View Full Version : Auto surfing to ad-w-a-r-e.com

2006-04-03, 22:41
About ad-w-a-r-e.com
This is a nasty site and its taken me two days to sort out my daughter's PC upto a point.
Something, and I don't know what, launches a browser window with this URL
http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={9D3D5E5F-E9F0-B085-0750-019A36760998}&type=normal&mSkip=1&rnd=2925At the same time my host file is filled with these entries sds-qckads.com status.qckads.com www.qoolaid.com www.qoologic.com www.CLKPrecision.com www.urllogic.com www.clkoptimizer.com www.isearch.com isearch.com www.idownload.com idownload.com www.mytotalsearch.com mytotalsearch.com www.lop.com lop.com www.websearch.com websearch.com www.page-not-found.net page-not-found.net www.isearchhere.com isearchhere.com as.adwave.com sr.adwave.com www.adwave.com adwave.com EVENT:HOST: www.pacimedia.com www.exactsearch.net www.contextplus.net
Before I blocked ad-w-a-r-e it was redirecting to one of these and installing viruses/adware - 80/8 removed
No visuses can now be found (3 different scans) and no adware found by Spybot S&D, yet the problem persists.
Clue No 1 . In the registry I have found this HEX string
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Clue No 2
If I sit and watch my firewall I see Explorer.exe connecting briefly, then System then firefox - then I get a new firefox window or tabconnecting to the url above. Blocked Ha!

Any help in locating this nasty piece of work would be appreciated.

2006-04-03, 22:47
Hi there.

If you are not being helped at another forum, please follow these instructions.
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

Start a topic here:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)

Someone will then take a look at the system and advise you as soon as available to do so.


md usa spybot fan
2006-04-03, 23:36
re: ad-w-a-r-e.com (and also a-d-w-a-r-e.com)


The following sites are placed in the Internet Explorer's restricted zone by Spybot's Immunize facility to prevent downloads and the storing to cookies (dots replaced by underscores (_) to pervent access from this post):
In addition the following entries are added to the HOSTS file by Spybot's HOSTS file facility to prevent access to the following sites entirely (dots replaced by underscores (_) to pervent access from this post):

2006-04-04, 00:33
Randomman42 has posted in the malware removal forum where the L2M infection will be attended to. ;)