Same adware keeps coming back

[Greg]

Please help. Every time I run MS AntiSpyware, it detects
the file ICanNews.CasClient(Adware). I delete the file
and it keeps coming back. How can I get rid of this file
and keep it gone? I am getting a lot of popups and I
think this file is causing it.

Please help if you can.

 

[AndyManchesta]

This is probably CasinoClient but it could also be a sign
of a more serious infection like Look2me(Ewido will show
if there is other junk on the system) , Log into the
Admin Account and reboot into safe mode then run a full
system scan and remove anything found (Reboot and keep
tapping F8 then choose safe mode from the list)

While In safe mode check for these files/folders and
delete them:

C:\Program Files\Cas <-- Delete this folder

C:\Documents and Settings\[Your User Name]Local
Settings\Temp\cassetup.exe

There is also entries in the registry in the software
folder and to run Cas but leave this if you do not feel
confident with Regedit and let Ewido or MSAS remove them.

Navigate to the run folder and left click run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run

In the right pane delete :

"CAS Client" = "%ProgramFiles%\Cas\Client\casclient.exe"

Also delete these entries :

HKEY_CURRENT_USER\Software\CAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Main.MimeFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Main.MimeFilter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Main.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E0DC5CC4-25A5-
4BC7-A3AA-3525733DC796}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8293D547-38DD-
4325-B35A-F1817EDFA5FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D4C89C18-
B4F3-46A9-8800-E9E7A55AFBD9}


Reboot back to normal mode



If you still have problems download these :


download ewido security suite

http://www.ewido.net/en/download/

Install ewido

When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

Launch ewido,
The program will now go to the main screen
You will need to update ewido to the latest definition
files.
On the left hand side of the main screen click update
Then click on Start Update
If you are having problems with the updater, you can use
this link to manually update ewido.

http://www.ewido.net/en/download/updates/



Download Ccleaner

http://www.ccleaner.com/ccdownload.asp


Restart your computer back into Safe Mode by Tapping F8
on reboot and choosing safe mode from the list


Run Ewido

Click on scanner
Click on Complete System Scan and the scan will begin.

While the scan is in progress you will be prompted to
clean files, click OK

When it asks if you want to clean the first file, put a
check in the lower left corner of the box that
says "Perform action on all infections" then choose
Remove and click OK.

Once the scan has completed, there will be some options
at the bottom of the screen
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite.

Run MS Antispy again, run a full system scan and remove
anything found

Run Ccleaner and Click "Run Cleaner"

Reboot back to normal mode, If you still have problems
post the ewido scan log and I will try help more on this.


Regards Andy

 

[AndyManchesta]

I forgot to add this:

The Entry :

C:\Documents and Settings\[Your User Name]\Local
Settings\Temp\cassetup.exe

is in a hidden file so goto

C:\Documents and Settings\[Your User Name]\ then
press "Tools" on the top bar and then "Folder Options"
Next goto the "View" tab and place a check next to "Show
Hidden Files and Folders" and press apply

Carry on to \Local Settings\Temp\cassetup.exe and delete
the cassetup.exe file then go back to the "Folder
Options" >"View" tab and press "Restore Defaults" then
press apply again

You could also use Ccleaner for this but wanted to
explain how to find the folder if its needed.

Andy

 

[Ira]

Here are my 2 cents. If it keeps happening, you are probably visiting the
same place on the net and reloading the garbage at that point. I would
suggest that you block the entry of said program and see if it continues
happening.
Ira.
:
: I forgot to add this:
:
: The Entry :
:
: C:\Documents and Settings\[Your User Name]\Local
: Settings\Temp\cassetup.exe
:
: is in a hidden file so goto
:
: C:\Documents and Settings\[Your User Name]\ then
: press "Tools" on the top bar and then "Folder Options"
: Next goto the "View" tab and place a check next to "Show
: Hidden Files and Folders" and press apply
:
: Carry on to \Local Settings\Temp\cassetup.exe and delete
: the cassetup.exe file then go back to the "Folder
: Options" >"View" tab and press "Restore Defaults" then
: press apply again
:
: You could also use Ccleaner for this but wanted to
: explain how to find the folder if its needed.
:
: Andy
: