The following instructions have been created to help you to get rid of "MeMedia.AdVantage" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Advantage runs visible with an icon in the taskbar, it connects to various WhenU and MeMedia sites. Once it completes its requests it will collect information about the user's surfing habits to address him with contextual advertising.
But not all advertising is contextual, on opening google.de a popup/-under will appear that advertises adult contacts. The Firefox add-on that is also installed can be disabled but does not uninstall with the rest of Advantage, it has to be uninstalled manually in contrast to its installation along the other Advantage components. MeMedia is the new company name for WhenU.
Supposed Functionality:
Advertising component that is bundled with software to make it available without usage fees. Supposed to have contextual advertising delivered 4-5 times per day.
Privacy Statement:
By downloading AdVantage (the “Software”), a product of MeMedia Inc. (“MeMedia”), you give permission to MeMedia to display relevant contextual pop-up ads, comparison shopping results and coupons while you are online. The Software selects which ads and offers to display based on several factors, including: Web pages you visit, terms you enter into search engines and other online forms, content of the Web pages you view and your IP address and zip code.

MeMedia is committed to serving highly relevant, contextual pop-up ads, comparison shopping results and coupons, while still providing consumers with industry-leading privacy protection. The Software protects your privacy by uploading a database of content in small chunks to your computer and then determining on your computer whether to retrieve information from MeMedia or third-party servers. To protect your privacy, the same database of content is sent to all of our users. The determination of which ads to display to an individual user is made on the individual user’s own computer and isolated from MeMedia servers. In this way, MeMedia is able to deliver relevant coupons, information and advertisements without sending all of your browsing activity back to MeMedia and without establishing any profile about you (even anonymously) on MeMedia servers.

Your privacy is also protected in the following manner:
Your personally-identifiable information is not required in order to use the Software. MeMedia does not know your individual identity and does not attempt to discern it in any way.
MeMedia does not assemble any personally-identifiable browsing profiles of you or your individual machine.
MeMedia does not assemble any anonymous machine-identifiable browsing profile of you or your machine.
The Software sends back to MeMedia servers anonymous information from your computer so that we can keep track of the number of users in our network and optimize the performance and relevance of the ads. For example, the Software may send MeMedia or a MeMedia partner a communication that includes information about the Webpage you were viewing when you saw or clicked on a particular ad, the term you entered into a search engine or online form and/or your IP address or zip code. MeMedia has intentionally designed these communications back to MeMedia or a MeMedia partner to be highly protective of user privacy in the following ways:

Each individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable MeMedia to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users. All Software components will be removed upon uninstallation, except for your anonymous, unique machine ID, which remains in the registry.
When ads are requested and/or displayed by the Software, impressions and click-throughs, including the factor (e.g., the URL, keyword, search term, IP address, zip code or some combination thereof) that caused the ad to be displayed are reported to MeMedia.
The anonymous information that your computer sends back to MeMedia servers may be shared with MeMedia partners to improve the performance of the Software and to optimize the relevancy of the advertisements. MeMedia uses reasonable commercial efforts to restrict the further dissemination of such anonymous information by such partners. However, MeMedia does not control the activities of our partners and cannot prevent them from using or disseminating such anonymous information.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "AdVantage" and pointing to "*<$PROGRAMFILES>\AdVantage\AdVantage.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\AdVantage\AdVantage.db".
  • The file at "<$PROGRAMFILES>\AdVantage\AdVantage.exe".
  • The file at "<$PROGRAMFILES>\AdVantage\AdVantage.htm".
  • The file at "<$PROGRAMFILES>\AdVantage\AdVUninst.exe".
  • The file at "<$PROGRAMFILES>\AdVantage\ffext.mod".
  • The file at "<$PROGRAMFILES>\AdVantage\TR.dll".
  • The file at "<$PROGRAMFILES>\AdVantage\user.db".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll".
Make sure you set your file manager to display hidden and system files. If MeMedia.AdVantage uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\AdVantage".
  • The directory at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}".
  • The directory at "<$PROGRAMFILES>\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}\components".
Make sure you set your file manager to display hidden and system files. If MeMedia.AdVantage uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "AdVantage" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "{69E0089F-28BC-4BB5-862B-E2B07C3B83C6}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "TR.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{602D9049-B4AC-4A25-BF75-A9B54D747CBA}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5AC3A9EF-C0F8-41D4-B4E2-B7CEBB794151}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{862DEF42-89AA-49FA-AE1F-8A84B1B08A17}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{F6E4845D-1D13-4BC0-942D-B9191524CC48}" at "HKEY_CLASSES_ROOT\Interface\".
  • A key in HKEY_CLASSES_ROOT\ named "MEAD.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "TR.TRFactory", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "TR.TRFactory.1", plus associated values.
  • Delete the registry key "{DABF362D-D442-4402-9208-CA9ED70DD01E}" at "HKEY_CLASSES_ROOT\TypeLib\".
If MeMedia.AdVantage uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.