Randomman42
2006-04-03, 22:41
About ad-w-a-r-e.com
This is a nasty site and its taken me two days to sort out my daughter's PC upto a point.
Something, and I don't know what, launches a browser window with this URL
http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={9D3D5E5F-E9F0-B085-0750-019A36760998}&type=normal&mSkip=1&rnd=2925At the same time my host file is filled with these entries
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
Before I blocked ad-w-a-r-e it was redirecting to one of these and installing viruses/adware - 80/8 removed
No visuses can now be found (3 different scans) and no adware found by Spybot S&D, yet the problem persists.
Clue No 1 . In the registry I have found this HEX string
{9D3D5E5F-E9F0-B085-0750-019A36760998}
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Clue No 2
If I sit and watch my firewall I see Explorer.exe connecting briefly, then System then firefox - then I get a new firefox window or tabconnecting to the url above. Blocked Ha!
Any help in locating this nasty piece of work would be appreciated.
This is a nasty site and its taken me two days to sort out my daughter's PC upto a point.
Something, and I don't know what, launches a browser window with this URL
http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={9D3D5E5F-E9F0-B085-0750-019A36760998}&type=normal&mSkip=1&rnd=2925At the same time my host file is filled with these entries
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
Before I blocked ad-w-a-r-e it was redirecting to one of these and installing viruses/adware - 80/8 removed
No visuses can now be found (3 different scans) and no adware found by Spybot S&D, yet the problem persists.
Clue No 1 . In the registry I have found this HEX string
{9D3D5E5F-E9F0-B085-0750-019A36760998}
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Clue No 2
If I sit and watch my firewall I see Explorer.exe connecting briefly, then System then firefox - then I get a new firefox window or tabconnecting to the url above. Blocked Ha!
Any help in locating this nasty piece of work would be appreciated.