Results 1 to 6 of 6

Thread: ThunderAdvise.dll

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default ThunderAdvise.dll

    A new breed of Malware has infested my PC and I see it being discussed on various security forums too.

    Called ThunderAdvise.dll in C:/Windows/Downloaded Program files and it brings along with it some 20-25 BHOs with random dll names kept in system32 directory with each being loaded into Explorer. Sometimes it even deletes the existing genuine BHOs.

    Kaspersky also detected some connection being made to http://root [dot] 51113 [dot] com/root.gif being downloaded and that maybe the cause of this new Malware which was not even detected by Spybot.

    Unfortunately I don't have the file with me on my PC as I have managed to remove the malware now but I would love you to provide a solution for this malware in your wonderful spybot software so that it also able to fight it.
    Last edited by navjotjsingh; 2008-06-22 at 12:13.

  2. #2
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    Are you still experiencing any Malware problems such as pop-ups, redirection, changed homepage, etc.? What caught my attention was the addition of 25 "BHOs".

    Have you run a full scan with Kaspersky? If so did it find anything?

    As another measure, download Spybot-Search&Destroy to see if there are anything still lurking on your PC:
    --
    Spybot
    --

    Tell me how it goes.

    Edit: Yep, ThunderAdvise.dll confirmed.
    --
    http://www.castlecops.com/tk50857-Th...Obj_Class.html

  3. #3
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default

    Please check my post that Spybot didn't detect this malware at all even after full scan. And removing BHOs by Spybot won't help since they will be automatically added after few seconds.

    Yet to do complete scan with kaspersky.

  4. #4
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    As you said, this might be undetected. Is the infected file still in Kaspersky's quarantine? You can send it to Spybot's team if you still have it.

    Is Kaspersky a IS suite? You said it detected a connection made the root site. I'm assuming you have some kind of firewall?

  5. #5
    Junior Member
    Join Date
    Jun 2008
    Posts
    3

    Default

    No...Kaspersky is not successful in removing the malware...I removed it using some other tools.

    I am using Kaspersky AV 2009 and it can detect connections like this too. I am only using Windows Firewall as of now and it didn't detect anything either.

  6. #6
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    Windows firewall is not good, because it does not offer outbound protection. That means the if you have malware on your computer, it can "call home".

    Kaspersky AV would be not enough as it does not cover the firewall features.

    Well reputable firewalls would be ZoneAlarm, Comodo Pro (which I suggest), or Kerio Personal Firewall (by Sunbelt).

    Upgrading to them would be your choice. If you are still having a Malware problem visit the Malware Forums. It's better to be safe than sorry.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •