PDA

View Full Version : W3i.IQ5.fraud



NCISfan
2012-02-13, 13:43
I am puzzled.

I use Spybot 1.6.2.46 with Windows Vista.

I have recently done a survey and originally 3 unwanted programs were on my computer yesterday:

IQ Installer
Freeze.com

W3i.IQ5.fraud
[SBI $5ADC6E84] Program directory
C:\Windows\System32\AI_RecycleBin\

I managed to safely remove the former two manually, but the latter still remains.

I checked the source of the file in the System 32 folder "AI_RecycleBin", and it's empty, which is why I'm wondering if this is a false positive.

If it's not, how do I delete the unwanted file?, as it's in an empty folder, thus impossible to remove,

Is W3i.IQ5.fraud dangerous and essential for it to be removed?, and

Which sort of programs install these unwanted programs, so I can avoid them in future?

I have also tried to "Run as Administrator", but for some reason Spybot keeps telling me that I need to be administrator, even though I've already clicked on the "Run as Administrator" option, which should have but hasn't enabled me to delete the unwanted file.

NCISfan
2012-02-13, 14:07
Following on from before, could the File Type Assistant from Trusted Software be the cause of this? or is it a false positive?

I'm trying to narrow down possibilities of the source and solution to the problem, just in case the file is an infection and needs to be removed.

NCISfan
2012-02-13, 15:32
It looks like my situation is rare, as I've since found other files on this issue, but in my case, the "Run as Administrator" option, which I have enabled, is not allowing me to delete the unwanted file.

Surely, whether the file is a false positive or not, as I'm in Administrator mode, it should automatically remove the file.

I also used Malwarebytes software, which didn't detect the file.

I have since removed File Type Assistant, but all to no avail, as the W3i.IQ5.fraud file is still there.

I've since installed Javacool's Spyware Blaster, which is an ideal addition to Spybot, but still no luck in removing the above file.

I had also considered introducing Lavasoft's AdAware as an additional option to Spybot, but Google Chrome is packaged in the installation, which is said to be spyware.

I hope someone can assist me in finding out why the file won't delete and how I delete it.

It's strange how the W3I and Freeze.com junk got removed, but not the remaining file, which is in a folder that's empty.

NCISfan
2012-02-13, 16:43
Please excuse the multiple messages, but I can't find the Edit function, even though it says I may edit threads.

By pure luck, I have found the answer in one of the other Spybot forum threads.

For some reason, I couldn't delete the remaining unwanted program in Normal mode. The moment I switched to Safe Mode, Spybot had no hesitation in deleting it.

Was it dangerous?, and how did I get it on my computer?

Yodama
2012-02-14, 07:52
W3i.IQ5.fraud is adware, that means it is less dangerous than a Trojan horse or other malware.

W3i.IQ5.fraud misuses prominent freeware to promote itself and get installed along using a fraudulent installer which is likely to fool the user since it does not go along common install dialog practices.

When using freeware it is better to download it from the original site.

NCISfan
2012-02-16, 20:44
Thanks for your advice & information, which are very useful. :)

In this case, the adware must have been installed as a package from another program without my knowledge, as I'd never heard of Freeze.com or W3i before this week. This is the problem with some installations, they sneak in other programs without the users' prior knowledge.

Although I managed to manually remove the above adware, for some reason, I couldn't remove the persistent adware, having to resort to going into Safe Mode, which is the only way I can run programs as an administrator, which eventually deleted the remaining piece of adware.

When I saw the word "fraud" as part of the adware, I was naturally alarmed, but relieved to read it's less dangerous than Trojan horses and other malware.


W3i.IQ5.fraud is adware, that means it is less dangerous than a Trojan horse or other malware.

W3i.IQ5.fraud misuses prominent freeware to promote itself and get installed along using a fraudulent installer which is likely to fool the user since it does not go along common install dialog practices.

When using freeware it is better to download it from the original site.