adware installed as a trusted certificate in registry

[Guest]

I have an issue concerning registry settings for trusted certificates in my XP Home Edition PC. My spyware/malware utility Pest Patrol reports that Claria Corporation has installed a trusted certififcate in my registry. Pest Patrol is able to temporarily remove this annoyance, however it seems to reinstall itself after a few browses on the internet. SpyBot S and D, AdAware 6.0 and Mcafee VirusScan do not report this adware annoyance since it is registered in the PC as a trusted certificate. When the adware is active it affects the browser web pages with a 404 Server cannot be found error or a page that doesnt load properly, incomplete or not at all. I also get an error message stating that my system clock setting is incorrect and needs to changed when trying to login from MSN Explorer. I try synchronizing the clock and that doesnt help. When I clean the Claria adware with Pest Patrol everything works fine again until the adware updates or reinstalls itself. I am not able to view this trusted certificate in IE 6, however I have noticed some suspicious registry settings that have meaningless symbols under the HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES. How can I refresh the system certificates without getting this adware certificate back in? I am not comfortable with editing this part of the registry and also not comfortable with an adware companie's certificate in my PC. Please advise. Thanks.

 

[Wesley Vogel]

You downloaded something you shouldn't have.
Have a visit here:
http://www.pcpitstop.com/

[Be sure to visit our new Gator Information Center. Whether or not you've ever encountered
Gator--which recently changed its name to Claria--find out what you need to know about the
company and its products].
[Gator applications include eWallet, DateManager, WeatherScope, and PrecisionTime.
PrecisionTime keeps your system clock up to date.] I wonder which one you have?
http://www.pcpitstop.com/gator/
===
SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being
installed.
http://www.javacoolsoftware.com/spywareblaster.html
====
Keep SpywareBlaster updated. SpyBot S and D, AdAware 6.0 also. McCrappy VirusScan won't
do any good

 

[Guest]

Thanks Wes, I have been to Gain, Gator and Claria websites. Of course, there is no clear courses of action at the websites to remove their trusted certificate. It only addresses the touted applications they offer, nothing about the trust certificate. I do remember hitting an Overture sponsored website while surfing the net and not being able to escape their download window popups because of the sheer numbers of the pop up and pop under windows. There is no clear defined course of action at the various Microsoft centers either for removing and reinstalling trusted certificates. So, anyone out there with a good suggestion? I have noticed that the net is strangely silent on the issue of trusted certificates being spoofed and invisibly installed on PC's without the users express permission or knowledge, due to recent concerns of any entity being able to issue a digitally signed certificate these days or being able to slide in on the coat tails of a master trusted root certificate. Guess I better turn off the automatic Trusted Certificates update feature in XP before who knows what else gets in this PC.

 

[Diggy]

Hey Phonedaddy! Glad to see this post! On my comp also, Pest Patrol found
two reg entries in the Trusted Certificate key, and the entries were said to
be from Claria, which raised a red flag. However, I have not seen any
strange behavior. I also have Zone Alarm, and have not seen any unusual
outgoing activity, except OSE.EXE (this may or may not be related to the
Claria reg entries).

Here are the reg entries:
Pest Detected in
HKEY_CURRENT_USER\software\microsoft\systemcertificates\trustedpublisher\crl
s
Pest: Claria
User Action: registry entry ignored, NOT Quarantined


Pest Detected in
HKEY_CURRENT_USER\software\microsoft\systemcertificates\trustedpublisher\ctl
s
Pest: Claria
User Action: registry entry ignored, NOT Quarantined


So what's the deal with this stuff? Is it a mistake by PP? And do these
reg entries mean that there are, in fact, certificates from Claria on my
computer? If so, how the heck can you remove them? (I tried looking at the
list of certificates viewable from IE, but I can't see any with the name
Claria or Gator. Most of the certificates there have names that mean
nothing to me.)

--
ICQ#
| I have an issue concerning registry settings for trusted certificates in
my XP Home Edition PC. My spyware/malware utility Pest Patrol reports that
Claria Corporation has installed a trusted certififcate in my registry. Pest
Patrol is able to temporarily remove this annoyance, however it seems to
reinstall itself after a few browses on the internet. SpyBot S and D,
AdAware 6.0 and Mcafee VirusScan do not report this adware annoyance since
it is registered in the PC as a trusted certificate. When the adware is
active it affects the browser web pages with a 404 Server cannot be found
error or a page that doesnt load properly, incomplete or not at all. I also
get an error message stating that my system clock setting is incorrect and
needs to changed when trying to login from MSN Explorer. I try synchronizing
the clock and that doesnt help. When I clean the Claria adware with Pest
Patrol everything works fine again until the adware updates or reinstalls
itself. I am not able to view this trusted certificate in IE 6, however I
have noticed some suspicious registry settings that have meaningless symbols
under the HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES. How can
I refresh the system certificates without getting this adware certificate
back in? I am not comfortable with editing this part of the registry and
also not comfortable with an adware companie's certificate in my PC. Please
advise. Thanks.

 

[Wesley Vogel]

Gator, Claria whatever !@@#%$#$%^ scumbags!!!!

Sorry, I didn't think of this before.

IE | Tools | Internet Options | General tab | Settings button | View Objects button
If you don't see one that looks obvious | Right click | Properties | Look at info under
all the tabs | If you find something you want to get rid of | Close Properties |
Right click | Remove.

If your not sure, remove it anyway. Worst case, you remove
http://v4.windowsupdate.microsoft.com/CAB/x...........
Which is for Windows Update. If you do happen to remove it (or something else you may
need),
the next time you go to Windows Update (or wherever) you will be prompted to download it
again.
No harm, no foul. I have four Downloaded Objects; Java, MS Office Templates, MS Office
Update
and Windows Update.
=====
********
I'm thinking that you get rid of the installed object(s) your certificate problem will be
a lot easier.
*********
=======
IE | Tools | Internet Options | Content tab | Certificate button |
Find the Claria Corporation certificate(s) you want and remove it (them).

Also, Try this:
Control Panel | Administrative Tools |Console1.msc
If you do not have the Certificates snap-in;
File | Add/Remove Snap-in | Standalone tab | Add button | Highlight Certificates | Add
button | Close button | OK
In Console | Find the Claria Corporation certificate(s)
1) Right click and Delete
Or;
2) Right click the Claria Corporation certificate(s) and drag to
Untrusted Certificates\Certificates
==============
HijackThis will find all kinds of stuff and can remove it for you. It will find Downloaded
Program Files, which are located in C:\WINDOWS\Downloaded Program Files.
-----
HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

HijackThis (zipped):
http://tomcoyote.org/hjt/

 

[Wesley Vogel]

Diggy;
Gator, Claria whatever !@@#%$#$%^ scumbags!!!!

IE | Tools | Internet Options | General tab | Settings button | View Objects button
If you don't see one that looks obvious | Right click | Properties | Look at info under
all the tabs | If you find something you want to get rid of | Close Properties |
Right click | Remove. The certificate doesn't mean jack ****.

If your not sure, remove it anyway. Worst case, you remove
http://v4.windowsupdate.microsoft.com/CAB/x...........
Which is for Windows Update. If you do happen to remove it (or something else you may
need),the next time you go to Windows Update (or wherever) you will be prompted to
download it
again. No harm, no foul. I have four Downloaded Objects; Java, MS Office Templates, MS
Office
Update and Windows Update.
=====
********
I'm thinking that you get rid of the installed object(s) your certificate problem will be
a lot easier.
*********
=======
IE | Tools | Internet Options | Content tab | Certificate button |
Find the Claria Corporation certificate(s) you want and remove it (them).

Also, Try this:
Control Panel | Administrative Tools |Console1.msc
If you do not have the Certificates snap-in;
File | Add/Remove Snap-in | Standalone tab | Add button | Highlight Certificates | Add
button | Close button | OK
In Console | Find the Claria Corporation certificate(s)
1) Right click and Delete
Or;
2) Right click the Claria Corporation certificate(s) and drag to
Untrusted Certificates\Certificates
==============
HijackThis will find all kinds of stuff and can remove it for you. It will find Downloaded
Program Files, which are located in C:\WINDOWS\Downloaded Program Files.
The certificate doesn't mean jack ****.
-----
HijackThis
http://www.spywareinfo.com/~merijn/downloads.html

HijackThis (zipped):
http://tomcoyote.org/hjt/

 

[Wesley Vogel]

I just removed six certificates because their Experation Date was expired.

 

[Wesley Vogel]

Diggy;
Ose.exe is Office Source Engine. Run by Setup.exe to copy installation
files from the source to a local installation source on the user's computer.
Often used during an Office 2003 installation.

 

[Diggy]

Yeah that's what I found out, but I can't figure why it calls out a couple
of times every day.

--
ICQ#
| Diggy;
| Ose.exe is Office Source Engine. Run by Setup.exe to copy installation
| files from the source to a local installation source on the user's
computer.
| Often used during an Office 2003 installation.
| --
| Hope this helps. Let us know.
| Wes
|
| In | Diggy <[email protected]> hunted and pecked:
| > Hey Phonedaddy! Glad to see this post! On my comp also, Pest Patrol
found
| > two reg entries in the Trusted Certificate key, and the entries were
said to
| > be from Claria, which raised a red flag. However, I have not seen any
| > strange behavior. I also have Zone Alarm, and have not seen any unusual
| > outgoing activity, except OSE.EXE (this may or may not be related to the
| > Claria reg entries).
| >
| > Here are the reg entries:
| > Pest Detected in
| >
HKEY_CURRENT_USER\software\microsoft\systemcertificates\trustedpublisher\crl
| > s
| > Pest: Claria
| > User Action: registry entry ignored, NOT Quarantined
| >
| >
| > Pest Detected in
| >
HKEY_CURRENT_USER\software\microsoft\systemcertificates\trustedpublisher\ctl
| > s
| > Pest: Claria
| > User Action: registry entry ignored, NOT Quarantined
| >
| >
| > So what's the deal with this stuff? Is it a mistake by PP? And do
these
| > reg entries mean that there are, in fact, certificates from Claria on my
| > computer? If so, how the heck can you remove them? (I tried looking at
the
| > list of certificates viewable from IE, but I can't see any with the name
| > Claria or Gator. Most of the certificates there have names that mean
| > nothing to me.)
| >
| > --
| > ICQ#
| > | > > I have an issue concerning registry settings for trusted certificates
in
| > my XP Home Edition PC. My spyware/malware utility Pest Patrol reports
that
| > Claria Corporation has installed a trusted certififcate in my registry.
Pest
| > Patrol is able to temporarily remove this annoyance, however it seems to
| > reinstall itself after a few browses on the internet. SpyBot S and D,
| > AdAware 6.0 and Mcafee VirusScan do not report this adware annoyance
since
| > it is registered in the PC as a trusted certificate. When the adware is
| > active it affects the browser web pages with a 404 Server cannot be
found
| > error or a page that doesnt load properly, incomplete or not at all. I
also
| > get an error message stating that my system clock setting is incorrect
and
| > needs to changed when trying to login from MSN Explorer. I try
synchronizing
| > the clock and that doesnt help. When I clean the Claria adware with Pest
| > Patrol everything works fine again until the adware updates or
reinstalls
| > itself. I am not able to view this trusted certificate in IE 6, however
I
| > have noticed some suspicious registry settings that have meaningless
symbols
| > under the HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES. How
can
| > I refresh the system certificates without getting this adware
certificate
| > back in? I am not comfortable with editing this part of the registry
and
| > also not comfortable with an adware companie's certificate in my PC.
Please
| > advise. Thanks.

 

[Unnamed]

I have an issue concerning registry settings for trusted certificates in my XP Home Edition PC. My
spyware/malware utility Pest Patrol reports that Claria Corporation has

installed a trusted certififcate in my

registry. Pest Patrol is able to temporarily remove this annoyance,

however it seems to reinstall itself after a > few browses on the internet.
SpyBot S and D, AdAware 6.0 and Mcafee VirusScan do not

Regardless of the fact that you say it DOESNT remove it, as you are actually
talking about GATOR, I have to tell you that Spybot DOES remove it. You may
NOT, however, actually have the latest Spybot so I suggest you try updating
it to get the latest. Mcafee really isnt that far in to looking at Spyware
right now so there is no doubt that their programs wouldnt pick it up.

 

[Guest]

-----Original Message-----
I have an issue concerning registry settings for trusted

certificates in my XP Home Edition PC. My spyware/malware
utility Pest Patrol reports that Claria Corporation has
installed a trusted certififcate in my registry. Pest
Patrol is able to temporarily remove this annoyance,
however it seems to reinstall itself after a few browses
on the internet. SpyBot S and D, AdAware 6.0 and Mcafee
VirusScan do not report this adware annoyance since it is
registered in the PC as a trusted certificate. When the
adware is active it affects the browser web pages with a
404 Server cannot be found error or a page that doesnt
load properly, incomplete or not at all. I also get an
error message stating that my system clock setting is
incorrect and needs to changed when trying to login from
MSN Explorer. I try synchronizing the clock and that
doesnt help. When I clean the Claria adware with Pest
Patrol everything works fine again until the adware
updates or reinstalls itself. I am not able to view this
trusted certificate in IE 6, however I have noticed some
suspicious registry settings that have meaningless
symbols under the
HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES.
How can I refresh the system certificates without getting
this adware certificate back in? I am not comfortable
with editing this part of the registry and also not
comfortable with an adware companie's certificate in my
PC. Please advise. Thanks.

.
Claria is the new name for a old parasite "GATOR" you

might have installed this as "bundled" software which
explains the Certificate

go to www.spywareinfo.com and download hijackthis scan
your system and post the results in their forum their
advise will be top notch
Have a good new year

 

[Guest]

I tried looking at the
list of certificates viewable from IE, but I can't see
any with the name
Claria or Gator.

This is because they do not want you to find it
Gator is not good

 

[Guest]

Thanks for the suggestions, peeps. I have all the latest updates and have run multiple scans with Spybot S and D, AdAware 6.0 , HiJack This! , Pest Patrol over the course of the last 2 weeks. Pest Patrol is the ONLY utility that reports this adware annoyance and ONLY temporarily removes it. I have gone over my PC with a microscope and checked every exe, dll, etc. I have previously checked the installed objects mentioned by Wes and have found none to be suspect. Inspection of the all the trusted root certificates in IE6 displays a bunch of certificates that cannot obviously be identified to Claria, Gator, et al.
Now here is the clincher... before I posted here, I set all my recognized system and internet applications in Mcafee firewall to outbound access only. The Claria annoyance has not reset the registry keys as of this posting and I have surfed the net intensively to test for reappearance of the Claria annoyance. So far, so good. Will update here when I find which system service or application lets it back in.

 

[Guest]

Diggy, I have noticed the same things as you concerning this Claria annoyance. The Pest Patrol website is stating that this Claria annoyance is a new appearance and was found in December 2003, ( only FOUND). Who knows how long it has been around. The removal instructions Pest Patrol posted on their website do not seem to apply to this scenario. The Claria annoyance seems to only "trick" the registry into accepting it as a trusted certificate. I just upgraded to XP November 30 from a new install on a new hard disk with no third party software or any personal files introduced to the installation until all necessary updates were performed. I purposely introduced all my favorite applications one by one to the new OS to insure I would not pick up anything like this Claria annoyance and other undesirable malware, adware etc. Scans were performed after each install with detection utilities and run for a period of time before adding another. Any recommended Microsoft updates were applied immediately when available. All software installs were run without my broadband connection plugged in. I have experience removing Gator and all its ugly cousins from other PC's and OS I previously owned and used. This trusted certificate thing is a new variation of an old theme. Let's see where this goes.

 

[Unnamed]

Thanks for the suggestions, peeps. I have all the latest updates and have

run multiple scans with Spybot S and D, AdAware 6.0 , HiJack This! , Pest
Patrol over the course of the last 2 weeks. Pest Patrol is the ONLY utility
that reports this adware annoyance and ONLY temporarily removes it. I have
gone over my PC with a microscope and checked every exe, dll, etc. I have
previously checked the installed objects mentioned by Wes and have found
none to be suspect. Inspection of the all the trusted root certificates in
IE6 displays a bunch of certificates that cannot obviously be identified to
Claria, Gator, et al.

Now here is the clincher... before I posted here, I set all my recognized

system and internet applications in Mcafee firewall to outbound access only.
The Claria annoyance has not reset the registry keys as of this posting and
I have surfed the net intensively to test for reappearance of the Claria
annoyance. So far, so good. Will update here when I find which system
service or application lets it back in.


One more thing about Spybot - it has an IMMUNISE function. You have to click
on it to go to that section then click on IMMUNISE again. Also, below that
on that page, you can "install" the ability to have a warning come up if
something tries to install itself on your system. I don't know just how
effective that is but it HAS warned me, twice, when I have done a test by
multiversing on the web without a firewall.

 

[Diggy]

Well I installed the certificates console as suggested in this thread
somewhere up there, and I looked through all the certificates. I did see a
few that seemed to my very untrained eyes to be suspicious. I mean, there
were a couple that looked like they were named in Polish or Russian, so I
deleted these. Then I have three folders, not actual certificates, that
have Chinese symbols as names. I wanted to delete these strange, empty
folders also, but could not see a way. (I do surf the Korean internet, but
even Korean companies almost always use English for computer stuff.) I
think those Chinese things are definitely something pernicious.

--
ICQ#
|
| >-----Original Message-----
| >I have an issue concerning registry settings for trusted
| certificates in my XP Home Edition PC. My spyware/malware
| utility Pest Patrol reports that Claria Corporation has
| installed a trusted certififcate in my registry. Pest
| Patrol is able to temporarily remove this annoyance,
| however it seems to reinstall itself after a few browses
| on the internet. SpyBot S and D, AdAware 6.0 and Mcafee
| VirusScan do not report this adware annoyance since it is
| registered in the PC as a trusted certificate. When the
| adware is active it affects the browser web pages with a
| 404 Server cannot be found error or a page that doesnt
| load properly, incomplete or not at all. I also get an
| error message stating that my system clock setting is
| incorrect and needs to changed when trying to login from
| MSN Explorer. I try synchronizing the clock and that
| doesnt help. When I clean the Claria adware with Pest
| Patrol everything works fine again until the adware
| updates or reinstalls itself. I am not able to view this
| trusted certificate in IE 6, however I have noticed some
| suspicious registry settings that have meaningless
| symbols under the
| HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES.
| How can I refresh the system certificates without getting
| this adware certificate back in? I am not comfortable
| with editing this part of the registry and also not
| comfortable with an adware companie's certificate in my
| PC. Please advise. Thanks.
| >.
| >Claria is the new name for a old parasite "GATOR" you
| might have installed this as "bundled" software which
| explains the Certificate
|
| go to www.spywareinfo.com and download hijackthis scan
| your system and post the results in their forum their
| advise will be top notch
| Have a good new year

 

[Wesley Vogel]

Diggy;
Do they look like this:


k
?????
Right below Trusted People???
And they're Empty??

I wouldn't worry about them. I have them too.
Check back and look at the certificates once in a while, if you have the
Cryptographic Service running.

[Provides three management services: Catalog Database Service,
which confirms the signatures of Windows files; Protected Root Service, which
adds and removes Trusted Root Certification Authority certificates from this
computer; and Key Service, which helps enroll this computer for certificates. If
this service is stopped, these management services will not function properly.]

 

[Diggy]

Well, yeah, they are empty. But they actually have Chinese letters next to
them. Beats me what they are. I do have the Cryptographic service running.
I was wondering, if I have these certificates from Claria, then could their
spyware have been installed automatically, even though I have tight
restrictions on ActiveX?

--
ICQ#
| Diggy;
| Do they look like this:
|
|
| k
| ?????
| Right below Trusted People???
| And they're Empty??
|
| I wouldn't worry about them. I have them too.
| Check back and look at the certificates once in a while, if you have the
| Cryptographic Service running.
|
| [Provides three management services: Catalog Database Service,
| which confirms the signatures of Windows files; Protected Root Service,
which
| adds and removes Trusted Root Certification Authority certificates from
this
| computer; and Key Service, which helps enroll this computer for
certificates. If
| this service is stopped, these management services will not function
properly.]
| --
| Hope this helps. Let us know.
| Wes
|
| In | Diggy <[email protected]> hunted and pecked:
| > Well I installed the certificates console as suggested in this thread
| > somewhere up there, and I looked through all the certificates. I did
see a
| > few that seemed to my very untrained eyes to be suspicious. I mean,
there
| > were a couple that looked like they were named in Polish or Russian, so
I
| > deleted these. Then I have three folders, not actual certificates, that
| > have Chinese symbols as names. I wanted to delete these strange, empty
| > folders also, but could not see a way. (I do surf the Korean internet,
but
| > even Korean companies almost always use English for computer stuff.) I
| > think those Chinese things are definitely something pernicious.
| >
| > --
| > ICQ#
| > | > >
| > > > -----Original Message-----
| > > > I have an issue concerning registry settings for trusted
| > > certificates in my XP Home Edition PC. My spyware/malware
| > > utility Pest Patrol reports that Claria Corporation has
| > > installed a trusted certififcate in my registry. Pest
| > > Patrol is able to temporarily remove this annoyance,
| > > however it seems to reinstall itself after a few browses
| > > on the internet. SpyBot S and D, AdAware 6.0 and Mcafee
| > > VirusScan do not report this adware annoyance since it is
| > > registered in the PC as a trusted certificate. When the
| > > adware is active it affects the browser web pages with a
| > > 404 Server cannot be found error or a page that doesnt
| > > load properly, incomplete or not at all. I also get an
| > > error message stating that my system clock setting is
| > > incorrect and needs to changed when trying to login from
| > > MSN Explorer. I try synchronizing the clock and that
| > > doesnt help. When I clean the Claria adware with Pest
| > > Patrol everything works fine again until the adware
| > > updates or reinstalls itself. I am not able to view this
| > > trusted certificate in IE 6, however I have noticed some
| > > suspicious registry settings that have meaningless
| > > symbols under the
| > > HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES.
| > > How can I refresh the system certificates without getting
| > > this adware certificate back in? I am not comfortable
| > > with editing this part of the registry and also not
| > > comfortable with an adware companie's certificate in my
| > > PC. Please advise. Thanks.
| > > > .
| > > > Claria is the new name for a old parasite "GATOR" you
| > > might have installed this as "bundled" software which
| > > explains the Certificate
| > >
| > > go to www.spywareinfo.com and download hijackthis scan
| > > your system and post the results in their forum their
| > > advise will be top notch
| > > Have a good new year
|

 

[Wesley Vogel]

Diggy;
They are probably empty folders.

HijackThis
http://www.spywareinfo.com/~merijn/index.html

--
Hope this helps. Let us know.
Wes

In

Well, yeah, they are empty. But they actually have Chinese letters next to
them. Beats me what they are. I do have the Cryptographic service running.
I was wondering, if I have these certificates from Claria, then could their
spyware have been installed automatically, even though I have tight
restrictions on ActiveX?

--
ICQ#

Diggy;
Do they look like this:


k
?????
Right below Trusted People???
And they're Empty??

I wouldn't worry about them. I have them too.
Check back and look at the certificates once in a while, if you have the
Cryptographic Service running.

[Provides three management services: Catalog Database Service,
which confirms the signatures of Windows files; Protected Root Service, which
adds and removes Trusted Root Certification Authority certificates from this
computer; and Key Service, which helps enroll this computer for certificates. If
this service is stopped, these management services will not function properly.]
--
Hope this helps. Let us know.
Wes

In

Well I installed the certificates console as suggested in this thread
somewhere up there, and I looked through all the certificates. I did see a
few that seemed to my very untrained eyes to be suspicious. I mean, there
were a couple that looked like they were named in Polish or Russian, so I
deleted these. Then I have three folders, not actual certificates, that
have Chinese symbols as names. I wanted to delete these strange, empty
folders also, but could not see a way. (I do surf the Korean internet, but
even Korean companies almost always use English for computer stuff.) I
think those Chinese things are definitely something pernicious.

--
ICQ#

-----Original Message-----
I have an issue concerning registry settings for trusted
certificates in my XP Home Edition PC. My spyware/malware
utility Pest Patrol reports that Claria Corporation has
installed a trusted certififcate in my registry. Pest
Patrol is able to temporarily remove this annoyance,
however it seems to reinstall itself after a few browses
on the internet. SpyBot S and D, AdAware 6.0 and Mcafee
VirusScan do not report this adware annoyance since it is
registered in the PC as a trusted certificate. When the
adware is active it affects the browser web pages with a
404 Server cannot be found error or a page that doesnt
load properly, incomplete or not at all. I also get an
error message stating that my system clock setting is
incorrect and needs to changed when trying to login from
MSN Explorer. I try synchronizing the clock and that
doesnt help. When I clean the Claria adware with Pest
Patrol everything works fine again until the adware
updates or reinstalls itself. I am not able to view this
trusted certificate in IE 6, however I have noticed some
suspicious registry settings that have meaningless
symbols under the
HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SYSTEM CERTIFICATES.
How can I refresh the system certificates without getting
this adware certificate back in? I am not comfortable
with editing this part of the registry and also not
comfortable with an adware companie's certificate in my
PC. Please advise. Thanks.
.
Claria is the new name for a old parasite "GATOR" you
might have installed this as "bundled" software which
explains the Certificate

go to www.spywareinfo.com and download hijackthis scan
your system and post the results in their forum their
advise will be top notch
Have a good new year

 

[Guest]

I too also have those characters in the registry. I also notice that several services are running with svchost -k svcs or localservice or network service. Does the -k reference the k in the registry settings?