identifiable
| information to a third-party server. It also displays
| pop-up ads on the system, and it contains functionality to
| update itself.
| | I was able to remove everything from my computer except
| the file msnarrator.exe. It will not let me delete or
move
| it.
| | It is not a threat but still does the pop-ups through
IE.
| In order to rid your computer of this virus, the first
step
| is disabling System Restore - which I have done. When
| everything has been removed, turn System Restore back on.
I
| still have it off because of the existence of this
malicious
| file.
| | I am at a loss of how to delete this file.
| | If anyone can help me, please respond to this posting or
| contact me directly at my email addy.
| | Thank you in advance for any help you can give.
|
|

 

[Guest]

Adware not Ad-Aware

 

[GK]

Adware IS spyware...not to be confused with Ad-Aware from
www.lavasoftus.com.

Didn't come from Ad-Aware. I've been running Ad-Aware successfully
through several versions and never had any such files or viruses show
up.



Dec. 31, 2003, Norton Anti-Virus detected the Trojan. Narat virus. It
turned out that Adware.Mpgcom is a Browser Helper Object that sends data
to and receives data from a remote Web site. The symptoms are the
existence of the files name %Windir%\mpgcom.dll or
%Windir%\msnarrator.exe. When this component is active, it will send
data that may contain personal identifiable information to a third-party
server. It also displays pop-up ads on the system, and it contains
functionality to update itself.


msnarrator.exe. It will not let me delete or move it.


rid your computer of this virus, the first step is disabling System
Restore - which I have done. When everything has been removed, turn
System Restore back on. I still have it off because of the existence of
this malicious file.


directly at my email addy.

Ahhh...very good point. I didn't read that close enough.

 

[Guest]

Thank you for the response. Purplehaz, I have gone to Symantec and got the removal info and followed all the procedures. As I stated, everything was removed but the msnarrator. exe file, which will not let me remove it. There was nothing in the registry to remove. The msnarrator.exe file is located in the C:\WINDOWS\Prefetch folder. Guess Anti-virus got to it before it finished doing whatever it was sent to do. I need to rid the computer of this file, so I can turn the registry restore back on and life will be good again. )
Thank you also for responding Jim Macklin. I am not saying that Adware is a BAD program. I am saying that Adware was the means the virus was able to get through to my computer. I have firewalls and keep up on my virus definitions, etc...
But.............until a virus is known, one can't be fully protected from the unknown if it can come in a backdoor, etc.... Therefore, I removed the program. Am glad you have not been affected by this virus and enjoy the program.
Again, if anyone else has a solution please let me know. Thank you.

 

[Guest]

Okay, okay!!!!!!!!!!!!! Enough about how wonderful Adware or Ad-Ware is! The one I had is from Lavasoft.
Again I was state: "Adware.Mpgcom is an adware component that runs as a Browser Helper Object (BHO). This means that the component will be active when Internet Explorer is running. When this compnent is active, it will send data that MAY contain personal identifiable information to a third party server."
Someone (a hacker) has used this program to send the virus. Not saying Adware or Ad-Ware (whichever you choose to type it) contains or sends a virus. PERIOD!!!
I don't want it and don't have it any longer. All I know is what the experts say how this Virus was transmitted.
Again, I have followed the procedure from Symantec and have started up in safe mode, etc... It just won't let me delete this file.
Think you are right GK - I am now the proud owner of the file msnarrator.exe!
In the meantime, should I turn the Registry Restore (back-up) back on?

 

[purplehaz]

Boot to safe mode then delete all the files in the windows prefetch folder.
If safe mode doesn't work try this:
Close all open apps. Open a command prompt and navigate to the directory
with the offending files. Then open the Task Manager and click on the
Processes tab. select "Explorer.Exe" under Image Name. Click "End Process".



Now you will only have the command prompt and the task manager. In the
Command Prompt, DEL the offending files (DEL *.mpg, DEL mus*.avi, DEL
test.wmv, etc.)



The files should now delete without a problem. Now go back to the task
manager and click on the Applications tab. Click the "New Task..." button.
in the dialog, type Explorer.Exe and click OK.

 

[GK]

Okay, okay!!!!!!!!!!!!! Enough about how wonderful Adware or Ad-Ware is! The one I had is from Lavasoft.
Again I was state: "Adware.Mpgcom is an adware component that runs as a Browser Helper Object (BHO). This means that the component will be active when Internet Explorer is running. When this compnent is active, it will send data that MAY contain personal identifiable information to a third party server."
Someone (a hacker) has used this program to send the virus. Not saying Adware or Ad-Ware (whichever you choose to type it) contains or sends a virus. PERIOD!!!
I don't want it and don't have it any longer. All I know is what the experts say how this Virus was transmitted.
Again, I have followed the procedure from Symantec and have started up in safe mode, etc... It just won't let me delete this file.
Think you are right GK - I am now the proud owner of the file msnarrator.exe!
In the meantime, should I turn the Registry Restore (back-up) back on?

You give up to easily. No, you should not turn it on until you delete it,
unless of course you want it backed up onto your system over and over and over.
BTW, it's A-D-A-Ware that legitimate, A-D-ware is bad, as you have discovered.
You should try and get rid of this file, it's an executable (exe). You
will likely need to do so while in Safe Mode. It is there that you can
gain permissions. However, if you really want to give up. Turn your
system restore back on and cross your fingers.

If you haven't lost patience and want detailed help, post your questions.
Sometimes, with novice users, it takes several posts to get the job done.

 

[Guest]

Thank you again for responding GK! Since you do not know me, I will forgive you for thinking I am giving up on this! LOL
NO WAY!!! Just at my wit's end at the moment. (Have a cousin who will be able to help when I can get him over here!) In the meantime, I was confident that I SHOULDN'T turn the back-up on, but wanted reassurance from someone else that might know.
Will go thru the procedure again (slowly) and see if I overlooked something.
Again, thanks! If you or someone else has any other ideas, please let me know.
I will also keep ckecking on here.

 

[RJK]

....I was just reading through this thread with a sense of growing horror,
thinking that everyone must now owe ...was it "Gary O" who started a large
Adaware thread a couple of weeks ago?...can't find it now... an apology, and
now I've just got to your post Jim ...and see that I was doing the same as
you .....Adware ....Adaware tut !

regards, Richard

 

[Jim Macklin]

Ad Aware is from Lavasoft and is NOT the evil Adware.

It sure is confusing.



message
| Okay, okay!!!!!!!!!!!!! Enough about how wonderful Adware
or Ad-Ware is! The one I had is from Lavasoft.
| Again I was state: "Adware.Mpgcom is an adware component
that runs as a Browser Helper Object (BHO). This means that
the component will be active when Internet Explorer is
running. When this compnent is active, it will send data
that MAY contain personal identifiable information to a
third party server."
| Someone (a hacker) has used this program to send the
virus. Not saying Adware or Ad-Ware (whichever you choose
to type it) contains or sends a virus. PERIOD!!!
| I don't want it and don't have it any longer. All I know
is what the experts say how this Virus was transmitted.
| Again, I have followed the procedure from Symantec and
have started up in safe mode, etc... It just won't let me
delete this file.
| Think you are right GK - I am now the proud owner of the
file msnarrator.exe!
| In the meantime, should I turn the Registry Restore
(back-up) back on?

 

[Jim Macklin]

In fact, Lavasoft's AdAware www.lavasoftusa.com or SpyBot
http://www.safer-networking.org/
should help remove Adware.


message
| Thank you again for responding GK! Since you do not know
me, I will forgive you for thinking I am giving up on this!
LOL
| NO WAY!!! Just at my wit's end at the moment. (Have a
cousin who will be able to help when I can get him over
here!) In the meantime, I was confident that I SHOULDN'T
turn the back-up on, but wanted reassurance from someone
else that might know.
| Will go thru the procedure again (slowly) and see if I
overlooked something.
| Again, thanks! If you or someone else has any other
ideas, please let me know.
| I will also keep ckecking on here.

 

[Jim Macklin]

Thanks for the Thanks. I miss-read your post, I was
referring to Lavasoft AdAware, a spyware removal tool NOT
the Adware referred to by Symantec and your problem.

Good luck with your cleaning your computer. You might try
downloading from www.lavasoftusa.com the GOOD AdAware 6.181
program, it may be able to remove the badfiles.

I also like SpyBot Search and Destroy
http://www.safer-networking.org/

Also check out http://www.spywareinfo.com/



| Thank you for the response. Purplehaz, I have gone to
Symantec and got the removal info and followed all the
procedures. As I stated, everything was removed but the
msnarrator. exe file, which will not let me remove it.
There was nothing in the registry to remove. The
msnarrator.exe file is located in the C:\WINDOWS\Prefetch
folder. Guess Anti-virus got to it before it finished doing
whatever it was sent to do. I need to rid the computer of
this file, so I can turn the registry restore back on and
life will be good again. )
| Thank you also for responding Jim Macklin. I am not
saying that Adware is a BAD program. I am saying that
Adware was the means the virus was able to get through to my
computer. I have firewalls and keep up on my virus
definitions, etc...
| But.............until a virus is known, one can't be fully
protected from the unknown if it can come in a backdoor,
etc.... Therefore, I removed the program. Am glad you have
not been affected by this virus and enjoy the program.
| Again, if anyone else has a solution please let me know.
Thank you.

 

[Jim Macklin]

I'll have to check, but I think he was talking (writing
AdAware) but I don't know. But some post do say Lavasoft
Adware, some don't.


| ...I was just reading through this thread with a sense of
growing horror,
| thinking that everyone must now owe ...was it "Gary O" who
started a large
| Adaware thread a couple of weeks ago?...can't find it
now... an apology, and
| now I've just got to your post Jim ...and see that I was
doing the same as
| you .....Adware ....Adaware tut !
|
| regards, Richard
|
|
in message
| | > You know I feel silly, I must be getting tired, I saw
| > AdAware, not Adware (toolbar)
| >
| > Thanks to Purplehaz for this
| >
| >
http://securityresponse.symantec.com/avcenter/venc/data/adware.mpgcom.html
| >
| > I guess the jerk "GerryO" influenced me.
| >
| >
| > "Jim Macklin" <p51mustang[threeX12]@xxxhotmail.calm>
wrote
| > in message | > | The complaint you have is probably in error. You're
| > blaming
| > | AdAware because of a report from Norton of a Trojan
and a
| > | file Mpgcom. I run AdAware and just searched my
entire
| > | computer and I have no such file.
| > |
| > | I suspect the file in question was part of the virus.
| > |
| > |
| > |
| > |
| > | | I had Adware installed on my computer. HAD is the
key
| > | word here! On Dec. 31, 2003, Norton Anti-Virus
detected
| > the
| > | Trojan. Narat virus. It turned out that Adware.Mpgcom
is
| > a
| > | Browser Helper Object that sends data to and receives
data
| > | from a remote Web site. The symptoms are the
existence of
| > | the files name %Windir%\mpgcom.dll or
| > | %Windir%\msnarrator.exe. When this component is
active,
| > it
| > | will send data that may contain personal identifiable
| > | information to a third-party server. It also displays
| > | pop-up ads on the system, and it contains
functionality to
| > | update itself.
| > | | I was able to remove everything from my computer
except
| > | the file msnarrator.exe. It will not let me delete or
| > move
| > | it.
| > | | It is not a threat but still does the pop-ups
through
| > IE.
| > | In order to rid your computer of this virus, the first
| > step
| > | is disabling System Restore - which I have done. When
| > | everything has been removed, turn System Restore back
on.
| > I
| > | still have it off because of the existence of this
| > malicious
| > | file.
| > | | I am at a loss of how to delete this file.
| > | | If anyone can help me, please respond to this
posting or
| > | contact me directly at my email addy.
| > | | Thank you in advance for any help you can give.
| > |
| > |
| >
| >
|
|

 

[L. A. Powell]

There is a difference between AD-WARE or ADWARE and AD-AWARE. You keep
missing the A in AWARE. My last post on this topic...no use.

Okay, okay!!!!!!!!!!!!! Enough about how wonderful Adware or Ad-Ware

is! The one I had is from Lavasoft.

Again I was state: "Adware.Mpgcom is an adware component that runs as

a Browser Helper Object (BHO). This means that the component will be
active when Internet Explorer is running. When this compnent is active,
it will send data that MAY contain personal identifiable information to
a third party server."

Someone (a hacker) has used this program to send the virus. Not

saying Adware or Ad-Ware (whichever you choose to type it) contains or
sends a virus. PERIOD!!!

I don't want it and don't have it any longer. All I know is what the

experts say how this Virus was transmitted.

Again, I have followed the procedure from Symantec and have started up

in safe mode, etc... It just won't let me delete this file.

Think you are right GK - I am now the proud owner of the file msnarrator.exe!
In the meantime, should I turn the Registry Restore (back-up) back

on?