Notes for Ad-Aware

Location: http://www.mvps.org/dmcritchie/excel/oe6_adaware.htm Home page: http://www.mvps.org/dmcritchie/excel/excel.htm [View without Frames]

Notes for Ad-Aware

Combating Spyware, Snoopware, brower hijackings along with an anti-virus program you should be checking your system for Spyware. If you think your Outlook Express or your browser suddenly slowed down or that you have the slowest 600 MHZ computer around you probably have picked up some spyware that is spying on your system and reporting back somewhere.

Ad-aware 5.7 « scans your memory, registry and hard drives for known adware components and lets you remove them safely.
Ad-Aware 5.7 found 28 components that were reported as SpyWare, I had Ad-Aware remove them after the detection phase. Before running I had been considering moving my INBOX entries in Outlook Express that were older than two weeks into an archive INBOX. But after running Ad-Aware I found that the speed of accessing the INBOX with 1442 emails was instant. [Notes -- see below]

The above information was repeated from Outlook Express oe6.htm

What is Spyware that Ad-Aware goes after

Spyware are programs (trojans) that you unknowingly install when you install other programs. Spyware looks at what you are doing including keystrokes and sites you visit, and reports back via email or a connection that you will not be aware of either way. It may report the passwords you used, it may report what sites you visit for marketing purposes and sell that information.

All of this besides invading your privacy chews up machine cycles. Here is information from the HELP file of Ad-Aware. Ad-Aware is free, there is also a pay for version. As I previously mentioned Outlook Express now runs fast so something was obviously scanning my email.

Adware vs. Spyware from the Ad-Aware HELP file

While advertising\sponsoring is a common way to publish and promote a product for free, some software advertising systems do more then just showing static banners, they make use of your internet connection to retrieve new banner ads from a third parties server and send various information about you.This information is collected and sold to third parties. (In short words:The more they know about you, the higher is your value for them.)

Because of the unobviously, secretly behaviour of these systems, they are also called advertising trojans.

Most of these systems are installed with a (often popular) host application, which may or may not work without the snoopware components installed. Some attach themself to your browser, some are completely invisible.Popular applications including parasites are, for example Go!Zilla, AudioGalaxy or BearShare.

Am I already "infected" ? Is your browsing speed slower then ever since you installed this free "ultimate connection optimizer" ? Some strange file always wants to connect to a remote server, but your virusscanner tells you it is no trojan? Is your mailbox fed up with tons of targeted spam, and do some of these friendly advertisers even call you by name? Then there is a good chance that you catched some advertising parasites lately..

Ad-aware scans your system for known spyware components and lets you safely remove them. It uses a referencefile which is regulary updated, to always detect the latest spyware parasites. This file can be downloaded from www.lavasoftUSA.com,

My installation notes for Ad-Aware

When you install Ad-Aware you have to tell it what you want it to scan; otherwise, it won't do anything. I have it set to scan everything: My computer, memory, registry, and drives (C:). Additional options:

safe mode
autosave logfile
include additional process information

Do not choose the automatic removal option.

I looked at the logfiles, first time it found a lot of things, haven't installed anything since and nothing more has been found.

Logfile results from first time run, slightly modified

An optional text logfile is created each time Ad-Aware is run and the file can be found with a filename something like:
C:\Program Files\Lavasoft Ad-aware\ad-aware log02-04-02-083543.txt

Scan initialized on 04/02/2002 8:28:29 AM.
(AAW release 5.7, referencefile 089.25.03.2002)
================================================


Started registry scan
======================
OnFlow key:HKEY_LOCAL_MACHINE\software\classes\clsid\{xxxx00x0-x000-00x0-x0x0-00011111xx22}\
OnFlow key:HKEY_LOCAL_MACHINE\software\classes\ieonflow.ieonflow1\
OnFlow key:HKEY_LOCAL_MACHINE\software\classes\ieonflow.ieonflow1.7\
OnFlow key:HKEY_LOCAL_MACHINE\software\classes\typelib\{xxxx00x0-x000-00x0-x0x0-00011111xx33}\
Alexa key:HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{xxxx00x0-x000-00x0-x0x0-0011111xx33a}\
OnFlow key:HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\onflow\
OnFlow key:HKEY_LOCAL_MACHINE\software\onflow\


Started extended registry scan
===============================
OnFlow key:CLSID\{xxxx00x0-x000-00x0-x0x0-00011111xx22}


Registry scan result:
Suspicious keys found :8


Started folder scan
====================
Now processing drive (C), 0 remaining.
OnFlow folder:C:\Program Files\Internet Explorer\PLUGINS\Onflow
OnFlow folder:C:\Program Files\onflow
Finished processing Drive(C), 2175 folders total.

Folder scan result:
Folders processed:2175
Suspicious folders found:2


Started file scan
==================
OnFlow file:C:\WINDOWS\SYSTEM\of_stub_ins_w_1300.exe
Other file:C:\WINDOWS\Cookies\u@admonitor[1].txt
Flyswat file:C:\WINDOWS\Cookies\u@flycast[2].txt
Other file:C:\WINDOWS\Cookies\u@counter13.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter14.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter6.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter10.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter8.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter9.sextracker[1].txt
Other file:C:\WINDOWS\Cookies\u@counter1.sextracker[2].txt
Other file:C:\WINDOWS\Cookies\u@valueclick[2].txt
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\ieonflow.dll
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\NPONFLOW.DLL
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\onflowplayer0.dll
OnFlow file:C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe
OnFlow file:C:\Program Files\onflow\uninstall onflow.exe

Remark: Doubleclick-optout cookie found and ignored.


File scan result:
Suspicious files found:18



Scanning finished
==================
Suspicious modules found:0
Suspicious keys found :8
Suspicious folders found:2
Suspicious files found:18
==========================
Spyware components ignored:0
Total spyware components found:28


Removing selected components:
==============================
Deleting:OnFlow,4,folder,2,C:\Program Files\Internet Explorer\PLUGINS\Onflow,,
Deleting:OnFlow,4,folder,2,C:\Program Files\onflow,,
Deleting:OnFlow,3,file,2,,C:\WINDOWS\SYSTEM\of_stub_ins_w_1300.exe,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@admonitor[1].txt,
Deleting:Flyswat,3,file,2,,C:\WINDOWS\Cookies\u@flycast[2].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter13.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter14.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter6.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter10.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter8.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter9.sextracker[1].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@counter1.sextracker[2].txt,
Deleting:Other,3,file,2,,C:\WINDOWS\Cookies\u@valueclick[2].txt,
Deleting:OnFlow,3,file,2,,C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe,
Deleting:OnFlow,3,file,2,,C:\Program Files\Internet Explorer\PLUGINS\ieonflow.dll,
Deleting:OnFlow,3,file,2,,C:\Program Files\Internet Explorer\PLUGINS\NPONFLOW.DLL,
Deleting:OnFlow,3,file,2,,C:\Program Files\Internet Explorer\PLUGINS\onflowplayer0.dll,
Deleting:OnFlow,3,file,2,,C:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe,
Deleting:OnFlow,3,file,2,,C:\Program Files\onflow\uninstall onflow.exe,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\classes\clsid\{xxxx00x0-x000-00x0-x0x0-00011111xx22},,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\classes\ieonflow.ieonflow1,,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\classes\ieonflow.ieonflow1.7,,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\classes\typelib\{xxxx00x0-x000-00x0-x0x0-00011111xx33},,
Deleting:Alexa,1,HKEY_LOCAL_MACHINE,2,software\microsoft\internet explorer\extensions\{xxxx00x0-x000-00x0-x0x0-0011111xx33a},,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\microsoft\windows\currentversion\uninstall\onflow,,
Deleting:OnFlow,1,HKEY_LOCAL_MACHINE,2,software\onflow,,
Deleting:OnFlow,1,HKEY_CLASSES_ROOT,2,CLSID\{xxxx00x0-x000-00x0-x0x0-00011111xx22},,

Task completed on8:35:43 AM
Done.

Outlook Express where I have included some information on Virus Scanning software in the related area.
MajorGeeks.com write-up on Ad-Aware http://www.majorgeeks.com/article.php?sid=506
LavaSoft servers http://www.lsfileserv.com/
Ad-Aware as reported in LockerGnome -- GnomeASSISTANT: http://www.lockergnome.com/issues/techspecialist/20020328.html

You are one of many distinguished visitors who have visited my site here or in a previous location since this page was created on April 3, 2002.

Visit [my Excel home page] [Index page] [Excel Onsite Search] [top of this page]

Please send your comments concerning this web page to: David McRitchie send email comments

Notes for Ad-Aware