Adware found by Norton - cannot delete

[Mel]

Hello all...
I was doing a scan with Norton Antivirus 2004 (using
Windows XP). I have just upgraded the Norton. It showed
that I have a risk with a file called f10213.exe
(Adware). Norton cannot delete it. I tried to manually
do it, but an explore nor a search found the file. I
also searched by Adware & Winshow, nothing. I went into
the regedit to look for the lines listed below. My
regedit does not contain these.

About a month ago, I had a problem with my home page
changing and was able to correct it with help from this
site.

I am seeing no signs of a problem on my system, what
would you recommend I do?



*****************part of step by step by windows from

http://securityresponse.symantec.com/avcenter/venc/data/ad
ware.winshow.html

3. Deleting the keys from the registry

----------------------------------------------------------
----------------------
WARNING: Symantec strongly recommends that you back up
the registry before making any changes to it. Incorrect
changes to the registry can result in permanent data loss
or corrupted files. Modify the specified keys only. Read
the document, "How to make a backup of the Windows
registry," for instructions.
----------------------------------------------------------
----------------------


Click Start, and then click Run. (The Run dialog box
appears.)
Type regedit

Then click OK. (The Registry Editor opens.)


Navigate to and delete the keys:

HKEY_CLASSES_ROOT\CLSID\{6CC1C918-AE8B-4373-A5B4-
28BA1851E39A}

HKEY_CLASSES_ROOT\WinShow.ViewSource

HKEY_CLASSES_ROOT\WinShow.ViewSource.1

HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{6CC1C918-AE8B-
4373-A5B4-28BA1851E39A}

HKEY_LOCAL_MACHINE\Software\CLASSES\WinShow.ViewSource

HKEY_LOCAL_MACHINE\Software\CLASSES\WinShow.ViewSource.1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{6CC1C918-AE8B-4373-
A5B4-28BA1851E39A}

 

[Steve C. Ray]

Go to www.lavasoftusa.com, download and install Ad Aware 6. It is free and
will rid your system of spyware.

 

[Guest]

I don't believe that Norton will eliminate Spyware or Adware as you call it; just viruses. Try Lavasoft's Ad-Aware, it's free and effective. You'll see it quarantine some nasty files which you can then delete.

 

[David H. Lipman]

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using NAV software, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
reboot your PC.
6) Create a new Restore point
7) Please report back your results

Dave



| Hello all...
| I was doing a scan with Norton Antivirus 2004 (using
| Windows XP). I have just upgraded the Norton. It showed
| that I have a risk with a file called f10213.exe
| (Adware). Norton cannot delete it. I tried to manually
| do it, but an explore nor a search found the file. I
| also searched by Adware & Winshow, nothing. I went into
| the regedit to look for the lines listed below. My
| regedit does not contain these.
|
| About a month ago, I had a problem with my home page
| changing and was able to correct it with help from this
| site.
|
| I am seeing no signs of a problem on my system, what
| would you recommend I do?
|
|
|
| *****************part of step by step by windows from
|
| http://securityresponse.symantec.com/avcenter/venc/data/ad
| ware.winshow.html
|
| 3. Deleting the keys from the registry
|
| ----------------------------------------------------------
| ----------------------
| WARNING: Symantec strongly recommends that you back up
| the registry before making any changes to it. Incorrect
| changes to the registry can result in permanent data loss
| or corrupted files. Modify the specified keys only. Read
| the document, "How to make a backup of the Windows
| registry," for instructions.
| ----------------------------------------------------------
| ----------------------
|
|
| Click Start, and then click Run. (The Run dialog box
| appears.)
| Type regedit
|
| Then click OK. (The Registry Editor opens.)
|
|
| Navigate to and delete the keys:
|
| HKEY_CLASSES_ROOT\CLSID\{6CC1C918-AE8B-4373-A5B4-
| 28BA1851E39A}
|
| HKEY_CLASSES_ROOT\WinShow.ViewSource
|
| HKEY_CLASSES_ROOT\WinShow.ViewSource.1
|
| HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{6CC1C918-AE8B-
| 4373-A5B4-28BA1851E39A}
|
| HKEY_LOCAL_MACHINE\Software\CLASSES\WinShow.ViewSource
|
| HKEY_LOCAL_MACHINE\Software\CLASSES\WinShow.ViewSource.1
|
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
| on\explorer\Browser Helper Objects\{6CC1C918-AE8B-4373-
| A5B4-28BA1851E39A}
|

 

[neil]

If Norton has identified a file name it may be within system restore, you
may have to remove your previous system restore points. Either turn off
system restore, reboot and turn it back on again. Or use disk cleanup go to
"More Options" and remove all but the most recent restore point.


Neil

 

[Alex Nichol]

I was doing a scan with Norton Antivirus 2004 (using
Windows XP). I have just upgraded the Norton. It showed
that I have a risk with a file called f10213.exe
(Adware). Norton cannot delete it. I tried to manually
do it, but an explore nor a search found the file.

Probably NAV has removed it, but found an old copy that has got into a
System Restore point. It can do no harm there unless you restore to
that point. So wait for a new fresh restore point to be made (or make
one manually using
Start - All Programs - Accessories - System Tools - System Restore)
then use Start - All Programs - Accessories - System Tools - Disk
CLeanup
and in its More Options, click to delete all but the most recent restore
point.

 

[Yves Leclerc]

I do not rely on on one adware/spywar/malware detection program. Try
Ad-Aware 6 and/or Spybot.

Y.