Close Topic Options

Phantom Adware?

Anyone ever heard of this problem? I'll explain starting with some basics info. First, whatever it is, it isn't detected by Norton Antivirus or Spybot Search & Destroy (adware removing program).

Now, what's interesting is what I've had on my computer, twice, acts as both adware and virus (but mostly adware), and yet only windows task manager and msconfig know of it's existance. There are two instances of the programs running at any one time. The first time this caught my eye is when two of the same program were running (they're listed in the processes list). Funny thing is there's several programs linked to this, all with weird screwed up names (the only one with a coherant spelling is "5dos.exe" which has nothing whatsoever to do with Dos). What creeps me out is if you close one of these down, another one appears in it's place, whether of the same name or a different name. Worse still, it even does that in the registry (or certain parts of the registry). It took me forever to remove it the first time, and I thought that was the registry. This time, I don't know what I did. Whatever it was, it no longer comes up when the computer is restarted, which is a good thing. One more thing of note. It still does all that even when I'm offline, though it's obvious it snuck onto my computer, through different firewalls both times.

So, has anyone heard of this? Anyone know how to prevent it? Whatever it is, it tries its best not to be removed, and is also a MAJOR resource hog (can cut your computer speed by more than 55%!). But at least I beat it back again.

Edit: Almost forgot. There are about 7 or 8 names it runs under (like I said earlier, seemingly random mixtures of letters), and the only way to keep them from coming back again and again is to click one and click "End Process Tree." Also, doing a file search on these names doesn't bring up anything except a file in the "Prefetch" folder, which is odd because msconfig says it's in "System32" but nothing is found there. I don't know how I kept it from coming up again upon restarting. A weird profusely annoying problem.

BTW, I know it's adware because windows pop up when those processes are running. Sometimes even offline, if I remember correctly. Very strange, annoying, and creepy.

Edited: Talduras on 23rd Sep, 2004 - 6:43am

Adware Phantom

Very strange Talduras! Are you running any anti-adware of spyware software on your computer, because I know most of them will detect and attempt to eliminate such programs for you. I do know that adware and spyware have become very intricate to the point where manual removal of them can become a task as you mentioned. If you recall the individual steps you took to remove the adware on your pc you may want to post it here for us techies who are interested in it.

Phantom Adware? Gaming Video & Issues Computer

First, yes I did have an adware removing program. Spybot Search & Destroy. It's not real-time (as in running in the background, like most antivirus software), but I've never heard of an anti-adware program that is.

Second, I can't quite remember the steps I took to removing it. Here's my best guess, though. First, I think you have to remove the process by doing ctrl+alt+del, clicking the processes tab, right clicking the program (it could be under any number of names, like I mentioned before), and clicking "end process tree." I think I did this the first time as well. I'm not certain if this ends the threat, but if it doesn't you can do a search for instances of the program using Registry Editor (or regedit, the name you type in the Run box ) and remove any instances of the name of the programs from the registry. Although, I think the only thing you may need to do is remove it from the start up part of the registry, and the path to that is shown in msconfig under the start up tab. If the programs were running, the line in the registry you'd try to remove would come back everytime you try to delete it (after you refresh the page five seconds later). Without the programs running, you can remove the line easily, and I think that ends the threat as far as I know.

A complex problem, to say the least, and it's puzzling that two programs didn't detect it. I'll have to do a search for some of the names of those programs on Google to see if I find anyone else that's run into these.

Edit: No results on Google. Either I'm the only one that's been hit by this, or others that have weren't tech savy enough to know what was going on with their computer, as the only obvious sign is popups. Here's a few of the names the program string runs as. 5dos.exe. fkhaysg.exe. mxq1uubm.exe. pxt1c4.exe. rqz9.exe. There are a few others, but these are the remainents of them that are in the prefetch folder. They're not doing anything now (they're not in exe format, like most prefetch files), so that means there's a trigger somewhere that makes you download these and automatically runs them, without leaving much trace.

BTW, I almost forgot. I have Windows XP. Also, this issue happened once with SP1 and recently with SP2, so whatever it is can still slip through SP2's "added security." Then again, it slipped through Norton, Zone Alarm (think I may have accidentally given it permission the first time, when it was running under the name 5dos.exe), and an adware remover. Mean little thing this adware is.

Edited: Talduras on 23rd Sep, 2004 - 4:14pm

Adware Phantom

I agree that Ad/Spyware is becoming a big problem.

I also use Spybot search & Destroy and found it effective. But there is now a program out called Ad-Aware that picks up heaps of stuff that spybot misses.

It's a free program and you can download a copy from one of the many links on this page

Adware Phantom

I have used Ad-aware for months. The most important thing to remember is you must always tell it to check for new updates or you will miss the latest infections when you scan your PC. Just like with virus software, the program is only as good as it's last update.

Also, I have run into situations where the PC is so messed up that it must be rebuilt. The spyware software just can't reverse the damage...this is also true of virus infected PCs at times.

Phantom Adware?

U.S. FILES FIRST SUIT AGAINST INTERNET 'SPY WARE'

The U.S. government has sued a New Hampshire man in its first attempt to crack
down on Internet "spy ware" that seizes control of a user's computer without
permission.
https://www.cnn.com/2004/LAW/10/08/tech.spy...reut/index.html

Phantom Adware

In my case I had checked for updates before the scans. The issue may be that no spy-ware removing programs know about this one yet (or at least this one didn't).

Anyone who is or isn't familiar with adware should check out the news article posted by... News...? Some of the last few paragraphs have information on spy-ware that I didn't know of before. Some programs can actually steal passwords that you type in! Edited: Talduras on 11th Oct, 2004 - 9:31pm

Phantom Adware Computer Issues & Video Gaming

Well it's a sad state of affairs that there are currently no laws in place regarding spy/adware. I really can't see much difference between these programs and viruses.

If governments were serious about this type of thing they would impose hefty jail sentences for the shady operators utilising this kind of scum-ware. Faced with say a 25 year jail term, I'm sure a lot of these morally bankrupt webmasters would not be so keen to be involved with this kind of thing.

As it is at the moment, there isn't much incentive for them to quit.