ABetterInternet and related adware

D

Don

I run a daily scan with MSAS. Every day it detects the
same 3-4 programs from A Better Internet, identified as
follows:
Transponder.ABetterInternet Adware
Transponder.ABetterInternet.Aurora Adware
Transponder.ABetterInternet.DrPMon Adware
It also detects, daily, a trojan identified
as "nameshifter".
I dutifully remove each of these and reboot as
instructed. However, as soon as I open IE and go online,
Aurora begins its onslaught of popups and at the next
MSAS scan that evening, I have the same programs back
again.
I thought MSAS was designed to block this adware and this
trojan. It apparently does a good job of finding and
supposedly removing them but if they reappear the moment
I go online, what is the valuse of MSAS?
Am I doing something wrong or is this simply an
ineffective program?
 
A

AndyManchesta

The problem is that its not removing all the parts of
this since it changed and there is a random named file in
the system folder which will replace the other parts,

The main parts of this are svcproc.exe. Nail.exe,
Drpmon.dll and the random named file in the system32
folder which will replace itself with a new random named
file everytime you reboot or if you try to delete it,
This part is known as the Epolvy trojan and is the main
infectant and protects the rest and puts them back within
a few minutes.

Nameshifter could be referring to this random file but I
suspect this is connected to the Qoologic trojan which
also uses random names and files that replace them if
they get removed.

Here's the way to deal with this.Copy & save this to
notepad so you can still view it in safe mode.

Download Adaware SE
--------------------
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022_4-10045910.html

Get all updates and close Adaware


Download Adaware's VX2 cleaner Plugin
--------------------------------------

http://updates.ls-servers.com/vx2cleaner.zip

Save to desktop then extract and run the installer which
will install the cleaner into the Adaware Plugins folder


Download Ewido Security Suite
------------------------------

http://www.ewido.net/en/download/

When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

From the main ewido screen, click on update in the left
menu, then click the Start update button.

After the update finishes (the status bar at the bottom
will display "Update successful")

Exit Ewido. DO NOT SCAN yet.


Download Ccleaner
-------------------

http://www.ccleaner.com/ccdownload.asp



Run Adaware SE and choose Add-Ons from the main
menu.Select VX2 Cleaner from the list.

Click the "Run Tool" button in the lower right corner of
the window.Click "OK" when asked if you want to execute
this tool.It will say VX2 variant found then press
clean.Next it will say to reboot and run a smart scan
with Adaware.


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list )

In safe mode run a full scan with Adaware SE and remove
anything found

Next run Ewido

Click on the Scanner button in the left menu, then click
on Complete System Scan. This scan can take quite a while
to run.

If ewido finds anything, it will pop up a notification,
select "Remove" as the action for each or check "Perform
action with all infections" and press remove. When the
scan finishes, click on "Save Report". This will create a
text file. Make sure you know where to find this file
again.

Delete Prefetch and Temp Files

Goto satrt run and type

%temp%

Delete the contents of this folder

Goto start run and type

prefetch

Delete the contents of this folder

Run Ccleaner and press "Run Ccleaner"


Then reboot back to normal mode and this should now be
fixed :blush:)

Let us know if you have any problems

Regards Andy
 
J

Jim Macklin

Do it in safe mode, also run a current virus scanner.


--
The people think the Constitution protects their rights;
But government sees it as an obstacle to be overcome.
some support
http://www.usdoj.gov/olc/secondamendment2.htm



|I run a daily scan with MSAS. Every day it detects the
| same 3-4 programs from A Better Internet, identified as
| follows:
| Transponder.ABetterInternet Adware
| Transponder.ABetterInternet.Aurora Adware
| Transponder.ABetterInternet.DrPMon Adware
| It also detects, daily, a trojan identified
| as "nameshifter".
| I dutifully remove each of these and reboot as
| instructed. However, as soon as I open IE and go online,
| Aurora begins its onslaught of popups and at the next
| MSAS scan that evening, I have the same programs back
| again.
| I thought MSAS was designed to block this adware and this
| trojan. It apparently does a good job of finding and
| supposedly removing them but if they reappear the moment
| I go online, what is the valuse of MSAS?
| Am I doing something wrong or is this simply an
| ineffective program?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Transponder.ABetterInternet.Aurora Adware, Trandsponder.ABetterInternet.Auro... 3
@@ WISE Up to Adware and Spyware @@ 5
Spyware that ... kills and delete MSAntiSpyware !!! 3
MS Antispyware doesn't remove about:blank spybot. 1
adware and infected file problems, files keep propagating themselves,no DOS ?? 15
New Malware, Trojan or Worm 3
Setup and Install problems 1
A little help please... 4

Top